Uninstall Avast, safe mode inaccessible

3omda_75 Messages postés 28 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjourà toute l'équipe et joyeuse année 2010,
Je viens d'essayer l'installation de kaspersky mais il me demande de désinstaller Avast que je ne le trouve nulle part, alors j'ai téléchargé aswclear (procédure que j'ai trouvé dans un autre sujet dans ce forum) et j'ai essayer de redémarrer en safe mode mais un écran bleu apparit et disparait en clin d'oeil sans pouvoir exécuter le safe mode, alors j'ai télécharger hijackthis et jv16powertool mais je n'en sait comment les utiliser.
Voila le rapport de hijackthis!! est ce que mon PC est infecté??

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:39, on 05/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\AccelerometerSt.Exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\wincywvp.exe
C:\WINDOWS\TEMP\windpyx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Dos Optimizer.pif = ?
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 5568 bytes
Configuration: Windows XP
Firefox 3.0.4

21 réponses

  • 1
  • 2
Résumé de la discussion

Problème d'installation de Kaspersky sur Windows XP: le programme demande la désinstallation d'Avast qui n'est pas détecté, et le démarrage en mode sans échec échoue à cause d'un écran bleu. Des outils comme HijackThis révèlent des éléments associés à Yahoo Toolbar, Bluetooth et d'autres processus Windows, ce qui suggère des nuisances et la nécessité d'une vérification antivirus. La meilleure réponse signale un rapport ComboFix et précise d'utiliser ComboFix 10-01-04.01 pour identifier d'éventuelles infections et guider la remédiation sans conclure, notamment en étudiant les journaux générés.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt
    analyse ceci sur virus total et colle les rapports https://www.virustotal.com/gui/

    C:\WINDOWS\TEMP\wincywvp.exe
    C:\WINDOWS\TEMP\windpyx.exe
    0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    puis

    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Clique Continue à l'écran Disclaimer.

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
    1. 3omda_75 Messages postés 28 Statut Membre
       
      Salut jlpjlp, et merci pour votre intervention;
      en premier lieu j'ai pas pu établir une connexion sur le site virustotal et ce problème de connexion n'est pas nouveau puisque plusieurs sites sont inaccessible apartir de ce poste par contre accessible depuis un autre PC. pour la deuxième étape voila le contenu de:
      log.txt

      Logfile of random's system information tool 1.06 (written by random/random)
      Run by Administrateur at 2010-01-05 13:55:48
      Microsoft Windows XP Professionnel Service Pack 2
      System drive C: has 59 GB (78%) free of 75 GB
      Total RAM: 2043 MB (69% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 13:55:55, on 05/01/2010
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Google\Update\GoogleUpdate.exe
      C:\WINDOWS\System32\SCardSvr.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\AccelerometerSt.Exe
      C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
      C:\Program Files\SuperCopier2\SuperCopier2.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
      C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\agrsmsvc.exe
      C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\TEMP\wincywvp.exe
      C:\WINDOWS\TEMP\windpyx.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe
      O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
      O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
      O4 - Startup: Dos Optimizer.pif = ?
      O4 - Global Startup: BTTray.lnk = ?
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
      O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
      O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
      0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok il y a du boulot!

    Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

    ______________________

    mettre a jour internet explorer
    pour XP
    https://www.microsoft.com/en-us/download

    pour VISTA:
    https://www.microsoft.com/en-us/download

    _____________

    mettre à jour adobe reader puis supprimer les anciennes version via le panneau de configuration
    https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html

    ou passer a un lecteur alternatif ce qui évitera les virus circulant via les PDF comme foxit reader (ne pas mettre les barres foxit, ask, ebay..)

    https://www.commentcamarche.net/telecharger/ 205 foxit reader

    _____________

    ensuite

    remets un rapport RSIT
    0
    1. 3omda_75 Messages postés 28 Statut Membre
       
      Re;
      que dois je faire maintenant??
      0
    2. 3omda_75
       
      Et voila

      en premier lieu le rapport de combofix

      ComboFix 10-01-04.01 - Administrateur 05/01/2010 14:28:01.2.2 - x86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2043.1532 [GMT 1:00]
      Lancé depuis: c:\documents and settings\Administrateur\Bureau\KillBagle.exe
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\documents and settings\Administrateur\Application Data\lsass.exe
      .
      ---- Exécution préalable -------
      .
      c:\documents and settings\Administrateur\h7z9c39i7.exe
      c:\sin\S-2-3-12-ABCDEF7890-01234567890-1688963592-500\Deskto­p.ini
      c:\windows\system32\drivers\sqeffxh.sys
      c:\windows\system32\XP-2F95D5BE.EXE

      .
      ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Service_aqjgat


      ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-05 au 2010-01-05 ))))))))))))))))))))))))))))))))))))
      .

      2010-01-05 13:19 . 2010-01-05 13:19 -------- d-----w- c:\windows\system32\wbem\snmp
      2010-01-05 13:19 . 2010-01-05 13:19 -------- d-----w- c:\windows\system32\xircom
      2010-01-05 12:55 . 2010-01-05 12:55 -------- d-----w- C:\rsit
      2010-01-05 12:36 . 2010-01-05 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
      2010-01-05 08:59 . 2010-01-05 08:59 -------- d-----w- c:\program files\jv16 PowerTools
      2010-01-05 08:50 . 2010-01-05 08:50 -------- d-----w- c:\program files\Trend Micro
      2010-01-05 08:27 . 2010-01-05 08:28 -------- d--h--w- c:\windows\system32\GroupPolicy
      2010-01-05 08:04 . 2010-01-05 08:04 5061520 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
      2010-01-05 08:02 . 2010-01-05 08:02 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
      2010-01-05 08:02 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissar­my.sys
      2010-01-05 08:02 . 2010-01-05 08:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2010-01-05 08:02 . 2010-01-05 08:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
      2010-01-05 08:02 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
      2010-01-05 07:44 . 2010-01-05 08:12 180224 ----a-w- c:\documents and settings\Administrateur\ddaqaea4.exe
      2010-01-05 07:41 . 2010-01-05 07:41 -------- d-----r- C:\JAN
      2010-01-05 07:41 . 2010-01-05 08:11 172032 ----a-w- c:\documents and settings\Administrateur\easddaeu8.exe
      2010-01-05 07:34 . 2010-01-05 07:34 -------- d-----w- c:\program files\Yahoo!
      2010-01-05 07:34 . 2010-01-05 07:35 -------- d-----w- c:\program files\CCleaner
      2010-01-05 07:29 . 2010-01-05 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
      2010-01-01 19:39 . 2010-01-01 20:29 33792 ----a-w- c:\documents and settings\Administrateur\easddaeb8.exe
      2010-01-01 01:00 . 2010-01-01 01:00 -------- d-----w- c:\windows\system32\XPSViewer
      2010-01-01 01:00 . 2010-01-01 01:00 -------- d-----w- c:\program files\Reference Assemblies
      2010-01-01 01:00 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x­86\filterpipelineprintproc.dll
      2010-01-01 00:59 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipe­lineprintproc.dll
      2010-01-01 00:59 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
      2010-01-01 00:59 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
      2010-01-01 00:59 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.­dll
      2010-01-01 00:59 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
      2010-01-01 00:59 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.­dll
      2010-01-01 00:59 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32­x86\printfilterpipelinesvc.exe
      2010-01-01 00:59 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilt­erpipelinesvc.exe
      2010-01-01 00:56 . 2010-01-01 00:56 -------- d-----w- c:\program files\MSXML 6.0
      2009-12-31 16:37 . 2009-12-31 16:40 33792 ----a-w- c:\documents and settings\Administrateur\easddaeg8.exe
      2009-12-31 13:27 . 2009-12-31 13:32 -------- d-----w- c:\documents and settings\Administrateur\Application Data\GlarySoft
      2009-12-31 13:14 . 2009-12-31 13:14 -------- d-----w- c:\program files\Glary Utilities
      2009-12-31 13:14 . 2007-01-04 11:02 663552 ----a-w- c:\windows\system32\mgxoschk.dll
      2009-12-31 12:04 . 2009-12-31 16:19 33792 ----a-w- c:\documents and settings\Administrateur\easddaek9.exe
      2009-12-31 01:26 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sy­s
      2009-12-31 01:26 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
      2009-12-31 01:26 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
      2009-12-31 01:26 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys­
      2009-12-31 01:26 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
      2009-12-31 01:26 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sy­s
      2009-12-31 01:25 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
      2009-12-31 01:25 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
      2009-12-31 01:25 . 2009-12-31 01:25 -------- d-----w- c:\program files\Alwil Software
      2009-12-31 00:49 . 2009-12-31 00:58 151552 ----a-w- c:\documents and settings\Administrateur\easddaeg9.exe
      2009-12-30 21:15 . 2009-12-30 21:17 2034352 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
      2009-12-30 20:45 . 2010-01-05 08:33 -------- d-----r- C:\JAMA
      2009-12-30 20:45 . 2009-12-30 21:35 139264 ----a-w- c:\documents and settings\Administrateur\easddaee1.exe
      2009-12-30 15:58 . 2009-12-30 15:58 -------- d-----w- c:\windows\ServicePackFiles
      2009-12-29 08:56 . 2010-01-05 12:30 -------- d-----w- c:\windows\system32\CatRoot_bak
      2009-12-29 08:51 . 2009-12-29 08:52 184320 ----a-w- c:\documents and settings\Administrateur\easddaet8.exe
      2009-12-29 07:59 . 2010-01-05 07:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
      2009-12-29 07:57 . 2009-03-06 14:46 286208 ------w- c:\windows\system32\dllcache\pdh.dll
      2009-12-29 07:57 . 2009-02-09 10:20 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
      2009-12-29 07:57 . 2009-02-09 10:20 399360 ------w- c:\windows\system32\dllcache\rpcss.dll
      2009-12-29 07:57 . 2009-02-06 16:54 35328 ------w- c:\windows\system32\dllcache\sc.exe
      2009-12-29 07:57 . 2009-02-06 16:39 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
      2009-12-29 07:57 . 2005-07-26 04:39 60416 ------w- c:\windows\system32\dllcache\colbact.dll
      2009-12-29 07:57 . 2009-02-09 10:20 685056 ------w- c:\windows\system32\dllcache\advapi32.dll
      2009-12-29 07:57 . 2009-02-09 10:20 739840 ------w- c:\windows\system32\dllcache\ntdll.dll
      2009-12-29 07:57 . 2009-02-09 10:20 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
      2009-12-29 07:57 . 2009-02-09 10:08 111104 ------w- c:\windows\system32\dllcache\services.exe
      2009-12-29 07:51 . 2008-10-24 11:10 453632 ------w- c:\windows\system32\dllcache\mrxsmb.sys
      2009-12-29 07:51 . 2009-07-10 13:41 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
      2009-12-29 07:49 . 2009-08-04 17:16 2065024 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
      2009-12-29 07:49 . 2009-08-04 17:16 2188032 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
      2009-12-29 07:49 . 2009-08-04 17:16 2144768 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
      2009-12-29 07:49 . 2009-08-04 17:16 2022912 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
      2009-12-29 07:49 . 2009-06-05 07:46 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
      2009-12-29 07:47 . 2008-06-14 17:59 272768 ------w- c:\windows\system32\drivers\bthport.sys
      2009-12-29 07:47 . 2008-06-14 17:59 272768 ------w- c:\windows\system32\dllcache\bthport.sys
      2009-12-29 07:47 . 2009-12-29 08:15 180224 ----a-w- c:\documents and settings\Administrateur\easddaey9.exe
      2009-12-27 22:17 . 2009-12-27 22:17 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\PCHealth
      2009-12-27 12:54 . 2008-05-08 12:28 202752 ------w- c:\windows\system32\dllcache\rmcast.sys
      2009-12-27 12:54 . 2008-12-11 11:57 333184 ------w- c:\windows\system32\dllcache\srv.sys
      2009-12-27 12:32 . 2008-04-11 18:51 683520 ------w- c:\windows\system32\dllcache\inetcomm.dll
      2009-12-27 12:32 . 2008-04-21 21:27 219136 ------w- c:\windows\system32\dllcache\wordpad.exe
      2009-12-27 12:23 . 2009-08-25 09:47 352256 ------w- c:\windows\system32\dllcache\winhttp.dll
      2009-12-27 12:14 . 2009-07-31 04:58 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
      2009-12-27 12:13 . 2009-12-27 12:13 180224 ----a-w- c:\documents and settings\Administrateur\easddaeg4.exe
      2009-12-26 20:06 . 2008-07-07 20:31 253952 ------w- c:\windows\system32\dllcache\es.dll
      2009-12-26 19:43 . 2008-06-12 14:18 956928 ------w- c:\windows\system32\dllcache\msdtctm.dll
      2009-12-26 19:43 . 2008-06-12 14:18 161792 ------w- c:\windows\system32\dllcache\msdtcuiu.dll
      2009-12-26 19:43 . 2008-06-12 14:18 91648 ------w- c:\windows\system32\dllcache\mtxoci.dll
      2009-12-26 19:43 . 2008-06-12 14:18 66560 ------w- c:\windows\system32\dllcache\mtxclu.dll
      2009-12-26 19:43 . 2008-06-12 14:18 58880 ------w- c:\windows\system32\dllcache\msdtclog.dll
      2009-12-26 19:43 . 2008-06-12 14:18 428032 ------w- c:\windows\system32\dllcache\msdtcprx.dll
      2009-12-26 19:42 . 2009-04-15 15:17 584192 ------w- c:\windows\system32\dllcache\rpcrt4.dll
      2009-12-26 19:42 . 2008-10-15 16:59 332800 ------w- c:\windows\system32\dllcache\netapi32.dll
      2009-12-26 19:41 . 2009-06-21 22:06 153088 ------w- c:\windows\system32\dllcache\triedit.dll
      2009-12-26 19:41 . 2008-05-01 14:31 331776 ------w- c:\windows\system32\dllcache\msadce.dll
      2009-12-26 19:04 . 2009-12-31 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
      2009-12-26 18:25 . 2009-12-26 18:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
      2009-12-26 18:20 . 2009-12-26 18:27 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Temp
      2009-12-26 18:20 . 2009-12-26 18:20 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
      2009-12-26 18:19 . 2009-12-31 13:06 -------- d-----w- c:\program files\Google
      2009-12-26 18:19 . 2009-12-31 13:06 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Google
      2009-12-26 17:40 . 2009-12-26 23:08 180224 ----a-w- c:\documents and settings\Administrateur\easddaea8.exe
      2009-12-24 21:35 . 2009-12-24 21:35 -------- d-s---w- c:\documents and settings\Administrateur\UserData
      2009-12-24 20:09 . 2009-12-24 20:09 -------- d-----r- C:\RESTORIC
      2009-12-24 20:09 . 2009-12-24 21:36 139264 ----a-w- c:\documents and settings\Administrateur\easddaeb1.exe

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2010-01-05 13:23 . 2001-09-28 13:00 80946 ----a-w- c:\windows\system32\perfc00C.dat
      2010-01-05 13:23 . 2001-09-28 13:00 501138 ----a-w- c:\windows\system32\perfh00C.dat
      2010-01-05 13:19 . 2010-01-05 13:19 -------- d-----w- c:\program files\microsoft frontpage
      2010-01-05 13:19 . 2009-12-05 14:14 -------- d-----w- c:\program files\SuperCopier2
      2010-01-04 10:11 . 2009-12-05 14:15 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Winamp
      2009-12-05 17:03 . 2009-12-05 17:03 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Media Player Classic
      2009-12-05 14:15 . 2009-12-05 13:55 -------- d-----w- c:\program files\Winamp
      2009-12-05 14:00 . 2009-12-05 14:00 -------- d-----w- c:\program files\Real Alternative
      2009-12-05 13:59 . 2009-11-11 08:33 -------- d-----w- c:\program files\Fichiers communs\Real
      2009-12-05 13:58 . 2009-12-05 13:57 -------- d-----w- c:\program files\K-Lite Codec Pack
      2009-12-05 13:58 . 2009-12-05 13:58 0 ----a-w- c:\windows\nsreg.dat
      2009-12-05 13:54 . 2009-12-05 13:54 -------- d-----w- c:\documents and settings\Administrateur\Application Data\vlc
      2009-12-05 13:54 . 2009-12-05 13:54 -------- d-----w- c:\program files\VideoLAN
      2009-11-19 17:38 . 2009-11-19 17:38 65760 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2009-11-14 21:10 . 2009-11-11 07:11 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
      2009-11-11 08:36 . 2009-11-11 08:35 -------- d-----w- c:\program files\PDFCreator
      2009-11-11 08:28 . 2009-11-11 08:28 -------- d-----w- c:\program files\Fichiers communs\Adobe
      2009-11-11 08:26 . 2009-11-11 08:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
      2009-11-11 08:25 . 2009-11-11 08:25 -------- d-----w- c:\program files\Microsoft Works
      2009-11-11 08:25 . 2009-11-11 08:25 -------- d-----w- c:\program files\MSBuild
      2009-11-11 08:24 . 2009-11-11 08:24 -------- d-----w- c:\program files\Microsoft.NET
      2009-11-11 08:23 . 2009-11-11 08:23 -------- d-----w- c:\program files\Microsoft Visual Studio 8
      2009-11-11 08:20 . 2009-11-11 08:20 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
      2009-11-11 08:20 . 2009-11-11 08:20 -------- d-----w- c:\documents and settings\Administrateur\Application Data\ATI
      2009-11-11 08:19 . 2009-11-11 08:19 0 -c--a-w- c:\windows\ativpsrm.bin
      2009-11-11 08:12 . 2009-11-11 08:12 -------- d-----w- c:\program files\Analog Devices
      2009-11-11 08:08 . 2009-11-11 08:08 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
      2009-11-11 08:07 . 2009-11-11 08:07 0 -c-ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
      2009-11-11 07:40 . 2009-11-11 07:18 -------- d-----w- c:\program files\Hewlett-Packard
      2009-11-11 07:40 . 2009-11-11 07:18 -------- d--h--w- c:\program files\InstallShield Installation Information
      2009-11-11 07:38 . 2009-11-11 07:38 -------- d-----w- c:\program files\Synaptics
      2009-11-11 07:36 . 2009-11-11 07:36 -------- d-----w- c:\program files\Fichiers communs\SNP2UVC
      2009-11-11 07:36 . 2009-11-11 07:36 -------- d-----w- c:\documents and settings\Administrateur\Application Data\InstallShield
      2009-11-11 07:35 . 2009-11-11 07:35 -------- d-----w- c:\program files\SCM Microsystems
      2009-11-11 07:32 . 2009-11-11 07:32 -------- d-----w- c:\program files\Intel
      2009-11-11 07:30 . 2009-11-11 07:28 -------- d-----w- c:\program files\ATI Technologies
      2009-11-11 07:24 . 2009-11-11 07:18 -------- d-----w- c:\program files\Fichiers communs\InstallShield
      2009-11-11 07:23 . 2009-11-11 07:23 -------- d-----w- c:\program files\WIDCOMM
      2009-11-11 07:22 . 2009-11-11 07:22 1614 -csha-r- c:\windows\system32\drivers\103C_HP_NTBK_HP Compaq 6830s_YN_0U_QCNU9020RNG_EU_46_I30E9_SHP_VKBC Version 95.1A_B68PZD Ver. F.07_T080918_WXP2_L40C_M2044_J250_7Intel_8Core2 Duo T5870_92_#091111_N_()_XMOBILE_CN10_Z_2F.07_G.MRK
      2009-11-11 07:20 . 2009-11-11 07:20 -------- d-----w- c:\program files\HPQ
      2009-11-11 07:11 . 2009-11-11 07:11 -------- d-----w- c:\program files\Services en ligne
      2009-11-11 07:09 . 2009-11-11 07:09 21892 -c--a-w- c:\windows\system32\emptyregdb.dat
      2009-10-29 05:46 . 2004-08-03 23:54 666112 ----a-w- c:\windows\system32\wininet.dll
      2009-10-21 06:03 . 2004-08-03 23:54 75776 ----a-w- c:\windows\system32\strmfilt.dll
      2009-10-21 06:03 . 2004-08-03 23:54 25088 ----a-w- c:\windows\system32\httpapi.dll
      2009-10-20 16:54 . 2009-10-20 16:54 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
      2009-10-20 14:58 . 2004-08-03 22:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
      2009-10-13 10:52 . 2004-08-03 23:54 267776 ----a-w- c:\windows\system32\oakley.dll
      2009-10-12 13:52 . 2004-08-03 23:54 69632 ----a-w- c:\windows\system32\raschap.dll
      2009-10-12 13:52 . 2004-08-03 23:54 113152 ----a-w- c:\windows\system32\rastls.dll
      .

      ------- Sigcheck -------

      [-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ctfmon.exe
      [-] 2004-08-03 . 9A8FFEC027A54A8CE63DB61DB617BA61 . 93184 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
      .
      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-06-09 82224]
      "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 251184]
      "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1114112]
      "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-30 511312]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 93184]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

      c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
      DosÿOptimizer.pif [2007-4-8 377344]

      c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-3-31 576104]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableLUA"= 0 (0x0)

      [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Dos Optimizer.pif]
      path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
      backup=c:\windows\pss\Dos Optimizer.pifStartup

      [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^¡¡¡¡¡¡.lnk]
      path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\¡¡¡¡¡¡.lnk
      backup=c:\windows\pss\¡¡¡¡¡¡.lnkStartup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
      backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
      2008-05-14 10:26 251184 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
      2008-04-04 15:09 1114112 ----a-r- c:\program files\Analog Devices\Core\smax4pnp.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
      2008-01-21 11:17 143360 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
      2008-03-27 18:28 1216512 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
      2009-07-01 16:37 111616 ----a-w- c:\program files\Winamp\winampa.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "gupdate"=2 (0x2)
      "Com4QLBEx"=3 (0x3)

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001
      "FirewallOverride"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
      "AntiVirusOverride"=dword:00000001
      "AntiVirusDisableNotify"=dword:00000001
      "FirewallDisableNotify"=dword:00000001
      "FirewallOverride"=dword:00000001
      "UpdatesDisableNotify"=dword:00000001
      "UacDisableNotify"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
      "c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"=
      "c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
      "c:\\PROGRA~1\\WIDCOMM\\BLUETO~1\\BTSTAC~1.EXE"=
      "c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"=
      "c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe"=
      "c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
      "c:\\WINDOWS\\system32\\SNDVOL32.EXE"=
      "c:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"=
      "c:\\WINDOWS\\system32\\AccelerometerSt.Exe"=
      "c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe"=
      "c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\ccc.exe"=
      "c:\\Program Files\\Winamp\\winampa.exe"=
      "c:\\Documents and Settings\\Administrateur\\Bureau\\Best of Najib\\Best of Najib.exe"=
      "c:\\Program Files\\SuperCopier2\\SuperCopier2.exe"=
      "c:\\Documents and Settings\\Administrateur\\Bureau\\Bonus\\Bonus.exe"=
      "c:\\Documents and Settings\\Administrateur\\Menu Démarrer\\Programmes\\Démarrage\\Dos Optimizer.pif"=
      "c:\\WINDOWS\\system32\\regsvr32.exe"=
      "c:\\Program Files\\Hewlett-Packard\\HP Quick Launch Buttons\\QlbCtrl.exe"=
      "c:\\Documents and Settings\\Administrateur\\easddaea8.exe"=
      "c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
      "c:\\WINDOWS\\system32\\dwwin.exe"=
      "c:\\Program Files\\Windows Media Player\\setup_wm.exe"=
      "c:\\Program Files\\Hewlett-Packard\\HP Quick Launch Buttons\\Com4QLBEx.exe"=
      "c:\\Program Files\\Hewlett-Packard\\Shared\\hpqwmiex.exe"=

      R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [11/11/2009 09:12 24064]
      R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31/12/2009 02:26 114768]
      R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/12/2009 02:26 20560]
      R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [05/01/2010 09:02 235344]
      R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\qmgnjn.sys --> c:\windows\system32\drivers\qmgnjn.sys [?]
      R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [05/01/2010 09:02 19160]
      S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [21/06/2007 04:40 56448]
      S4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [11/11/2009 08:40 275760]
      S4 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/12/2009 19:19 205296]

      --- Autres Services/Pilotes en mémoire ---

      *Deregistered* - mchInjDrv

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67KLN5J0-4OPM-65WE-KKX5-313QWE24444}]
      2009-12-26 12:31 102400 ----a-w- c:\restoric\RECYCLER\X0R.exe
      .
      Contenu du dossier 'Tâches planifiées'

      2010-01-05 c:\windows\Tasks\GlaryInitialize.job
      - c:\program files\Glary Utilities\initialize.exe [2009-12-31 18:27]

      2010-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 18:19]

      2010-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 18:19]
      .
      .
      ------- Examen supplémentaire -------
      .
      uInternet Settings,ProxyOverride = local
      IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
      IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\tw9l25d6.default\
      FF - prefs.js: browser.startup.homepage - www.google.com
      FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
      FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe



      **************************************************************************
      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés:

      **************************************************************************

      [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
      "ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc22.tmp"
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'winlogon.exe'(752)
      c:\windows\system32\Ati2evxx.dll
      .
      Heure de fin: 2010-01-05 14:31:49
      ComboFix-quarantined-files.txt 2010-01-05 13:31

      Avant-CF: 61 423 673 344 octets libres
      Après-CF: 61 363 527 680 octets libres

      - - End Of File - - 08ACF255D9789FCFD623FDA7C48B9D57



      ensuite j'ai mis à jour internet explorer (version 8)
      j'ai désinstallé adobe acrobate reader
      j'ai installé foxit reader
      et enfin le rapport de RSIT

      Logfile of random's system information tool 1.06 (written by random/random)
      Run by Administrateur at 2010-01-05 15:13:40
      Microsoft Windows XP Professionnel Service Pack 2
      System drive C: has 58 GB (77%) free of 75 GB
      Total RAM: 2043 MB (76% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 15:13:48, on 05/01/2010
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\System32\SCardSvr.exe
      C:\Program Files\Google\Update\GoogleUpdate.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\AccelerometerSt.Exe
      C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
      C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
      C:\Program Files\SuperCopier2\SuperCopier2.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
      C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\agrsmsvc.exe
      C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\TEMP\wintqyjgx.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe
      O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
      O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
      O4 - Startup: Dos Optimizer.pif = ?
      O4 - Global Startup: BTTray.lnk = ?
      O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
      O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
      O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
      End of file - 5501 bytes

      ======Scheduled tasks folder======

      C:\WINDOWS\tasks\GlaryInitialize.job
      C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
      C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

      ======Registry dump======

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
      Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
      "AccelerometerSysTrayApplet"=C:\WINDOWS\system32\AccelerometerSt.Exe [2008-06-09 82224]
      "QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-05-14 251184]
      "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-04-04 1114112]
      "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-12-30 511312]
      "FrameWorkService"= []

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
      "SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
      "FrameWorkService"= []

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
      C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-05-14 251184]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
      C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-04-04 1114112]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 143360]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-27 1216512]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
      C:\Program Files\Winamp\winampa.exe [2009-07-01 111616]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Dos Optimizer.pif]
      C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif [2007-04-08 377344]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^¡¡¡¡¡¡.lnk]
      C:\WINDOWS\system32\XP-2F9~1.EXE []

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
      C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "gupdate"=2
      "Com4QLBEx"=3

      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
      BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

      C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage
      Dos Optimizer.pif

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
      C:\WINDOWS\system32\Ati2evxx.dll [2008-05-08 126976]

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
      "DisableTaskMgr"=1
      "DisableRegistryTools"=1

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
      "dontdisplaylastusername"=0
      "legalnoticecaption"=
      "legalnoticetext"=
      "shutdownwithoutlogon"=1
      "undockwithoutlogon"=1
      "EnableLUA"=0

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
      "NoDriveTypeAutoRun"=323
      "NoDriveAutoRun"=67108863
      "NoDrives"=0
      "DisallowRun"=0
      "NoFolderOptions"=0
      "NoRun"=0
      "NoFind"=0

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
      "HonorAutoRunSetting"=

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
      "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe:*:Enabled:ipsec"
      "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe:*:Enabled:ipsec"
      "C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE"="C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE:*:Enabled:ipsec"
      "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"="C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe:*:Enabled:ipsec"
      "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"="C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe:*:Enabled:ipsec"
      "C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:ipsec"
      "C:\WINDOWS\system32\SNDVOL32.EXE"="C:\WINDOWS\system32\SNDVOL32.EXE:*:Enabled:ipsec"
      "C:\Program Files\Analog Devices\Core\smax4pnp.exe"="C:\Program Files\Analog Devices\Core\smax4pnp.exe:*:Enabled:ipsec"
      "C:\WINDOWS\system32\AccelerometerSt.Exe"="C:\WINDOWS\system32\AccelerometerSt.Exe:*:Enabled:ipsec"
      "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe:*:Enabled:ipsec"
      "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe:*:Enabled:ipsec"
      "C:\Program Files\Winamp\winampa.exe"="C:\Program Files\Winamp\winampa.exe:*:Enabled:ipsec"
      "C:\Documents and Settings\Administrateur\Bureau\Best of Najib\Best of Najib.exe"="C:\Documents and Settings\Administrateur\Bureau\Best of Najib\Best of Najib.exe:*:Enabled:ipsec"
      "C:\Program Files\SuperCopier2\SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe:*:Enabled:ipsec"
      "C:\Documents and Settings\Administrateur\Bureau\Bonus\Bonus.exe"="C:\Documents and Settings\Administrateur\Bureau\Bonus\Bonus.exe:*:Enabled:ipsec"
      "C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif"="C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif:*:Enabled:ipsec"
      "C:\WINDOWS\system32\regsvr32.exe"="C:\WINDOWS\system32\regsvr32.exe:*:Enabled:ipsec"
      "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe:*:Enabled:ipsec"
      "C:\Documents and Settings\Administrateur\easddaea8.exe"="C:\Documents and Settings\Administrateur\easddaea8.exe:*:Enabled:ipsec"
      "C:\Program Files\Google\Update\GoogleUpdate.exe"="C:\Program Files\Google\Update\GoogleUpdate.exe:*:Enabled:ipsec"
      "C:\WINDOWS\system32\dwwin.exe"="C:\WINDOWS\system32\dwwin.exe:*:Enabled:ipsec"
      "C:\Program Files\Windows Media Player\setup_wm.exe"="C:\Program Files\Windows Media Player\setup_wm.exe:*:Enabled:ipsec"
      "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe:*:Enabled:ipsec"
      "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe"="C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe:*:Enabled:ipsec"
      "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwjydqv.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwjydqv.exe:*:Enabled:ipsec"
      "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbpqk.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbpqk.exe:*:Enabled:ipsec"

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
      "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

      ======List of files/folders created in the last 1 months======

      2010-01-05 15:10:28 ----D---- C:\Documents and Settings\Administrateur\Application Data\Foxit
      2010-01-05 15:10:27 ----D---- C:\Program Files\Foxit Software
      2010-01-05 15:04:41 ----A---- C:\Documents and Settings\Administrateur\Application Data\smss.exe
      2010-01-05 15:00:37 ----D---- C:\WINDOWS\ie8updates
      2010-01-05 14:59:59 ----D---- C:\WINDOWS\WBEM
      2010-01-05 14:58:48 ----HDC---- C:\WINDOWS\ie8
      2010-01-05 14:58:48 ----D---- C:\WINDOWS\system32\fr-FR
      2010-01-05 14:57:01 ----A---- C:\WINDOWS\system32\MRT.exe
      2010-01-05 14:56:56 ----A---- C:\WINDOWS\imsins.BAK
      2010-01-05 14:56:52 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
      2010-01-05 14:31:50 ----A---- C:\ComboFix.txt
      2010-01-05 14:30:16 ----D---- C:\WINDOWS\temp
      2010-01-05 14:27:30 ----D---- C:\KillBagle
      2010-01-05 14:19:12 ----D---- C:\Program Files\xerox
      2010-01-05 14:19:11 ----D---- C:\WINDOWS\system32\xircom
      2010-01-05 14:19:11 ----D---- C:\Program Files\netmeeting
      2010-01-05 14:19:10 ----D---- C:\Program Files\microsoft frontpage
      2010-01-05 14:15:00 ----A---- C:\Boot.bak
      2010-01-05 14:14:55 ----RASHD---- C:\cmdcons
      2010-01-05 14:12:18 ----A---- C:\WINDOWS\zip.exe
      2010-01-05 14:12:18 ----A---- C:\WINDOWS\SWXCACLS.exe
      2010-01-05 14:12:18 ----A---- C:\WINDOWS\SWSC.exe
      2010-01-05 14:12:18 ----A---- C:\WINDOWS\SWREG.exe
      2010-01-05 14:12:18 ----A---- C:\WINDOWS\sed.exe
      2010-01-05 14:12:18 ----A---- C:\WINDOWS\PEV.exe
      2010-01-05 14:12:18 ----A---- C:\WINDOWS\NIRCMD.exe
      2010-01-05 14:12:18 ----A---- C:\WINDOWS\MBR.exe
      2010-01-05 14:12:18 ----A---- C:\WINDOWS\grep.exe
      2010-01-05 14:10:56 ----D---- C:\WINDOWS\ERDNT
      2010-01-05 14:10:17 ----D---- C:\Qoobox
      2010-01-05 13:55:48 ----D---- C:\rsit
      2010-01-05 13:36:14 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
      2010-01-05 09:59:48 ----D---- C:\Program Files\jv16 PowerTools
      2010-01-05 09:50:38 ----D---- C:\Program Files\Trend Micro
      2010-01-05 09:34:10 ----D---- C:\Avenger
      2010-01-05 09:27:59 ----HD---- C:\WINDOWS\system32\GroupPolicy
      2010-01-05 09:02:27 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
      2010-01-05 09:02:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
      2010-01-05 09:02:22 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2010-01-05 09:01:55 ----D---- C:\Documents and Settings\Administrateur\Application Data\WinRAR
      2010-01-05 08:41:18 ----RD---- C:\JAN
      2010-01-05 08:34:58 ----D---- C:\Program Files\Yahoo!
      2010-01-05 08:34:52 ----D---- C:\Program Files\CCleaner
      2010-01-05 08:29:25 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
      2010-01-05 08:04:31 ----D---- C:\WINDOWS\pss
      2010-01-01 02:00:34 ----D---- C:\WINDOWS\system32\XPSViewer
      2010-01-01 02:00:28 ----D---- C:\WINDOWS\system32\en-US
      2010-01-01 02:00:19 ----D---- C:\Program Files\Reference Assemblies
      2010-01-01 01:59:58 ----N---- C:\WINDOWS\system32\prntvpt.dll
      2010-01-01 01:59:57 ----N---- C:\WINDOWS\system32\xpssvcs.dll
      2010-01-01 01:59:57 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
      2010-01-01 01:56:50 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
      2010-01-01 01:56:45 ----D---- C:\Program Files\MSXML 6.0
      2009-12-31 14:27:23 ----D---- C:\Documents and Settings\Administrateur\Application Data\GlarySoft
      2009-12-31 14:14:25 ----D---- C:\Program Files\Glary Utilities
      2009-12-31 14:14:00 ----A---- C:\WINDOWS\system32\mgxoschk.dll
      2009-12-31 14:09:39 ----D---- C:\Config.Msi
      2009-12-31 09:11:28 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
      2009-12-31 09:11:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
      2009-12-31 02:25:50 ----A---- C:\WINDOWS\system32\MFC71.dll
      2009-12-31 02:25:50 ----A---- C:\WINDOWS\system32\aswBoot.exe
      2009-12-31 02:25:48 ----D---- C:\Program Files\Alwil Software
      2009-12-30 21:45:59 ----RD---- C:\JAMA
      2009-12-30 17:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
      2009-12-30 17:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
      2009-12-30 17:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
      2009-12-30 17:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
      2009-12-30 17:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
      2009-12-30 17:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
      2009-12-30 17:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
      2009-12-30 17:00:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
      2009-12-30 17:00:41 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
      2009-12-30 17:00:36 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
      2009-12-30 17:00:31 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
      2009-12-30 17:00:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
      2009-12-30 17:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
      2009-12-30 17:00:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
      2009-12-30 17:00:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
      2009-12-30 16:59:59 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
      2009-12-30 16:59:55 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
      2009-12-30 16:59:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
      2009-12-30 16:59:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
      2009-12-30 16:59:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
      2009-12-30 16:59:38 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
      2009-12-30 16:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
      2009-12-30 16:59:28 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
      2009-12-30 16:59:14 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
      2009-12-30 16:59:08 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
      2009-12-30 16:59:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
      2009-12-30 16:58:58 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
      2009-12-30 16:58:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
      2009-12-30 16:58:45 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
      2009-12-30 16:58:39 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
      2009-12-30 16:58:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
      2009-12-30 16:58:29 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
      2009-12-30 16:58:21 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
      2009-12-30 16:58:13 ----D---- C:\WINDOWS\ServicePackFiles
      2009-12-30 16:58:11 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
      2009-12-30 16:58:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
      2009-12-30 16:57:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
      2009-12-30 16:57:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
      2009-12-30 16:57:48 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
      2009-12-30 16:57:43 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
      2009-12-30 16:57:36 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
      2009-12-30 16:57:28 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
      2009-12-29 09:56:21 ----D---- C:\WINDOWS\system32\CatRoot_bak
      2009-12-29 08:59:09 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2009-12-29 08:47:38 ----N---- C:\WINDOWS\system32\tzchange.exe
      2009-12-28 00:12:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
      2009-12-28 00:12:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
      2009-12-28 00:11:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
      2009-12-28 00:11:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
      2009-12-28 00:11:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
      2009-12-28 00:11:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
      2009-12-28 00:10:52 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
      2009-12-28 00:10:33 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
      2009-12-27 00:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
      2009-12-27 00:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
      2009-12-27 00:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
      2009-12-27 00:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
      2009-12-27 00:00:58 ----D---- C:\WINDOWS\system32\PreInstall
      2009-12-27 00:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
      2009-12-27 00:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
      2009-12-27 00:00:48 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
      2009-12-27 00:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
      2009-12-26 20:05:42 ----D---- C:\Documents and Settings\Administrateur\Application Data\Macromedia
      2009-12-26 20:04:36 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
      2009-12-26 19:28:50 ----D---- C:\Documents and Settings\Administrateur\Application Data\Google
      2009-12-26 19:19:57 ----D---- C:\Program Files\Google
      2009-12-24 22:16:25 ----D---- C:\WINDOWS\system32\SoftwareDistribution
      2009-12-24 21:09:17 ----RD---- C:\RESTORIC
      2009-12-21 19:14:57 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt
      2009-12-11 14:28:46 ----D---- C:\WINDOWS\system32\appmgmt

      ======List of files/folders modified in the last 1 months======

      2010-01-05 15:11:31 ----D---- C:\WINDOWS\Prefetch
      2010-01-05 15:10:40 ----D---- C:\Program Files\Mozilla Firefox
      2010-01-05 15:10:27 ----RD---- C:\Program Files
      2010-01-05 15:08:57 ----D---- C:\WINDOWS\system32
      2010-01-05 15:08:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
      2010-01-05 15:04:57 ----D---- C:\WINDOWS\system32\drivers
      2010-01-05 15:04:55 ----D---- C:\WINDOWS
      2010-01-05 15:04:41 ----HD---- C:\WINDOWS\inf
      2010-01-05 15:04:29 ----D---- C:\WINDOWS\system32\DllCache
      2010-01-05 15:04:29 ----D---- C:\WINDOWS\Help
      2010-01-05 15:04:29 ----D---- C:\Program Files\Internet Explorer
      2010-01-05 15:03:40 ----D---- C:\WINDOWS\system32\CatRoot2
      2010-01-05 15:03:40 ----A---- C:\WINDOWS\SchedLgU.Txt
      2010-01-05 15:00:42 ----HD---- C:\WINDOWS\$hf_mig$
      2010-01-05 14:59:52 ----D---- C:\WINDOWS\Media
      2010-01-05 14:57:02 ----D---- C:\WINDOWS\Debug
      2010-01-05 14:54:36 ----D---- C:\Documents and Settings\Administrateur\Application Data\Winamp
      2010-01-05 14:53:58 ----SHD---- C:\WINDOWS\Installer
      2010-01-05 14:53:28 ----D---- C:\Program Files\Fichiers communs
      2010-01-05 14:36:23 ----D---- C:\WINDOWS\SoftwareDistribution
      2010-01-05 14:31:22 ----D---- C:\WINDOWS\repair
      2010-01-05 14:30:23 ----A---- C:\WINDOWS\system.ini
      2010-01-05 14:29:29 ----D---- C:\WINDOWS\AppPatch
      2010-01-05 14:19:12 ----D---- C:\WINDOWS\system32\wbem
      2010-01-05 14:19:11 ----D---- C:\WINDOWS\ime
      2010-01-05 14:19:02 ----D---- C:\Program Files\SuperCopier2
      2010-01-05 14:18:39 ----D---- C:\WINDOWS\system32\config
      2010-01-05 14:15:00 ----RASH---- C:\boot.ini
      2010-01-05 13:31:05 ----D---- C:\WINDOWS\system32\CatRoot
      2010-01-05 10:19:58 ----HDC---- C:\WINDOWS\$NtUninstallKB915326$
      2010-01-05 09:34:10 ----RD---- C:\WINDOWS\Offline Web Pages
      2010-01-05 09:17:45 ----D---- C:\WINDOWS\Microsoft.NET
      2010-01-05 09:17:44 ----RSD---- C:\WINDOWS\assembly
      2010-01-05 08:06:13 ----A---- C:\WINDOWS\win.ini
      2010-01-03 15:28:27 ----D---- C:\WINDOWS\WinSxS
      2010-01-01 02:00:26 ----RSD---- C:\WINDOWS\Fonts
      2010-01-01 02:00:05 ----D---- C:\WINDOWS\system32\spool
      2010-01-01 01:57:48 ----D---- C:\WINDOWS\system32\mui
      2009-12-31 14:14:31 ----SD---- C:\WINDOWS\Tasks
      2009-12-31 14:08:06 ----SD---- C:\WINDOWS\Downloaded Program Files
      2009-12-30 17:17:33 ----D---- C:\WINDOWS\system32\Setup
      2009-12-30 16:58:54 ----D---- C:\Program Files\Outlook Express
      2009-12-26 20:05:40 ----D---- C:\Documents and Settings\Administrateur\Application Data\Adobe
      2009-12-26 13:34:26 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
      2009-12-16 13:11:42 ----D---- C:\Program Files\Windows Media Player

      ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

      R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
      R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
      R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320]
      R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
      R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
      R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
      R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
      R3 abp470n5;abp470n5; \??\C:\WINDOWS\system32\drivers\qmgnjn.sys []
      R3 Accelerometer;HP Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2008-05-23 28592]
      R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-04-11 338944]
      R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
      R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-03-01 1202560]
      R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-05-08 2880512]
      R3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2008-04-03 539512]
      R3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-04-03 37424]
      R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-04-03 879624]
      R3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-04-03 156392]
      R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-04-03 74688]
      R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
      R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2008-04-28 9344]
      R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
      R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
      R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
      R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
      R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
      R3 NETw5x32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows XP 32 bits ; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-04-28 3626112]
      R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2008-04-10 1804160]
      R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-03-27 224672]
      R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080]
      R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
      R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-04-19 20608]
      R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
      S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
      S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
      S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
      S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
      S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
      S3 SCR3XX2K;SCR3xx USB SmartCardReader; C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys [2007-06-21 56448]
      S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
      S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
      S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
      S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
      S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
      S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]
      S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
      S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys []
      S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
      S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc29.tmp []

      ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

      R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2007-12-11 12800]
      R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-05-08 536576]
      R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-03-31 264800]
      R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-12-30 235344]
      R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-05-01 243016]
      S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
      S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
      S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
      S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
      S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
      S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
      S4 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 275760]
      S4 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-26 205296]
      S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

      -----------------EOF-----------------3
      0
  4. 3omda_75 Messages postés 28 Statut Membre
     
    et voila

    en premier lieu le rapport de combofix

    ComboFix 10-01-04.01 - Administrateur 05/01/2010 14:28:01.2.2 - x86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2043.1532 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Administrateur\Bureau\KillBagle.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Administrateur\Application Data\lsass.exe
    .
    ---- Exécution préalable -------
    .
    c:\documents and settings\Administrateur\h7z9c39i7.exe
    c:\sin\S-2-3-12-ABCDEF7890-01234567890-1688963592-500\Desktop.ini
    c:\windows\system32\drivers\sqeffxh.sys
    c:\windows\system32\XP-2F95D5BE.EXE

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_aqjgat

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-05 au 2010-01-05 ))))))))))))))))))))))))))))))))))))
    .

    2010-01-05 13:19 . 2010-01-05 13:19 -------- d-----w- c:\windows\system32\wbem\snmp
    2010-01-05 13:19 . 2010-01-05 13:19 -------- d-----w- c:\windows\system32\xircom
    2010-01-05 12:55 . 2010-01-05 12:55 -------- d-----w- C:\rsit
    2010-01-05 12:36 . 2010-01-05 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2010-01-05 08:59 . 2010-01-05 08:59 -------- d-----w- c:\program files\jv16 PowerTools
    2010-01-05 08:50 . 2010-01-05 08:50 -------- d-----w- c:\program files\Trend Micro
    2010-01-05 08:27 . 2010-01-05 08:28 -------- d--h--w- c:\windows\system32\GroupPolicy
    2010-01-05 08:04 . 2010-01-05 08:04 5061520 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-01-05 08:02 . 2010-01-05 08:02 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2010-01-05 08:02 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-05 08:02 . 2010-01-05 08:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-01-05 08:02 . 2010-01-05 08:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-01-05 08:02 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-01-05 07:44 . 2010-01-05 08:12 180224 ----a-w- c:\documents and settings\Administrateur\ddaqaea4.exe
    2010-01-05 07:41 . 2010-01-05 07:41 -------- d-----r- C:\JAN
    2010-01-05 07:41 . 2010-01-05 08:11 172032 ----a-w- c:\documents and settings\Administrateur\easddaeu8.exe
    2010-01-05 07:34 . 2010-01-05 07:34 -------- d-----w- c:\program files\Yahoo!
    2010-01-05 07:34 . 2010-01-05 07:35 -------- d-----w- c:\program files\CCleaner
    2010-01-05 07:29 . 2010-01-05 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
    2010-01-01 19:39 . 2010-01-01 20:29 33792 ----a-w- c:\documents and settings\Administrateur\easddaeb8.exe
    2010-01-01 01:00 . 2010-01-01 01:00 -------- d-----w- c:\windows\system32\XPSViewer
    2010-01-01 01:00 . 2010-01-01 01:00 -------- d-----w- c:\program files\Reference Assemblies
    2010-01-01 01:00 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2010-01-01 00:59 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2010-01-01 00:59 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
    2010-01-01 00:59 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2010-01-01 00:59 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
    2010-01-01 00:59 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2010-01-01 00:59 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
    2010-01-01 00:59 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2010-01-01 00:59 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2010-01-01 00:56 . 2010-01-01 00:56 -------- d-----w- c:\program files\MSXML 6.0
    2009-12-31 16:37 . 2009-12-31 16:40 33792 ----a-w- c:\documents and settings\Administrateur\easddaeg8.exe
    2009-12-31 13:27 . 2009-12-31 13:32 -------- d-----w- c:\documents and settings\Administrateur\Application Data\GlarySoft
    2009-12-31 13:14 . 2009-12-31 13:14 -------- d-----w- c:\program files\Glary Utilities
    2009-12-31 13:14 . 2007-01-04 11:02 663552 ----a-w- c:\windows\system32\mgxoschk.dll
    2009-12-31 12:04 . 2009-12-31 16:19 33792 ----a-w- c:\documents and settings\Administrateur\easddaek9.exe
    2009-12-31 01:26 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2009-12-31 01:26 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
    2009-12-31 01:26 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2009-12-31 01:26 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2009-12-31 01:26 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2009-12-31 01:26 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2009-12-31 01:25 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
    2009-12-31 01:25 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
    2009-12-31 01:25 . 2009-12-31 01:25 -------- d-----w- c:\program files\Alwil Software
    2009-12-31 00:49 . 2009-12-31 00:58 151552 ----a-w- c:\documents and settings\Administrateur\easddaeg9.exe
    2009-12-30 21:15 . 2009-12-30 21:17 2034352 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
    2009-12-30 20:45 . 2010-01-05 08:33 -------- d-----r- C:\JAMA
    2009-12-30 20:45 . 2009-12-30 21:35 139264 ----a-w- c:\documents and settings\Administrateur\easddaee1.exe
    2009-12-30 15:58 . 2009-12-30 15:58 -------- d-----w- c:\windows\ServicePackFiles
    2009-12-29 08:56 . 2010-01-05 12:30 -------- d-----w- c:\windows\system32\CatRoot_bak
    2009-12-29 08:51 . 2009-12-29 08:52 184320 ----a-w- c:\documents and settings\Administrateur\easddaet8.exe
    2009-12-29 07:59 . 2010-01-05 07:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-12-29 07:57 . 2009-03-06 14:46 286208 ------w- c:\windows\system32\dllcache\pdh.dll
    2009-12-29 07:57 . 2009-02-09 10:20 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
    2009-12-29 07:57 . 2009-02-09 10:20 399360 ------w- c:\windows\system32\dllcache\rpcss.dll
    2009-12-29 07:57 . 2009-02-06 16:54 35328 ------w- c:\windows\system32\dllcache\sc.exe
    2009-12-29 07:57 . 2009-02-06 16:39 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
    2009-12-29 07:57 . 2005-07-26 04:39 60416 ------w- c:\windows\system32\dllcache\colbact.dll
    2009-12-29 07:57 . 2009-02-09 10:20 685056 ------w- c:\windows\system32\dllcache\advapi32.dll
    2009-12-29 07:57 . 2009-02-09 10:20 739840 ------w- c:\windows\system32\dllcache\ntdll.dll
    2009-12-29 07:57 . 2009-02-09 10:20 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
    2009-12-29 07:57 . 2009-02-09 10:08 111104 ------w- c:\windows\system32\dllcache\services.exe
    2009-12-29 07:51 . 2008-10-24 11:10 453632 ------w- c:\windows\system32\dllcache\mrxsmb.sys
    2009-12-29 07:51 . 2009-07-10 13:41 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
    2009-12-29 07:49 . 2009-08-04 17:16 2065024 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
    2009-12-29 07:49 . 2009-08-04 17:16 2188032 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
    2009-12-29 07:49 . 2009-08-04 17:16 2144768 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2009-12-29 07:49 . 2009-08-04 17:16 2022912 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
    2009-12-29 07:49 . 2009-06-05 07:46 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
    2009-12-29 07:47 . 2008-06-14 17:59 272768 ------w- c:\windows\system32\drivers\bthport.sys
    2009-12-29 07:47 . 2008-06-14 17:59 272768 ------w- c:\windows\system32\dllcache\bthport.sys
    2009-12-29 07:47 . 2009-12-29 08:15 180224 ----a-w- c:\documents and settings\Administrateur\easddaey9.exe
    2009-12-27 22:17 . 2009-12-27 22:17 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\PCHealth
    2009-12-27 12:54 . 2008-05-08 12:28 202752 ------w- c:\windows\system32\dllcache\rmcast.sys
    2009-12-27 12:54 . 2008-12-11 11:57 333184 ------w- c:\windows\system32\dllcache\srv.sys
    2009-12-27 12:32 . 2008-04-11 18:51 683520 ------w- c:\windows\system32\dllcache\inetcomm.dll
    2009-12-27 12:32 . 2008-04-21 21:27 219136 ------w- c:\windows\system32\dllcache\wordpad.exe
    2009-12-27 12:23 . 2009-08-25 09:47 352256 ------w- c:\windows\system32\dllcache\winhttp.dll
    2009-12-27 12:14 . 2009-07-31 04:58 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
    2009-12-27 12:13 . 2009-12-27 12:13 180224 ----a-w- c:\documents and settings\Administrateur\easddaeg4.exe
    2009-12-26 20:06 . 2008-07-07 20:31 253952 ------w- c:\windows\system32\dllcache\es.dll
    2009-12-26 19:43 . 2008-06-12 14:18 956928 ------w- c:\windows\system32\dllcache\msdtctm.dll
    2009-12-26 19:43 . 2008-06-12 14:18 161792 ------w- c:\windows\system32\dllcache\msdtcuiu.dll
    2009-12-26 19:43 . 2008-06-12 14:18 91648 ------w- c:\windows\system32\dllcache\mtxoci.dll
    2009-12-26 19:43 . 2008-06-12 14:18 66560 ------w- c:\windows\system32\dllcache\mtxclu.dll
    2009-12-26 19:43 . 2008-06-12 14:18 58880 ------w- c:\windows\system32\dllcache\msdtclog.dll
    2009-12-26 19:43 . 2008-06-12 14:18 428032 ------w- c:\windows\system32\dllcache\msdtcprx.dll
    2009-12-26 19:42 . 2009-04-15 15:17 584192 ------w- c:\windows\system32\dllcache\rpcrt4.dll
    2009-12-26 19:42 . 2008-10-15 16:59 332800 ------w- c:\windows\system32\dllcache\netapi32.dll
    2009-12-26 19:41 . 2009-06-21 22:06 153088 ------w- c:\windows\system32\dllcache\triedit.dll
    2009-12-26 19:41 . 2008-05-01 14:31 331776 ------w- c:\windows\system32\dllcache\msadce.dll
    2009-12-26 19:04 . 2009-12-31 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2009-12-26 18:25 . 2009-12-26 18:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2009-12-26 18:20 . 2009-12-26 18:27 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Temp
    2009-12-26 18:20 . 2009-12-26 18:20 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2009-12-26 18:19 . 2009-12-31 13:06 -------- d-----w- c:\program files\Google
    2009-12-26 18:19 . 2009-12-31 13:06 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Google
    2009-12-26 17:40 . 2009-12-26 23:08 180224 ----a-w- c:\documents and settings\Administrateur\easddaea8.exe
    2009-12-24 21:35 . 2009-12-24 21:35 -------- d-s---w- c:\documents and settings\Administrateur\UserData
    2009-12-24 20:09 . 2009-12-24 20:09 -------- d-----r- C:\RESTORIC
    2009-12-24 20:09 . 2009-12-24 21:36 139264 ----a-w- c:\documents and settings\Administrateur\easddaeb1.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-05 13:23 . 2001-09-28 13:00 80946 ----a-w- c:\windows\system32\perfc00C.dat
    2010-01-05 13:23 . 2001-09-28 13:00 501138 ----a-w- c:\windows\system32\perfh00C.dat
    2010-01-05 13:19 . 2010-01-05 13:19 -------- d-----w- c:\program files\microsoft frontpage
    2010-01-05 13:19 . 2009-12-05 14:14 -------- d-----w- c:\program files\SuperCopier2
    2010-01-04 10:11 . 2009-12-05 14:15 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Winamp
    2009-12-05 17:03 . 2009-12-05 17:03 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Media Player Classic
    2009-12-05 14:15 . 2009-12-05 13:55 -------- d-----w- c:\program files\Winamp
    2009-12-05 14:00 . 2009-12-05 14:00 -------- d-----w- c:\program files\Real Alternative
    2009-12-05 13:59 . 2009-11-11 08:33 -------- d-----w- c:\program files\Fichiers communs\Real
    2009-12-05 13:58 . 2009-12-05 13:57 -------- d-----w- c:\program files\K-Lite Codec Pack
    2009-12-05 13:58 . 2009-12-05 13:58 0 ----a-w- c:\windows\nsreg.dat
    2009-12-05 13:54 . 2009-12-05 13:54 -------- d-----w- c:\documents and settings\Administrateur\Application Data\vlc
    2009-12-05 13:54 . 2009-12-05 13:54 -------- d-----w- c:\program files\VideoLAN
    2009-11-19 17:38 . 2009-11-19 17:38 65760 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-11-14 21:10 . 2009-11-11 07:11 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2009-11-11 08:36 . 2009-11-11 08:35 -------- d-----w- c:\program files\PDFCreator
    2009-11-11 08:28 . 2009-11-11 08:28 -------- d-----w- c:\program files\Fichiers communs\Adobe
    2009-11-11 08:26 . 2009-11-11 08:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-11-11 08:25 . 2009-11-11 08:25 -------- d-----w- c:\program files\Microsoft Works
    2009-11-11 08:25 . 2009-11-11 08:25 -------- d-----w- c:\program files\MSBuild
    2009-11-11 08:24 . 2009-11-11 08:24 -------- d-----w- c:\program files\Microsoft.NET
    2009-11-11 08:23 . 2009-11-11 08:23 -------- d-----w- c:\program files\Microsoft Visual Studio 8
    2009-11-11 08:20 . 2009-11-11 08:20 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
    2009-11-11 08:20 . 2009-11-11 08:20 -------- d-----w- c:\documents and settings\Administrateur\Application Data\ATI
    2009-11-11 08:19 . 2009-11-11 08:19 0 -c--a-w- c:\windows\ativpsrm.bin
    2009-11-11 08:12 . 2009-11-11 08:12 -------- d-----w- c:\program files\Analog Devices
    2009-11-11 08:08 . 2009-11-11 08:08 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
    2009-11-11 08:07 . 2009-11-11 08:07 0 -c-ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2009-11-11 07:40 . 2009-11-11 07:18 -------- d-----w- c:\program files\Hewlett-Packard
    2009-11-11 07:40 . 2009-11-11 07:18 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-11-11 07:38 . 2009-11-11 07:38 -------- d-----w- c:\program files\Synaptics
    2009-11-11 07:36 . 2009-11-11 07:36 -------- d-----w- c:\program files\Fichiers communs\SNP2UVC
    2009-11-11 07:36 . 2009-11-11 07:36 -------- d-----w- c:\documents and settings\Administrateur\Application Data\InstallShield
    2009-11-11 07:35 . 2009-11-11 07:35 -------- d-----w- c:\program files\SCM Microsystems
    2009-11-11 07:32 . 2009-11-11 07:32 -------- d-----w- c:\program files\Intel
    2009-11-11 07:30 . 2009-11-11 07:28 -------- d-----w- c:\program files\ATI Technologies
    2009-11-11 07:24 . 2009-11-11 07:18 -------- d-----w- c:\program files\Fichiers communs\InstallShield
    2009-11-11 07:23 . 2009-11-11 07:23 -------- d-----w- c:\program files\WIDCOMM
    2009-11-11 07:22 . 2009-11-11 07:22 1614 -csha-r- c:\windows\system32\drivers\103C_HP_NTBK_HP Compaq 6830s_YN_0U_QCNU9020RNG_EU_46_I30E9_SHP_VKBC Version 95.1A_B68PZD Ver. F.07_T080918_WXP2_L40C_M2044_J250_7Intel_8Core2 Duo T5870_92_#091111_N_()_XMOBILE_CN10_Z_2F.07_G.MRK
    2009-11-11 07:20 . 2009-11-11 07:20 -------- d-----w- c:\program files\HPQ
    2009-11-11 07:11 . 2009-11-11 07:11 -------- d-----w- c:\program files\Services en ligne
    2009-11-11 07:09 . 2009-11-11 07:09 21892 -c--a-w- c:\windows\system32\emptyregdb.dat
    2009-10-29 05:46 . 2004-08-03 23:54 666112 ----a-w- c:\windows\system32\wininet.dll
    2009-10-21 06:03 . 2004-08-03 23:54 75776 ----a-w- c:\windows\system32\strmfilt.dll
    2009-10-21 06:03 . 2004-08-03 23:54 25088 ----a-w- c:\windows\system32\httpapi.dll
    2009-10-20 16:54 . 2009-10-20 16:54 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
    2009-10-20 14:58 . 2004-08-03 22:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
    2009-10-13 10:52 . 2004-08-03 23:54 267776 ----a-w- c:\windows\system32\oakley.dll
    2009-10-12 13:52 . 2004-08-03 23:54 69632 ----a-w- c:\windows\system32\raschap.dll
    2009-10-12 13:52 . 2004-08-03 23:54 113152 ----a-w- c:\windows\system32\rastls.dll
    .

    ------- Sigcheck -------

    [-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ctfmon.exe
    [-] 2004-08-03 . 9A8FFEC027A54A8CE63DB61DB617BA61 . 93184 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-06-09 82224]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 251184]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1114112]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-30 511312]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 93184]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

    c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    DosÿOptimizer.pif [2007-4-8 377344]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-3-31 576104]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Dos Optimizer.pif]
    path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
    backup=c:\windows\pss\Dos Optimizer.pifStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^¡¡¡¡¡¡.lnk]
    path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\¡¡¡¡¡¡.lnk
    backup=c:\windows\pss\¡¡¡¡¡¡.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
    2008-05-14 10:26 251184 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2008-04-04 15:09 1114112 ----a-r- c:\program files\Analog Devices\Core\smax4pnp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2008-01-21 11:17 143360 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2008-03-27 18:28 1216512 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2009-07-01 16:37 111616 ----a-w- c:\program files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "gupdate"=2 (0x2)
    "Com4QLBEx"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    "AntiVirusDisableNotify"=dword:00000001
    "FirewallDisableNotify"=dword:00000001
    "FirewallOverride"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "UacDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"=
    "c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
    "c:\\PROGRA~1\\WIDCOMM\\BLUETO~1\\BTSTAC~1.EXE"=
    "c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"=
    "c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe"=
    "c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "c:\\WINDOWS\\system32\\SNDVOL32.EXE"=
    "c:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"=
    "c:\\WINDOWS\\system32\\AccelerometerSt.Exe"=
    "c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe"=
    "c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\ccc.exe"=
    "c:\\Program Files\\Winamp\\winampa.exe"=
    "c:\\Documents and Settings\\Administrateur\\Bureau\\Best of Najib\\Best of Najib.exe"=
    "c:\\Program Files\\SuperCopier2\\SuperCopier2.exe"=
    "c:\\Documents and Settings\\Administrateur\\Bureau\\Bonus\\Bonus.exe"=
    "c:\\Documents and Settings\\Administrateur\\Menu Démarrer\\Programmes\\Démarrage\\Dos Optimizer.pif"=
    "c:\\WINDOWS\\system32\\regsvr32.exe"=
    "c:\\Program Files\\Hewlett-Packard\\HP Quick Launch Buttons\\QlbCtrl.exe"=
    "c:\\Documents and Settings\\Administrateur\\easddaea8.exe"=
    "c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
    "c:\\WINDOWS\\system32\\dwwin.exe"=
    "c:\\Program Files\\Windows Media Player\\setup_wm.exe"=
    "c:\\Program Files\\Hewlett-Packard\\HP Quick Launch Buttons\\Com4QLBEx.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Shared\\hpqwmiex.exe"=

    R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [11/11/2009 09:12 24064]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31/12/2009 02:26 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/12/2009 02:26 20560]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [05/01/2010 09:02 235344]
    R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\qmgnjn.sys --> c:\windows\system32\drivers\qmgnjn.sys [?]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [05/01/2010 09:02 19160]
    S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [21/06/2007 04:40 56448]
    S4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [11/11/2009 08:40 275760]
    S4 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/12/2009 19:19 205296]

    --- Autres Services/Pilotes en mémoire ---

    *Deregistered* - mchInjDrv

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67KLN5J0-4OPM-65WE-KKX5-313QWE24444}]
    2009-12-26 12:31 102400 ----a-w- c:\restoric\RECYCLER\X0R.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2010-01-05 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2009-12-31 18:27]

    2010-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 18:19]

    2010-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 18:19]
    .
    .
    ------- Examen supplémentaire -------
    .
    uInternet Settings,ProxyOverride = local
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\tw9l25d6.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    **************************************************************************
    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés:

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
    "ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc22.tmp"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(752)
    c:\windows\system32\Ati2evxx.dll
    .
    Heure de fin: 2010-01-05 14:31:49
    ComboFix-quarantined-files.txt 2010-01-05 13:31

    Avant-CF: 61 423 673 344 octets libres
    Après-CF: 61 363 527 680 octets libres

    - - End Of File - - 08ACF255D9789FCFD623FDA7C48B9D57

    ensuite j'ai mis à jour internet explorer (version 8)
    j'ai désinstallé adobe acrobate reader
    j'ai installé foxit reader
    et enfin le rapport de RSIT


    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Administrateur at 2010-01-05 15:13:40
    Microsoft Windows XP Professionnel Service Pack 2
    System drive C: has 58 GB (77%) free of 75 GB
    Total RAM: 2043 MB (76% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:13:48, on 05/01/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\AccelerometerSt.Exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\TEMP\wintqyjgx.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O4 - Startup: Dos Optimizer.pif = ?
    O4 - Global Startup: BTTray.lnk = ?
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    télécharge OTM
    http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/ (de Old_Timer) sur ton Bureau.

    double-clique sur OTM.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTM :Paste instruction for items to be moved.

    :processes
    explorer.exe
    :files
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbpqk.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwjydqv.exe
    :reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwjydqv.exe"=-
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbpqk.exe"=-
    :commands
    [purity]
    [emptytemp]
    [start explorer]

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTM\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    _________________________

    colle ensuite un scan rapide avec malwarebyte antimalware
    0
    1. 3omda_75 Messages postés 28 Statut Membre
       
      Bonjour,

      désolé pour ce retard, et voila le rapport de OTM

      All processes killed
      ========== PROCESSES ==========
      No active process named explorer.exe was found!
      ========== FILES ==========
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbpqk.exe moved successfully.
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwjydqv.exe moved successfully.
      ========== REGISTRY ==========
      Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shared­access\parameters\firewallpolicy\standardprofile\authorizeda­pplications\list not found.
      Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shared­access\parameters\firewallpolicy\standardprofile\authorizeda­pplications\list not found.
      ========== COMMANDS ==========

      [EMPTYTEMP]

      User: Administrateur
      ->Temp folder emptied: 580232 bytes
      ->Temporary Internet Files folder emptied: 2098281 bytes
      ->FireFox cache emptied: 69337329 bytes

      User: All Users

      User: Default User
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 33170 bytes

      User: LocalService
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 32902 bytes

      User: NetworkService
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 32902 bytes

      %systemdrive% .tmp files removed: 0 bytes
      %systemroot% .tmp files removed: 2114937 bytes
      %systemroot%\System32 .tmp files removed: 0 bytes
      Windows Temp folder emptied: 25638 bytes
      %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10939416 bytes
      %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
      RecycleBin emptied: 0 bytes

      Total Files Cleaned = 81,00 mb


      OTM by OldTimer - Version 3.1.4.0 log created on 01062010_080331

      Files moved on Reboot...

      Registry entries deleted on Reboot...


      et le rapport de malwarebytes (scan rapide)

      Malwarebytes' Anti-Malware 1.43
      Version de la base de données: 3495
      Windows 5.1.2600 Service Pack 2
      Internet Explorer 8.0.6001.18702

      06/01/2010 08:15:56
      mbam-log-2010-01-06 (08-15-56).txt

      Type de recherche: Examen rapide
      Eléments examinés: 102098
      Temps écoulé: 3 minute(s), 15 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 5
      Elément(s) de données du Registre infecté(s): 5
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 4

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\frameworkservice (Trojan.Delf) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\frameworkservice (Trojan.Delf) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\Documents and Settings\Administrateur\Application Data\lsass.exe (Trojan.Delf) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Administrateur\Application Data\smss.exe (Trojan.Delf) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\Sexy Girls.scr (Trojan.Delf) -> Quarantined and deleted successfully.
      C:\WINDOWS\inf\smss.exe (Trojan.Delf) -> Quarantined and deleted successfully.


      et il me demande de redémarrer l'ordinateur maintenant pour terminer la suppression.
      0
  7. 3omda_75 Messages postés 28 Statut Membre
     
    Bonjour,

    voila le rapport de OTM

    All processes killed
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    ========== FILES ==========
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbpqk.exe moved successfully.
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwjydqv.exe moved successfully.
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shared­­access\parameters\firewallpolicy\standardprofile\authorizeda­­pplications\list not found.
    Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shared­­access\parameters\firewallpolicy\standardprofile\authorizeda­­pplications\list not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrateur
    ->Temp folder emptied: 580232 bytes
    ->Temporary Internet Files folder emptied: 2098281 bytes
    ->FireFox cache emptied: 69337329 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2114937 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    Windows Temp folder emptied: 25638 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10939416 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 81,00 mb

    OTM by OldTimer - Version 3.1.4.0 log created on 01062010_080331

    Files moved on Reboot...

    Registry entries deleted on Reboot...

    et le rapport de malwarebytes (scan rapide)

    Malwarebytes' Anti-Malware 1.43
    Version de la base de données: 3495
    Windows 5.1.2600 Service Pack 2
    Internet Explorer 8.0.6001.18702

    06/01/2010 08:15:56
    mbam-log-2010-01-06 (08-15-56).txt

    Type de recherche: Examen rapide
    Eléments examinés: 102098
    Temps écoulé: 3 minute(s), 15 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 5
    Elément(s) de données du Registre infecté(s): 5
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 4

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\frameworkservice (Trojan.Delf) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\frameworkservice (Trojan.Delf) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Documents and Settings\Administrateur\Application Data\lsass.exe (Trojan.Delf) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\smss.exe (Trojan.Delf) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\Sexy Girls.scr (Trojan.Delf) -> Quarantined and deleted successfully.
    C:\WINDOWS\inf\smss.exe (Trojan.Delf) -> Quarantined and deleted successfully.

    et il me demande de redémarrer l'ordinateur maintenant pour terminer la suppression.
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    branche tous tes supports externes et colle un rapport option 1 avec usbfix
    0
    1. 3omda_75 Messages postés 28 Statut Membre
       
      ############################## | UsbFix V6.070 |

      User : Administrateur (Administrateurs) # STANDARD
      Update on 03/01/2010 by El Desaparecido , C_XX & Chimay8
      Start at: 11:47:00 | 06/01/2010
      Website : http://pagesperso-orange.fr/NosTools/index.html
      Contact : FindyKill.Contact@gmail.com

      Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz
      Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
      Internet Explorer 8.0.6001.18702
      Windows Firewall Status : Disabled

      C:\ -> Disque fixe local # 73,24 Go (57,16 Go free) # NTFS
      D:\ -> Disque CD-ROM # 0 Mo (0 Mo free) [Audio CD] # CDFS
      E:\ -> Disque fixe local # 159,63 Go (145,93 Go free) # NTFS

      ############################## | Processus actifs |

      C:\WINDOWS\System32\smss.exe 584
      C:\WINDOWS\system32\csrss.exe 716
      C:\WINDOWS\system32\winlogon.exe 748
      C:\WINDOWS\system32\services.exe 792
      C:\WINDOWS\system32\lsass.exe 804
      C:\WINDOWS\system32\Ati2evxx.exe 964
      C:\WINDOWS\system32\svchost.exe 976
      C:\WINDOWS\system32\svchost.exe 1052
      C:\WINDOWS\System32\svchost.exe 1092
      C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 1116
      C:\WINDOWS\system32\svchost.exe 1176
      C:\WINDOWS\system32\Ati2evxx.exe 1284
      C:\WINDOWS\system32\svchost.exe 1360
      C:\WINDOWS\system32\spoolsv.exe 1736
      C:\WINDOWS\Explorer.EXE 1788
      C:\WINDOWS\System32\SCardSvr.exe 1796
      C:\WINDOWS\system32\AccelerometerSt.Exe 1880
      C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe 1888
      C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe 1908
      C:\Program Files\SuperCopier2\SuperCopier2.exe 1920
      C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe 208
      C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif 220
      C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE 280
      C:\Program Files\Google\Update\GoogleUpdate.exe 1244
      C:\WINDOWS\system32\svchost.exe 2212
      C:\WINDOWS\system32\agrsmsvc.exe 2244
      C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 2312
      C:\WINDOWS\system32\svchost.exe 2440
      C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 2832
      C:\WINDOWS\system32\wbem\wmiprvse.exe 3132
      C:\WINDOWS\System32\svchost.exe 2136
      C:\WINDOWS\system32\wuauclt.exe 3788
      C:\Program Files\Mozilla Firefox\firefox.exe 3048
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\lifmrn.exe 2756
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqkwihp.exe 168
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winynukxx.exe 3156
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winpahnc.exe 1572
      C:\Documents and Settings\Administrateur\Bureau\Nouveau dossier (2)\Administrateur_Fichiers.exe 1324
      C:\Documents and Settings\Administrateur\Bureau\Nouveau dossier (2)\Administrateur_Fichiers.exe 1860
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\beon.exe 3980
      C:\WINDOWS\system32\wbem\wmiprvse.exe 1852

      ################## | Elements infectieux |

      C:\WINDOWS\inf\smss.exe
      C:\WINDOWS\System32\Sexy Girls.scr
      C:\DOCUME~1\ADMINI~1\APPLIC~1\smss.exe
      C:\DOCUME~1\ADMINI~1\APPLIC~1\svchost.exe

      ################## | Registre |

      [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FrameWorkService"
      [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "FrameWorkService"
      [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
      [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"
      [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
      [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFind"
      [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"
      [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRun"

      ################## | Mountpoints2 |


      ################## | Cracks > Keygens > Serials |


      ################## | ! Fin du rapport # UsbFix V6.070 ! |
      0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok fais un rapport avec l'option 2

    puis dis tes soucis
    et remets un rapport RSIT ensuite
    0
    1. 3omda_75 Messages postés 28 Statut Membre
       
      alors c'est fait sauf que usbfix a crée un ficher RAR que je l'ai fait l'upload sur chiquitine.changelog sur sa demande et à la fin de l'upload il me dit que j'ai pas sélectionné un fichier par contre je l'ai déja fait et il s'appelle (UsbFix_Upload_Me_STANDARD).
      voici le rapport RSIT

      Logfile of random's system information tool 1.06 (written by random/random)
      Run by Administrateur at 2010-01-06 14:20:54
      Microsoft Windows XP Professionnel Service Pack 2
      System drive C: has 65 GB (86%) free of 75 GB
      Total RAM: 2043 MB (37% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 14:20:57, on 06/01/2010
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Google\Update\GoogleUpdate.exe
      C:\WINDOWS\system32\cmd.exe
      C:\WINDOWS\system32\agrsmsvc.exe
      C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
      C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe
      O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
      O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
      O4 - Startup: Dos Optimizer.pif = ?
      O4 - Global Startup: BTTray.lnk = ?
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
      O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
      O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
      0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Pour fusionner:

    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

    _______________

    telecharge combofix:

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    _________________

    Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winuhiqew.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwjydqv.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbpqk.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\lifmrn.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqkwihp.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winvospck.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tyws.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windufy.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingvmtnp.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cdxsyq.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qkfbhs.exe
    Registry::
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwjydqv.exe"=-
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbpqk.exe"=-
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\lifmrn.exe"=-
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqkwihp.exe"=-
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winvospck.exe"=-
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tyws.exe"=-
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windufy.exe"=-
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingvmtnp.exe"=
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cdxsyq.exe"=-
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qkfbhs.exe"=-
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winuhiqew.exe"=-

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
    1. 3omda_75 Messages postés 28 Statut Membre
       
      Bonjours
      0
    2. 3omda_75 Messages postés 28 Statut Membre
       
      ComboFix 10-01-11.03 - Administrateur 12/01/2010 9:17.3.2 - x86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2043.1509 [GMT 1:00]
      Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
      Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFscript.txt

      FILE ::
      "c:\docume~1\ADMINI~1\LOCALS~1\Temp\cdxsyq.exe"
      "c:\docume~1\ADMINI~1\LOCALS~1\Temp\lifmrn.exe"
      "c:\docume~1\ADMINI~1\LOCALS~1\Temp\qkfbhs.exe"
      "c:\docume~1\ADMINI~1\LOCALS~1\Temp\tyws.exe"
      "c:\docume~1\ADMINI~1\LOCALS~1\Temp\winbpqk.exe"
      "c:\docume~1\ADMINI~1\LOCALS~1\Temp\windufy.exe"
      "c:\docume~1\ADMINI~1\LOCALS~1\Temp\wingvmtnp.exe"
      "c:\docume~1\ADMINI~1\LOCALS~1\Temp\winqkwihp.exe"
      "c:\docume~1\ADMINI~1\LOCALS~1\Temp\winuhiqew.exe"
      "c:\docume~1\ADMINI~1\LOCALS~1\Temp\winvospck.exe"
      "c:\docume~1\ADMINI~1\LOCALS~1\Temp\winwjydqv.exe"
      .
      Les fichiers ci-dessous ont été désactivés pendant l'exécution:
      c:\program files\SuperCopier2\SC2Hook.dll


      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\documents and settings\Administrateur\Application Data\lsass.exe
      c:\documents and settings\Administrateur\Application Data\svchost.exe
      C:\LOG.TXT
      C:\restore
      c:\windows\Inf\smss.exe
      c:\windows\system32\Sexy Girls.scr

      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-12 au 2010-01-12 ))))))))))))))))))))))))))))))))))))
      .

      2010-01-06 14:40 . 2010-01-06 14:41 -------- d-----w- C:\FindyKill
      2010-01-06 10:46 . 2010-01-06 12:46 -------- d-----w- C:\UsbFix
      2010-01-06 07:03 . 2010-01-06 07:03 -------- d-----w- C:\_OTM
      2010-01-05 14:20 . 2010-01-05 14:20 -------- d-sh--w- c:\documents and settings\Administrateur\IECompatCache
      2010-01-05 14:19 . 2010-01-05 14:19 -------- d-sh--w- c:\documents and settings\Administrateur\PrivacIE
      2010-01-05 14:10 . 2010-01-05 14:10 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Foxit
      2010-01-05 14:10 . 2010-01-05 14:10 -------- d-----w- c:\program files\Foxit Software
      2010-01-05 14:04 . 2010-01-05 14:04 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
      2010-01-05 14:04 . 2010-01-05 14:04 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
      2010-01-05 14:00 . 2010-01-06 15:19 -------- d-----w- c:\windows\ie8updates
      2010-01-05 13:58 . 2010-01-05 14:00 -------- dc-h--w- c:\windows\ie8
      2010-01-05 13:58 . 2010-01-05 13:59 -------- d-----w- c:\windows\system32\fr-FR
      2010-01-05 13:56 . 2009-10-29 07:42 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
      2010-01-05 13:56 . 2009-10-29 07:42 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
      2010-01-05 13:56 . 2009-10-29 07:42 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
      2010-01-05 13:56 . 2009-10-29 07:42 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
      2010-01-05 13:56 . 2009-10-29 07:42 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
      2010-01-05 13:56 . 2009-10-29 07:42 11069952 ------w- c:\windows\system32\dllcache\ieframe.dll
      2010-01-05 13:53 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
      2010-01-05 13:27 . 2010-01-05 13:31 -------- d-----w- C:\KillBagle
      2010-01-05 13:19 . 2010-01-05 13:19 -------- d-----w- c:\windows\system32\wbem\snmp
      2010-01-05 13:19 . 2010-01-05 13:19 -------- d-----w- c:\windows\system32\xircom
      2010-01-05 13:19 . 2010-01-05 13:19 -------- d-----w- c:\program files\microsoft frontpage
      2010-01-05 12:55 . 2010-01-05 12:55 -------- d-----w- C:\rsit
      2010-01-05 12:36 . 2010-01-05 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
      2010-01-05 08:59 . 2010-01-05 08:59 -------- d-----w- c:\program files\jv16 PowerTools
      2010-01-05 08:50 . 2010-01-05 08:50 -------- d-----w- c:\program files\Trend Micro
      2010-01-05 08:27 . 2010-01-05 08:28 -------- d--h--w- c:\windows\system32\GroupPolicy
      2010-01-05 08:04 . 2010-01-05 08:04 5061520 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
      2010-01-05 08:02 . 2010-01-05 08:02 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
      2010-01-05 08:02 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2010-01-05 08:02 . 2010-01-05 08:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2010-01-05 08:02 . 2010-01-05 08:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
      2010-01-05 08:02 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
      2010-01-05 07:44 . 2010-01-05 08:12 180224 ----a-w- c:\documents and settings\Administrateur\ddaqaea4.exe
      2010-01-05 07:41 . 2010-01-05 07:41 -------- d-----r- C:\JAN
      2010-01-05 07:41 . 2010-01-05 08:11 172032 ----a-w- c:\documents and settings\Administrateur\easddaeu8.exe
      2010-01-05 07:34 . 2010-01-05 07:34 -------- d-----w- c:\program files\Yahoo!
      2010-01-05 07:34 . 2010-01-05 07:35 -------- d-----w- c:\program files\CCleaner
      2010-01-05 07:29 . 2010-01-05 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
      2010-01-01 19:39 . 2010-01-01 20:29 33792 ----a-w- c:\documents and settings\Administrateur\easddaeb8.exe
      2010-01-01 01:00 . 2010-01-01 01:00 -------- d-----w- c:\windows\system32\XPSViewer
      2010-01-01 01:00 . 2010-01-01 01:00 -------- d-----w- c:\program files\Reference Assemblies
      2010-01-01 01:00 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
      2010-01-01 00:59 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
      2010-01-01 00:59 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
      2010-01-01 00:59 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
      2010-01-01 00:59 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
      2010-01-01 00:59 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
      2010-01-01 00:59 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
      2010-01-01 00:59 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
      2010-01-01 00:59 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
      2010-01-01 00:56 . 2010-01-01 00:56 -------- d-----w- c:\program files\MSXML 6.0
      2009-12-31 16:37 . 2009-12-31 16:40 33792 ----a-w- c:\documents and settings\Administrateur\easddaeg8.exe
      2009-12-31 13:27 . 2009-12-31 13:32 -------- d-----w- c:\documents and settings\Administrateur\Application Data\GlarySoft
      2009-12-31 13:14 . 2009-12-31 13:14 -------- d-----w- c:\program files\Glary Utilities
      2009-12-31 13:14 . 2007-01-04 11:02 663552 ----a-w- c:\windows\system32\mgxoschk.dll
      2009-12-31 12:04 . 2009-12-31 16:19 33792 ----a-w- c:\documents and settings\Administrateur\easddaek9.exe
      2009-12-31 01:26 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
      2009-12-31 01:26 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
      2009-12-31 01:26 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
      2009-12-31 01:26 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
      2009-12-31 01:26 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
      2009-12-31 01:26 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
      2009-12-31 01:25 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
      2009-12-31 01:25 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
      2009-12-31 01:25 . 2009-12-31 01:25 -------- d-----w- c:\program files\Alwil Software
      2009-12-31 00:49 . 2009-12-31 00:58 151552 ----a-w- c:\documents and settings\Administrateur\easddaeg9.exe
      2009-12-30 21:15 . 2009-12-30 21:17 2034352 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
      2009-12-30 20:45 . 2010-01-05 08:33 -------- d-----r- C:\JAMA
      2009-12-30 20:45 . 2009-12-30 21:35 139264 ----a-w- c:\documents and settings\Administrateur\easddaee1.exe
      2009-12-30 15:58 . 2009-12-30 15:58 -------- d-----w- c:\windows\ServicePackFiles
      2009-12-29 08:56 . 2010-01-05 12:30 -------- d-----w- c:\windows\system32\CatRoot_bak
      2009-12-29 08:51 . 2009-12-29 08:52 184320 ----a-w- c:\documents and settings\Administrateur\easddaet8.exe
      2009-12-29 07:59 . 2010-01-05 07:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
      2009-12-29 07:57 . 2009-03-06 14:46 286208 ------w- c:\windows\system32\dllcache\pdh.dll
      2009-12-29 07:57 . 2009-02-09 10:20 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
      2009-12-29 07:57 . 2009-02-09 10:20 399360 ------w- c:\windows\system32\dllcache\rpcss.dll
      2009-12-29 07:57 . 2009-02-06 16:54 35328 ------w- c:\windows\system32\dllcache\sc.exe
      2009-12-29 07:57 . 2009-02-06 16:39 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
      2009-12-29 07:57 . 2005-07-26 04:39 60416 ------w- c:\windows\system32\dllcache\colbact.dll
      2009-12-29 07:57 . 2009-02-09 10:20 685056 ------w- c:\windows\system32\dllcache\advapi32.dll
      2009-12-29 07:57 . 2009-02-09 10:20 739840 ------w- c:\windows\system32\dllcache\ntdll.dll
      2009-12-29 07:57 . 2009-02-09 10:20 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
      2009-12-29 07:57 . 2009-02-09 10:08 111104 ------w- c:\windows\system32\dllcache\services.exe
      2009-12-29 07:51 . 2008-10-24 11:10 453632 ------w- c:\windows\system32\dllcache\mrxsmb.sys
      2009-12-29 07:51 . 2009-07-10 13:41 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
      2009-12-29 07:49 . 2009-08-04 17:16 2065024 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
      2009-12-29 07:49 . 2009-08-04 17:16 2188032 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
      2009-12-29 07:49 . 2009-08-04 17:16 2144768 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
      2009-12-29 07:49 . 2009-08-04 17:16 2022912 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
      2009-12-29 07:49 . 2009-06-05 07:46 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
      2009-12-29 07:47 . 2008-06-14 17:59 272768 ------w- c:\windows\system32\drivers\bthport.sys
      2009-12-29 07:47 . 2008-06-14 17:59 272768 ------w- c:\windows\system32\dllcache\bthport.sys
      2009-12-29 07:47 . 2009-12-29 08:15 180224 ----a-w- c:\documents and settings\Administrateur\easddaey9.exe
      2009-12-27 22:17 . 2009-12-27 22:17 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\PCHealth
      2009-12-27 12:54 . 2008-05-08 12:28 202752 ------w- c:\windows\system32\dllcache\rmcast.sys
      2009-12-27 12:54 . 2008-12-11 11:57 333184 ------w- c:\windows\system32\dllcache\srv.sys
      2009-12-27 12:32 . 2008-04-11 18:51 683520 ------w- c:\windows\system32\dllcache\inetcomm.dll
      2009-12-27 12:32 . 2008-04-21 21:27 219136 ------w- c:\windows\system32\dllcache\wordpad.exe
      2009-12-27 12:23 . 2009-08-25 09:47 352256 ------w- c:\windows\system32\dllcache\winhttp.dll
      2009-12-27 12:14 . 2009-07-31 04:58 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
      2009-12-27 12:13 . 2009-12-27 12:13 180224 ----a-w- c:\documents and settings\Administrateur\easddaeg4.exe
      2009-12-26 20:06 . 2008-07-07 20:31 253952 ------w- c:\windows\system32\dllcache\es.dll
      2009-12-26 19:43 . 2008-06-12 14:18 956928 ------w- c:\windows\system32\dllcache\msdtctm.dll
      2009-12-26 19:43 . 2008-06-12 14:18 161792 ------w- c:\windows\system32\dllcache\msdtcuiu.dll
      2009-12-26 19:43 . 2008-06-12 14:18 91648 ------w- c:\windows\system32\dllcache\mtxoci.dll
      2009-12-26 19:43 . 2008-06-12 14:18 66560 ------w- c:\windows\system32\dllcache\mtxclu.dll
      2009-12-26 19:43 . 2008-06-12 14:18 58880 ------w- c:\windows\system32\dllcache\msdtclog.dll
      2009-12-26 19:43 . 2008-06-12 14:18 428032 ------w- c:\windows\system32\dllcache\msdtcprx.dll
      2009-12-26 19:42 . 2009-04-15 15:17 584192 ------w- c:\windows\system32\dllcache\rpcrt4.dll
      2009-12-26 19:42 . 2008-10-15 16:59 332800 ------w- c:\windows\system32\dllcache\netapi32.dll
      2009-12-26 19:41 . 2009-06-21 22:06 153088 ------w- c:\windows\system32\dllcache\triedit.dll
      2009-12-26 19:41 . 2008-05-01 14:31 331776 ------w- c:\windows\system32\dllcache\msadce.dll
      2009-12-26 19:04 . 2009-12-31 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
      2009-12-26 18:25 . 2009-12-26 18:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
      2009-12-26 18:20 . 2009-12-26 18:27 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Temp
      2009-12-26 18:20 . 2009-12-26 18:20 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
      2009-12-26 18:19 . 2009-12-31 13:06 -------- d-----w- c:\program files\Google
      2009-12-26 18:19 . 2009-12-31 13:06 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Google
      2009-12-26 17:40 . 2009-12-26 23:08 180224 ----a-w- c:\documents and settings\Administrateur\easddaea8.exe
      2009-12-24 21:35 . 2009-12-24 21:35 -------- d-s---w- c:\documents and settings\Administrateur\UserData
      2009-12-24 20:09 . 2009-12-24 20:09 -------- d-----r- C:\RESTORIC
      2009-12-24 20:09 . 2009-12-24 21:36 139264 ----a-w- c:\documents and settings\Administrateur\easddaeb1.exe

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2010-01-12 08:16 . 2009-12-05 14:14 -------- d-----w- c:\program files\SuperCopier2
      2010-01-12 08:07 . 2001-09-28 13:00 80946 ----a-w- c:\windows\system32\perfc00C.dat
      2010-01-12 08:07 . 2001-09-28 13:00 501138 ----a-w- c:\windows\system32\perfh00C.dat
      2010-01-06 15:43 . 2009-11-19 17:38 65760 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2010-01-05 13:54 . 2009-12-05 14:15 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Winamp
      2009-12-05 17:03 . 2009-12-05 17:03 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Media Player Classic
      2009-12-05 14:15 . 2009-12-05 13:55 -------- d-----w- c:\program files\Winamp
      2009-12-05 14:00 . 2009-12-05 14:00 -------- d-----w- c:\program files\Real Alternative
      2009-12-05 13:59 . 2009-11-11 08:33 -------- d-----w- c:\program files\Fichiers communs\Real
      2009-12-05 13:58 . 2009-12-05 13:57 -------- d-----w- c:\program files\K-Lite Codec Pack
      2009-12-05 13:58 . 2009-12-05 13:58 0 ----a-w- c:\windows\nsreg.dat
      2009-12-05 13:54 . 2009-12-05 13:54 -------- d-----w- c:\documents and settings\Administrateur\Application Data\vlc
      2009-12-05 13:54 . 2009-12-05 13:54 -------- d-----w- c:\program files\VideoLAN
      2009-11-14 21:10 . 2009-11-11 07:11 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
      2009-11-11 08:19 . 2009-11-11 08:19 0 -c--a-w- c:\windows\ativpsrm.bin
      2009-11-11 07:09 . 2009-11-11 07:09 21892 -c--a-w- c:\windows\system32\emptyregdb.dat
      2009-10-29 07:42 . 2004-08-03 23:54 916480 ----a-w- c:\windows\system32\wininet.dll
      2009-10-21 06:03 . 2004-08-03 23:54 75776 ----a-w- c:\windows\system32\strmfilt.dll
      2009-10-21 06:03 . 2004-08-03 23:54 25088 ----a-w- c:\windows\system32\httpapi.dll
      2009-10-20 16:54 . 2009-10-20 16:54 141912 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
      2009-10-20 14:58 . 2004-08-03 22:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
      .
      0
      1. 3omda_75 Messages postés 28 Statut Membre > 3omda_75 Messages postés 28 Statut Membre
         
        ------- Sigcheck -------

        [-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ctfmon.exe
        [-] 2004-08-03 . 9A8FFEC027A54A8CE63DB61DB617BA61 . 93184 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
        .
        ((((((((((((((((((((((((((((( SnapShot@2010-01-05_13.30.23 )))))))))))))))))))))))))))))))))))))))))
        .
        - 2004-08-03 23:55 . 2004-08-03 23:55 50176 c:\windows\system32\utilman.exe
        + 2004-08-03 23:55 . 2006-10-04 13:32 50176 c:\windows\system32\utilman.exe
        - 2004-08-03 23:54 . 2004-08-03 23:54 36864 c:\windows\system32\umandlg.dll
        + 2004-08-03 23:54 . 2006-10-04 13:38 36864 c:\windows\system32\umandlg.dll
        + 2009-11-11 07:18 . 2009-01-07 17:21 26144 c:\windows\system32\spupdsvc.exe
        + 2009-08-19 10:11 . 2008-07-01 10:06 40960 c:\windows\system32\spool\drivers\w32x86\3\SQ0BUR.DLL
        + 2009-08-19 10:11 . 2008-07-09 01:47 40960 c:\windows\system32\spool\drivers\w32x86\3\SQ0BUP29.DLL
        + 2009-08-19 10:11 . 2008-07-09 01:48 24576 c:\windows\system32\spool\drivers\w32x86\3\SQ0BUP2.DLL
        + 2009-08-19 10:11 . 2008-07-09 01:51 24576 c:\windows\system32\spool\drivers\w32x86\3\SQ0BUN.DLL
        + 2009-08-19 10:11 . 2008-06-18 09:48 72737 c:\windows\system32\spool\drivers\w32x86\3\SQ0BU.DLL
        + 2009-08-19 10:11 . 2008-07-02 03:09 49152 c:\windows\system32\spool\drivers\w32x86\3\SQ0BSTMN.DLL
        + 2009-08-19 10:11 . 2002-03-13 04:04 49152 c:\windows\system32\spool\drivers\w32x86\3\SQ0BMTNT.DLL
        + 2009-08-19 10:11 . 2008-07-02 13:05 40960 c:\windows\system32\spool\drivers\w32x86\3\SQ0BLMSW.EXE
        + 2009-08-19 10:11 . 2008-04-18 09:34 81920 c:\windows\system32\spool\drivers\w32x86\3\SQ0BLMIF.DLL
        + 2009-08-19 10:11 . 2008-07-16 00:56 73728 c:\windows\system32\spool\drivers\w32x86\3\SQ0BGC.DLL
        + 2009-08-19 10:11 . 2008-04-18 09:31 57344 c:\windows\system32\spool\drivers\w32x86\3\SQ0BCPIF.DLL
        + 2009-08-19 10:11 . 2008-07-02 13:05 24576 c:\windows\system32\spool\drivers\w32x86\3\SQ0BCFNC.DLL
        + 2009-11-11 07:20 . 2009-01-07 17:21 17952 c:\windows\system32\spmsg.dll
        + 2004-08-03 23:54 . 2009-03-08 03:31 46592 c:\windows\system32\pngfilt.dll
        - 2001-09-28 13:00 . 2010-01-05 13:23 67646 c:\windows\system32\perfc009.dat
        + 2001-09-28 13:00 . 2010-01-12 08:07 67646 c:\windows\system32\perfc009.dat
        + 2009-01-07 17:20 . 2009-01-07 17:20 23552 c:\windows\system32\normaliz.dll
        + 2009-01-07 17:20 . 2009-01-07 17:20 24576 c:\windows\system32\nlsdl.dll
        - 2004-08-03 23:55 . 2004-08-03 23:55 55296 c:\windows\system32\narrator.exe
        + 2004-08-03 23:55 . 2006-10-04 13:32 55296 c:\windows\system32\narrator.exe
        + 2004-08-03 23:53 . 2009-03-08 03:31 48128 c:\windows\system32\mshtmler.dll
        + 2004-08-03 23:54 . 2009-03-08 03:31 66560 c:\windows\system32\mshtmled.dll
        + 2004-08-03 23:54 . 2009-03-08 03:31 45568 c:\windows\system32\mshta.exe
        + 2009-03-08 03:31 . 2009-03-08 03:31 13312 c:\windows\system32\msfeedssync.exe
        + 2009-03-08 03:31 . 2009-10-29 07:42 55296 c:\windows\system32\msfeedsbs.dll
        - 2004-08-03 23:54 . 2004-08-03 23:54 73216 c:\windows\system32\magnify.exe
        + 2004-08-03 23:54 . 2006-10-04 13:32 73216 c:\windows\system32\magnify.exe
        + 2010-01-06 08:06 . 2010-01-06 08:06 85173 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
        + 2004-08-03 23:54 . 2009-03-08 03:34 43008 c:\windows\system32\licmgr10.dll
        + 2004-08-03 23:54 . 2009-10-29 07:42 25600 c:\windows\system32\jsproxy.dll
        + 2004-08-03 23:54 . 2009-03-08 03:32 94720 c:\windows\system32\inseng.dll
        + 2004-08-03 23:54 . 2009-03-08 03:31 34816 c:\windows\system32\imgutil.dll
        + 2009-03-08 03:32 . 2009-03-08 03:32 36864 c:\windows\system32\ieudinit.exe
        + 2004-08-03 23:54 . 2009-03-08 03:32 71680 c:\windows\system32\iesetup.dll
        + 2004-08-03 23:54 . 2009-03-08 03:32 55808 c:\windows\system32\iernonce.dll
        + 2009-01-07 17:20 . 2009-01-07 17:20 26112 c:\windows\system32\idndl.dll
        + 2009-03-08 03:31 . 2009-03-08 03:31 59904 c:\windows\system32\icardie.dll
        + 2006-10-04 13:32 . 2006-10-04 13:32 50176 c:\windows\system32\DllCache\utilman.exe
        + 2006-10-04 13:38 . 2006-10-04 13:38 36864 c:\windows\system32\DllCache\umandlg.dll
        + 2009-10-29 05:46 . 2009-03-08 03:31 46592 c:\windows\system32\DllCache\pngfilt.dll
        + 2006-10-04 13:32 . 2006-10-04 13:32 55296 c:\windows\system32\DllCache\narrator.exe
        + 2009-03-08 03:31 . 2009-03-08 03:31 48128 c:\windows\system32\DllCache\mshtmler.dll
        + 2009-10-29 05:46 . 2009-03-08 03:31 66560 c:\windows\system32\DllCache\mshtmled.dll
        + 2009-03-08 03:31 . 2009-03-08 03:31 45568 c:\windows\system32\DllCache\mshta.exe
        + 2006-10-04 13:32 . 2006-10-04 13:32 73216 c:\windows\system32\DllCache\magnify.exe
        + 2009-03-08 03:34 . 2009-03-08 03:34 43008 c:\windows\system32\DllCache\licmgr10.dll
        + 2009-10-29 05:46 . 2009-10-29 07:42 25600 c:\windows\system32\DllCache\jsproxy.dll
        + 2009-10-29 05:46 . 2009-03-08 03:32 94720 c:\windows\system32\DllCache\inseng.dll
        + 2009-03-08 03:31 . 2009-03-08 03:31 34816 c:\windows\system32\DllCache\imgutil.dll
        + 2009-03-08 03:32 . 2009-03-08 03:32 71680 c:\windows\system32\DllCache\iesetup.dll
        + 2009-03-08 03:32 . 2009-03-08 03:32 55808 c:\windows\system32\DllCache\iernonce.dll
        + 2009-03-08 03:24 . 2009-03-08 03:24 68608 c:\windows\system32\DllCache\hmmapi.dll
        + 2009-03-08 03:33 . 2009-03-08 03:33 18944 c:\windows\system32\DllCache\corpol.dll
        + 2009-03-08 03:32 . 2009-03-08 03:32 72704 c:\windows\system32\DllCache\admparse.dll
        + 2004-08-03 23:54 . 2009-03-08 03:33 18944 c:\windows\system32\corpol.dll
        + 2004-08-03 23:54 . 2009-03-08 03:32 72704 c:\windows\system32\admparse.dll
        + 2010-01-05 14:00 . 2009-03-08 03:33 12288 c:\windows\ie8updates\KB976325-IE8\xpshims.dll
        + 2010-01-05 14:00 . 2009-03-08 03:31 55296 c:\windows\ie8updates\KB976325-IE8\msfeedsbs.dll
        + 2010-01-05 14:00 . 2009-03-08 03:33 25600 c:\windows\ie8updates\KB976325-IE8\jsproxy.dll
        + 2010-01-05 13:58 . 2004-08-03 23:54 37888 c:\windows\ie8\url.dll
        + 2010-01-05 13:59 . 2009-03-08 15:14 58448 c:\windows\ie8\spuninst\iecustom.dll
        + 2010-01-05 13:58 . 2009-10-29 05:46 39424 c:\windows\ie8\pngfilt.dll
        + 2010-01-05 13:58 . 2004-08-03 23:54 97280 c:\windows\ie8\occache.dll
        + 2010-01-05 13:58 . 2004-08-03 23:53 57344 c:\windows\ie8\mshtmler.dll
        + 2010-01-05 13:58 . 2004-08-03 23:54 22528 c:\windows\ie8\licmgr10.dll
        + 2010-01-05 13:58 . 2009-10-29 05:46 16384 c:\windows\ie8\jsproxy.dll
        + 2010-01-05 13:58 . 2009-10-29 05:46 96768 c:\windows\ie8\inseng.dll
        + 2010-01-05 13:58 . 2004-08-03 23:54 35840 c:\windows\ie8\imgutil.dll
        + 2010-01-05 13:58 . 2004-08-03 23:54 63488 c:\windows\ie8\iesetup.dll
        + 2010-01-05 13:58 . 2004-08-03 23:54 49152 c:\windows\ie8\iernonce.dll
        + 2010-01-05 13:58 . 2009-09-25 05:54 81920 c:\windows\ie8\ieencode.dll
        + 2010-01-05 13:58 . 2004-08-03 23:54 34304 c:\windows\ie8\ie4uinit.exe
        + 2010-01-05 13:58 . 2004-08-03 23:54 38912 c:\windows\ie8\hmmapi.dll
        + 2010-01-05 13:58 . 2004-08-03 23:54 35328 c:\windows\ie8\corpol.dll
        + 2010-01-05 13:58 . 2004-08-03 23:54 61440 c:\windows\ie8\admparse.dll
        + 2010-01-06 07:01 . 2010-01-06 07:01 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
        + 2010-01-06 07:43 . 2010-01-06 07:43 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
        + 2010-01-06 07:43 . 2010-01-06 07:43 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
        + 2010-01-06 07:42 . 2010-01-06 07:42 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
        + 2010-01-06 07:42 . 2010-01-06 07:42 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
        + 2010-01-06 06:59 . 2010-01-06 06:59 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
        + 2010-01-06 06:59 . 2010-01-06 06:59 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
        + 2010-01-06 07:43 . 2010-01-06 07:43 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
        + 2010-01-06 07:42 . 2010-01-06 07:42 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
        + 2010-01-06 07:41 . 2010-01-06 07:41 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
        + 2010-01-06 07:41 . 2010-01-06 07:41 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
        + 2010-01-06 07:41 . 2010-01-06 07:41 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
        + 2009-08-19 10:11 . 2008-06-05 02:01 1912 c:\windows\system32\spool\drivers\w32x86\3\SQ0BWMS1.DAT
        + 2009-08-19 10:11 . 2008-07-03 09:01 5749 c:\windows\system32\spool\drivers\w32x86\3\SQ0BUEP.DAT
        + 2009-08-19 10:11 . 2002-11-01 00:09 1506 c:\windows\system32\spool\drivers\w32x86\3\SQ0BSTMN.DAT
        + 2009-08-19 10:11 . 2008-07-02 00:34 9260 c:\windows\system32\spool\drivers\w32x86\3\SQ0BPIS1.DAT
        + 2009-08-19 10:11 . 2008-06-23 01:44 9437 c:\windows\system32\spool\drivers\w32x86\3\SQ0BNP2.DAT
        + 2009-08-19 10:11 . 2004-12-17 14:34 4796 c:\windows\system32\spool\drivers\w32x86\3\SQ0BGCT.DAT
        + 2009-08-19 10:11 . 2008-07-09 03:12 2976 c:\windows\system32\spool\drivers\w32x86\3\SQ0B_RLV.DAT
        + 2010-01-05 14:00 . 2009-03-08 03:35 2048 c:\windows\ie8updates\KB975364-IE8\iecompat.dll
        0
      2. 3omda_75 Messages postés 28 Statut Membre > 3omda_75 Messages postés 28 Statut Membre
         
        + 2010-01-05 16:10 . 2010-01-05 16:10 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
        + 2009-01-07 17:21 . 2009-01-07 17:21 121856 c:\windows\system32\xmllite.dll
        + 2009-03-08 03:34 . 2009-03-08 03:34 208384 c:\windows\system32\WinFXDocObj.exe
        + 2004-08-03 23:54 . 2009-03-08 03:34 236544 c:\windows\system32\webcheck.dll
        + 2004-08-03 23:54 . 2009-03-08 03:33 420352 c:\windows\system32\vbscript.dll
        + 2004-08-03 23:54 . 2009-03-08 03:34 105984 c:\windows\system32\url.dll
        + 2009-08-19 10:11 . 2008-07-01 10:05 122880 c:\windows\system32\spool\drivers\w32x86\3\SQ0BUSR.DLL
        + 2009-08-19 10:11 . 2008-07-09 01:51 532480 c:\windows\system32\spool\drivers\w32x86\3\SQ0BUP.DLL
        + 2009-08-19 10:11 . 2008-07-09 01:51 307200 c:\windows\system32\spool\drivers\w32x86\3\SQ0BUD.DLL
        + 2009-08-19 10:11 . 2008-05-22 01:12 172032 c:\windows\system32\spool\drivers\w32x86\3\SQ0BSTMN.EXE
        + 2009-08-19 10:11 . 2008-05-29 08:11 126976 c:\windows\system32\spool\drivers\w32x86\3\SQ0BLMON.DLL
        + 2009-08-19 10:11 . 2008-05-27 08:28 110592 c:\windows\system32\spool\drivers\w32x86\3\SQ0BGD.DLL
        + 2009-08-19 10:11 . 2008-07-16 00:56 450560 c:\windows\system32\spool\drivers\w32x86\3\SQ0BGCP.DLL
        + 2009-08-19 10:11 . 2005-10-22 05:15 131072 c:\windows\system32\spool\drivers\w32x86\3\SQ0B2CMM.DLL
        + 2009-08-19 10:11 . 2005-10-22 05:16 122880 c:\windows\system32\spool\drivers\w32x86\3\SQ0B2C32.DLL
        + 2009-08-19 10:11 . 2005-08-02 00:09 126976 c:\windows\system32\spool\drivers\w32x86\3\SQ0B2BIM.DLL
        - 2001-09-28 13:00 . 2010-01-05 13:23 432690 c:\windows\system32\perfh009.dat
        + 2001-09-28 13:00 . 2010-01-12 08:07 432690 c:\windows\system32\perfh009.dat
        - 2004-08-03 23:55 . 2004-08-03 23:55 216576 c:\windows\system32\osk.exe
        + 2004-08-03 23:55 . 2006-10-04 13:32 216576 c:\windows\system32\osk.exe
        + 2004-08-03 23:54 . 2009-10-29 07:42 206848 c:\windows\system32\occache.dll
        + 2004-08-03 23:54 . 2009-03-08 03:32 611840 c:\windows\system32\mstime.dll
        + 2004-08-03 23:54 . 2009-03-08 03:34 193536 c:\windows\system32\msrating.dll
        + 2001-09-28 13:00 . 2009-03-08 03:22 156160 c:\windows\system32\msls31.dll
        + 2009-03-08 03:32 . 2009-10-29 07:42 594432 c:\windows\system32\msfeeds.dll
        + 2009-01-07 17:20 . 2009-01-07 17:20 265720 c:\windows\system32\msdbg2.dll
        + 2004-08-03 23:54 . 2008-02-26 12:00 294912 c:\windows\system32\msctf.dll
        + 2009-10-28 03:40 . 2009-10-28 03:40 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
        + 2004-08-03 23:54 . 2009-06-22 06:47 726528 c:\windows\system32\jscript.dll
        + 2009-03-08 03:22 . 2009-03-08 03:22 164352 c:\windows\system32\ieui.dll
        + 2004-08-03 23:54 . 2009-10-29 07:42 184320 c:\windows\system32\iepeers.dll
        + 2004-08-03 23:54 . 2009-10-29 07:42 387584 c:\windows\system32\iedkcs32.dll
        + 2009-03-08 03:11 . 2009-03-08 03:11 445952 c:\windows\system32\ieapfltr.dll
        + 2001-09-28 13:00 . 2009-03-08 03:32 163840 c:\windows\system32\ieakui.dll
        + 2004-08-03 23:54 . 2009-03-08 03:33 229376 c:\windows\system32\ieaksie.dll
        + 2004-08-03 23:54 . 2009-03-08 03:33 125952 c:\windows\system32\ieakeng.dll
        + 2004-08-03 23:54 . 2009-10-28 14:40 173056 c:\windows\system32\ie4uinit.exe
        + 2004-08-03 23:54 . 2009-03-08 03:31 216064 c:\windows\system32\dxtrans.dll
        + 2004-08-03 23:54 . 2009-03-08 03:31 348160 c:\windows\system32\dxtmsft.dll
        + 2009-10-29 05:46 . 2009-10-29 07:42 916480 c:\windows\system32\DllCache\wininet.dll
        + 2009-03-08 03:34 . 2009-03-08 03:34 236544 c:\windows\system32\DllCache\webcheck.dll
        + 2009-03-08 03:33 . 2009-03-08 03:33 759296 c:\windows\system32\DllCache\VGX.dll
        + 2007-12-18 14:41 . 2009-03-08 03:33 420352 c:\windows\system32\DllCache\vbscript.dll
        + 2009-03-08 03:34 . 2009-03-08 03:34 105984 c:\windows\system32\DllCache\url.dll
        + 2009-01-07 17:20 . 2009-01-07 17:20 134144 c:\windows\system32\DllCache\sqmapi.dll
        + 2006-10-04 13:32 . 2006-10-04 13:32 216576 c:\windows\system32\DllCache\osk.exe
        + 2009-03-08 03:34 . 2009-10-29 07:42 206848 c:\windows\system32\DllCache\occache.dll
        + 2009-10-29 05:46 . 2009-03-08 03:32 611840 c:\windows\system32\DllCache\mstime.dll
        + 2009-10-29 05:46 . 2009-03-08 03:34 193536 c:\windows\system32\DllCache\msrating.dll
        + 2009-03-08 03:22 . 2009-03-08 03:22 156160 c:\windows\system32\DllCache\msls31.dll
        + 2008-02-26 12:00 . 2008-02-26 12:00 294912 c:\windows\system32\DllCache\msctf.dll
        + 2007-12-18 14:41 . 2009-06-22 06:47 726528 c:\windows\system32\DllCache\jscript.dll
        + 2009-03-08 13:09 . 2009-03-08 13:09 638816 c:\windows\system32\DllCache\iexplore.exe
        + 2009-10-29 05:46 . 2009-10-29 07:42 184320 c:\windows\system32\DllCache\iepeers.dll
        + 2009-03-08 13:09 . 2009-10-29 07:42 387584 c:\windows\system32\DllCache\iedkcs32.dll
        + 2009-03-08 03:32 . 2009-03-08 03:32 163840 c:\windows\system32\DllCache\ieakui.dll
        + 2009-03-08 03:33 . 2009-03-08 03:33 229376 c:\windows\system32\DllCache\ieaksie.dll
        + 2009-03-08 03:33 . 2009-03-08 03:33 125952 c:\windows\system32\DllCache\ieakeng.dll
        + 2009-03-08 03:32 . 2009-10-28 14:40 173056 c:\windows\system32\DllCache\ie4uinit.exe
        + 2009-10-29 05:46 . 2009-03-08 03:31 216064 c:\windows\system32\DllCache\dxtrans.dll
        + 2009-10-29 05:46 . 2009-03-08 03:31 348160 c:\windows\system32\DllCache\dxtmsft.dll
        + 2009-03-08 03:32 . 2009-03-08 03:32 128512 c:\windows\system32\DllCache\advpack.dll
        + 2004-08-03 23:54 . 2009-03-08 03:32 128512 c:\windows\system32\advpack.dll
        + 2009-08-07 22:51 . 2009-08-07 22:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
        + 2010-01-05 16:08 . 2010-01-05 16:08 969728 c:\windows\Installer\710f0a.msi
        + 2009-03-20 10:48 . 2009-03-20 10:48 183808 c:\windows\Installer\710ef7.msp
        + 2010-01-05 14:00 . 2009-03-08 03:34 914944 c:\windows\ie8updates\KB976325-IE8\wininet.dll
        + 2010-01-05 14:00 . 2009-05-26 11:40 406392 c:\windows\ie8updates\KB976325-IE8\spuninst\updspapi.dll
        + 2010-01-05 14:00 . 2009-05-26 11:40 234872 c:\windows\ie8updates\KB976325-IE8\spuninst\spuninst.exe
        + 2010-01-05 14:00 . 2009-03-08 03:34 109568 c:\windows\ie8updates\KB976325-IE8\occache.dll
        + 2010-01-05 14:00 . 2009-03-08 03:32 594432 c:\windows\ie8updates\KB976325-IE8\msfeeds.dll
        + 2010-01-05 14:00 . 2009-03-08 03:33 246784 c:\windows\ie8updates\KB976325-IE8\ieproxy.dll
        + 2010-01-05 14:00 . 2009-03-08 03:31 183808 c:\windows\ie8updates\KB976325-IE8\iepeers.dll
        + 2010-01-05 14:00 . 2009-03-08 13:09 391536 c:\windows\ie8updates\KB976325-IE8\iedkcs32.dll
        + 2010-01-05 14:00 . 2009-03-08 03:32 173056 c:\windows\ie8updates\KB976325-IE8\ie4uinit.exe
        + 2010-01-05 14:00 . 2009-05-26 11:40 406392 c:\windows\ie8updates\KB975364-IE8\spuninst\updspapi.dll
        + 2010-01-05 14:00 . 2009-05-26 11:40 234872 c:\windows\ie8updates\KB975364-IE8\spuninst\spuninst.exe
        + 2010-01-06 15:19 . 2008-07-08 13:04 406392 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
        + 2010-01-06 15:19 . 2008-07-08 13:03 234872 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
        + 2010-01-06 15:19 . 2009-03-08 03:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
        + 2010-01-05 13:58 . 2009-10-29 05:46 666112 c:\windows\ie8\wininet.dll
        + 2010-01-05 13:58 . 2004-08-03 23:54 281600 c:\windows\ie8\webcheck.dll
        + 2010-01-05 13:58 . 2004-08-03 23:54 848384 c:\windows\ie8\vgx.dll
        + 2010-01-05 13:58 . 2007-12-18 14:41 417792 c:\windows\ie8\vbscript.dll
        + 2010-01-05 13:58 . 2009-10-29 05:46 626688 c:\windows\ie8\urlmon.dll
        + 2010-01-05 13:59 . 2009-01-07 17:21 406048 c:\windows\ie8\spuninst\updspapi.dll
        + 2010-01-05 13:59 . 2009-01-07 17:21 235040 c:\windows\ie8\spuninst\spuninst.exe
        + 2010-01-05 13:58 . 2009-10-29 05:46 532480 c:\windows\ie8\mstime.dll
        + 2010-01-05 13:58 . 2009-10-29 05:46 146432 c:\windows\ie8\msrating.dll
        + 2010-01-05 13:58 . 2001-09-28 13:00 146432 c:\windows\ie8\msls31.dll
        + 2010-01-05 13:58 . 2009-10-29 05:46 449024 c:\windows\ie8\mshtmled.dll
        + 2010-01-05 13:58 . 2004-08-03 23:54 107008 c:\windows\ie8\mshta.exe
        + 2010-01-05 13:58 . 2009-08-21 06:51 450560 c:\windows\ie8\jscript.dll
        + 2010-01-05 13:58 . 2004-08-03 23:54 162816 c:\windows\ie8\iexplore.exe
        + 2010-01-05 13:58 . 2009-10-29 05:46 251392 c:\windows\ie8\iepeers.dll
        + 2010-01-05 13:58 . 2004-08-03 23:54 323584 c:\windows\ie8\iedkcs32.dll
        + 2010-01-05 13:58 . 2001-09-28 13:00 245760 c:\windows\ie8\ieakui.dll
        + 2010-01-05 13:58 . 2004-08-03 23:54 221696 c:\windows\ie8\ieaksie.dll
        + 2010-01-05 13:58 . 2004-08-03 23:54 139264 c:\windows\ie8\ieakeng.dll
        + 2010-01-05 13:58 . 2009-10-29 05:46 205312 c:\windows\ie8\dxtrans.dll
        + 2010-01-05 13:58 . 2009-10-29 05:46 357888 c:\windows\ie8\dxtmsft.dll
        + 2010-01-05 13:58 . 2004-08-03 23:54 101888 c:\windows\ie8\advpack.dll
        + 2010-01-06 07:41 . 2010-01-06 07:41 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
        + 2010-01-06 07:01 . 2010-01-06 07:01 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
        + 2010-01-06 07:01 . 2010-01-06 07:01 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
        + 2010-01-06 07:01 . 2010-01-06 07:01 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
        + 2010-01-06 07:43 . 2010-01-06 07:43 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
        + 2010-01-06 07:43 . 2010-01-06 07:43 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
        + 2010-01-06 07:43 . 2010-01-06 07:43 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
        + 2010-01-06 07:43 . 2010-01-06 07:43 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
        + 2010-01-06 07:43 . 2010-01-06 07:43 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
        + 2010-01-06 07:43 . 2010-01-06 07:43 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
        + 2010-01-06 07:43 . 2010-01-06 07:43 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
        + 2010-01-06 07:43 . 2010-01-06 07:43 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
        + 2010-01-06 07:43 . 2010-01-06 07:43 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
        + 2010-01-06 07:43 . 2010-01-06 07:43 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
        + 2010-01-06 07:42 . 2010-01-06 07:42 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
        + 2010-01-06 07:43 . 2010-01-06 07:43 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
        + 2010-01-06 07:43 . 2010-01-06 07:43 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
        + 2010-01-06 07:43 . 2010-01-06 07:43 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
        + 2010-01-06 07:43 . 2010-01-06 07:43 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
        + 2010-01-06 07:41 . 2010-01-06 07:41 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
        + 2010-01-06 07:41 . 2010-01-06 07:41 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
        + 2010-01-06 07:42 . 2010-01-06 07:42 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
        + 2010-01-06 07:42 . 2010-01-06 07:42 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
        + 2010-01-06 07:00 . 2010-01-06 07:00 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
        + 2010-01-06 07:42 . 2010-01-06 07:42 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
        + 2010-01-06 07:42 . 2010-01-06 07:42 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
        + 2010-01-06 07:42 . 2010-01-06 07:42 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
        + 2010-01-06 07:42 . 2010-01-06 07:42 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
        + 2010-01-06 07:42 . 2010-01-06 07:42 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
        + 2010-01-06 07:42 . 2010-01-06 07:42 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
        + 2010-01-06 07:41 . 2010-01-06 07:41 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
        + 2010-01-06 07:43 . 2010-01-06 07:43 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
        + 2010-01-06 07:42 . 2010-01-06 07:42 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
        + 2010-01-06 07:41 . 2010-01-06 07:41 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
        + 2010-01-06 07:41 . 2010-01-06 07:41 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
        + 2010-01-06 07:41 . 2010-01-06 07:41 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
        + 2010-01-06 07:00 . 2010-01-06 07:00 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
        + 2010-01-06 07:00 . 2010-01-06 07:00 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
        + 2010-01-06 07:00 . 2010-01-06 07:00 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
        + 2010-01-06 07:00 . 2010-01-06 07:00 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
        + 2010-01-06 07:41 . 2010-01-06 07:41 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
        + 2010-01-06 07:41 . 2010-01-06 07:41 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
        + 2010-01-06 07:42 . 2010-01-06 07:42 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
        + 2010-01-06 07:42 . 2010-01-06 07:42 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
        + 2010-01-06 07:42 . 2010-01-06 07:42 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
        + 2010-01-06 07:42 . 2010-01-06 07:42 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
        + 2010-01-06 07:42 . 2010-01-06 07:42 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
        + 2010-01-06 07:41 . 2010-01-06 07:41 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
        + 2010-01-06 07:41 . 2010-01-06 07:41 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
        0
      3. 3omda_75 Messages postés 28 Statut Membre > 3omda_75 Messages postés 28 Statut Membre
         
        - 2010-01-03 14:28 . 2010-01-03 14:28 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
        + 2004-08-03 23:54 . 2009-10-29 07:42 1208832 c:\windows\system32\urlmon.dll
        + 2009-08-19 10:11 . 2008-07-09 01:51 2174976 c:\windows\system32\spool\drivers\w32x86\3\SQ0BUBR.DLL
        + 2009-08-19 16:07 . 2009-08-19 16:07 1415000 c:\windows\system32\msxml6.dll
        + 2004-08-03 23:54 . 2009-10-29 07:42 5940736 c:\windows\system32\mshtml.dll
        + 2009-10-28 03:40 . 2009-10-28 03:40 3885984 c:\windows\system32\Macromed\Flash\NPSWF32.dll
        + 2009-03-08 03:32 . 2009-10-29 07:42 1985536 c:\windows\system32\iertutil.dll
        + 2009-02-06 20:07 . 2009-02-06 20:07 3698584 c:\windows\system32\ieapfltr.dat
        + 2009-10-29 05:46 . 2009-10-29 07:42 1208832 c:\windows\system32\DllCache\urlmon.dll
        + 2009-10-29 05:46 . 2009-10-29 07:42 5940736 c:\windows\system32\DllCache\mshtml.dll
        + 2009-08-07 22:51 . 2009-08-07 22:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
        - 2008-11-25 03:59 . 2008-11-25 03:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
        + 2009-08-07 22:51 . 2009-08-07 22:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
        + 2010-01-05 14:00 . 2009-03-08 03:34 1206784 c:\windows\ie8updates\KB976325-IE8\urlmon.dll
        + 2010-01-05 14:00 . 2009-03-08 03:41 5937152 c:\windows\ie8updates\KB976325-IE8\mshtml.dll
        + 2010-01-05 14:00 . 2009-03-08 03:32 1985024 c:\windows\ie8updates\KB976325-IE8\iertutil.dll
        + 2010-01-05 13:58 . 2009-10-29 05:46 3084288 c:\windows\ie8\mshtml.dll
        + 2010-01-06 06:59 . 2010-01-06 06:59 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll
        + 2010-01-06 07:01 . 2010-01-06 07:01 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll
        + 2010-01-06 06:59 . 2010-01-06 06:59 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
        + 2010-01-06 07:01 . 2010-01-06 07:01 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
        + 2010-01-06 07:43 . 2010-01-06 07:43 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
        + 2010-01-06 07:43 . 2010-01-06 07:43 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
        + 2010-01-06 07:43 . 2010-01-06 07:43 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
        + 2010-01-06 07:43 . 2010-01-06 07:43 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
        + 2010-01-06 07:43 . 2010-01-06 07:43 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
        + 2010-01-06 07:43 . 2010-01-06 07:43 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll
        + 2010-01-06 07:43 . 2010-01-06 07:43 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
        + 2010-01-06 07:00 . 2010-01-06 07:00 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll
        + 2010-01-06 07:43 . 2010-01-06 07:43 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
        + 2010-01-06 07:41 . 2010-01-06 07:41 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
        + 2010-01-06 07:00 . 2010-01-06 07:00 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll
        + 2010-01-06 07:41 . 2010-01-06 07:41 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll
        + 2010-01-06 07:00 . 2010-01-06 07:00 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
        + 2010-01-06 07:42 . 2010-01-06 07:42 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
        + 2010-01-06 07:42 . 2010-01-06 07:42 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll
        + 2010-01-06 07:00 . 2010-01-06 07:00 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll
        + 2010-01-06 07:42 . 2010-01-06 07:42 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
        + 2010-01-06 07:42 . 2010-01-06 07:42 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
        + 2010-01-06 07:00 . 2010-01-06 07:00 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll
        + 2010-01-06 07:42 . 2010-01-06 07:42 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
        + 2010-01-06 07:00 . 2010-01-06 07:00 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll
        + 2010-01-06 07:00 . 2010-01-06 07:00 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll
        + 2010-01-06 07:00 . 2010-01-06 07:00 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll
        + 2010-01-06 06:59 . 2010-01-06 06:59 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll
        + 2010-01-06 07:42 . 2010-01-06 07:42 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll
        + 2010-01-06 07:41 . 2010-01-06 07:41 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll
        + 2010-01-06 07:43 . 2010-01-06 07:43 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
        + 2010-01-06 07:42 . 2010-01-06 07:42 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll
        + 2010-01-06 07:42 . 2010-01-06 07:42 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
        + 2010-01-06 07:41 . 2010-01-06 07:41 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
        - 2010-01-03 14:28 . 2010-01-03 14:28 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
        + 2010-01-05 16:10 . 2010-01-05 16:10 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
        + 2010-01-05 13:57 . 2009-12-01 11:06 25966024 c:\windows\system32\MRT.exe
        + 2009-03-08 03:39 . 2009-10-29 07:42 11069952 c:\windows\system32\ieframe.dll
        + 2009-08-14 19:32 . 2009-08-14 19:32 11110912 c:\windows\Installer\710f17.msp
        + 2010-01-05 14:00 . 2009-03-08 03:39 11063808 c:\windows\ie8updates\KB976325-IE8\ieframe.dll
        + 2010-01-06 07:01 . 2010-01-06 07:01 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
        + 2010-01-06 07:43 . 2010-01-06 07:43 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
        + 2010-01-06 07:41 . 2010-01-06 07:41 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll
        + 2010-01-06 07:00 . 2010-01-06 07:00 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll
        + 2010-01-06 07:00 . 2010-01-06 07:00 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll
        + 2010-01-06 06:59 . 2010-01-06 06:59 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll
        + 2010-01-06 06:59 . 2010-01-06 06:59 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
        .
        -- Instantané actualisé --
        .
        ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
        REGEDIT4

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-06-09 82224]
        "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 251184]
        "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1114112]
        "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-30 511312]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 93184]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
        "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

        c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
        DosÿOptimizer.pif [2007-4-8 377344]

        c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
        BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-3-31 643072]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
        "EnableLUA"= 0 (0x0)

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
        "DisableTaskMgr"= 1 (0x1)
        "DisableRegistryTools"= 1 (0x1)

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
        "HonorAutoRunSetting"= 0 (0x0)

        [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Dos Optimizer.pif]
        path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
        backup=c:\windows\pss\Dos Optimizer.pifStartup

        [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^¡¡¡¡¡¡.lnk]
        path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\¡¡¡¡¡¡.lnk
        backup=c:\windows\pss\¡¡¡¡¡¡.lnkStartup

        [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
        path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
        backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
        2008-05-14 10:26 251184 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
        2008-04-04 15:09 1114112 ----a-r- c:\program files\Analog Devices\Core\smax4pnp.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
        2008-01-21 11:17 143360 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
        2008-03-27 18:28 1216512 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
        2009-07-01 16:37 111616 ----a-w- c:\program files\Winamp\winampa.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
        "gupdate"=2 (0x2)
        "Com4QLBEx"=3 (0x3)

        [HKEY_LOCAL_MACHINE\software\microsoft\security center]
        "AntiVirusOverride"=dword:00000001
        "FirewallOverride"=dword:00000001

        [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
        "AntiVirusOverride"=dword:00000001
        "AntiVirusDisableNotify"=dword:00000001
        "FirewallDisableNotify"=dword:00000001
        "FirewallOverride"=dword:00000001
        "UpdatesDisableNotify"=dword:00000001
        "UacDisableNotify"=dword:00000001

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
        "EnableFirewall"= 0 (0x0)

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\system32\\sessmgr.exe"=
        "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
        "c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"=
        "c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
        "c:\\PROGRA~1\\WIDCOMM\\BLUETO~1\\BTSTAC~1.EXE"=
        "c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"=
        "c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
        "c:\\WINDOWS\\system32\\SNDVOL32.EXE"=
        "c:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"=
        "c:\\WINDOWS\\system32\\AccelerometerSt.Exe"=
        "c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe"=
        "c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\ccc.exe"=
        "c:\\Program Files\\Winamp\\winampa.exe"=
        "c:\\Program Files\\SuperCopier2\\SuperCopier2.exe"=
        "c:\\Documents and Settings\\Administrateur\\Menu Démarrer\\Programmes\\Démarrage\\Dos Optimizer.pif"=
        "c:\\WINDOWS\\system32\\regsvr32.exe"=
        "c:\\Program Files\\Hewlett-Packard\\HP Quick Launch Buttons\\QlbCtrl.exe"=
        "c:\\Documents and Settings\\Administrateur\\easddaea8.exe"=
        "c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
        "c:\\WINDOWS\\system32\\dwwin.exe"=
        "c:\\Program Files\\Windows Media Player\\setup_wm.exe"=
        "c:\\Program Files\\Hewlett-Packard\\HP Quick Launch Buttons\\Com4QLBEx.exe"=
        "c:\\Program Files\\Hewlett-Packard\\Shared\\hpqwmiex.exe"=
        "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe"=

        R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [11/11/2009 09:12 24064]
        R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31/12/2009 02:26 114768]
        R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/12/2009 02:26 20560]
        R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [05/01/2010 09:02 235344]
        R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\qmgnjn.sys --> c:\windows\system32\drivers\qmgnjn.sys [?]
        R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [05/01/2010 09:02 19160]
        S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [21/06/2007 04:40 56448]
        S4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [11/11/2009 08:40 275760]
        S4 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/12/2009 19:19 205296]

        --- Autres Services/Pilotes en mémoire ---

        *Deregistered* - mchInjDrv

        [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67KLN5J0-4OPM-65WE-KKX5-313QWE24444}]
        2009-12-26 12:31 102400 ----a-w- c:\restoric\RECYCLER\X0R.exe
        .
        Contenu du dossier 'Tâches planifiées'

        2010-01-12 c:\windows\Tasks\GlaryInitialize.job
        - c:\program files\Glary Utilities\initialize.exe [2009-12-31 18:27]

        2010-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
        - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 18:19]

        2010-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
        - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 18:19]
        .
        .
        ------- Examen supplémentaire -------
        .
        uInternet Settings,ProxyOverride = local
        IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
        IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
        IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
        FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\tw9l25d6.default\
        FF - prefs.js: browser.startup.homepage - www.google.com
        FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
        FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
        FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
        FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
        .

        **************************************************************************

        catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2010-01-12 09:19
        Windows 5.1.2600 Service Pack 2 NTFS

        Recherche de processus cachés ...

        Recherche d'éléments en démarrage automatique cachés ...

        Recherche de fichiers cachés ...

        Scan terminé avec succès
        Fichiers cachés: 0

        **************************************************************************

        [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
        "ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc22.tmp"
        .
        --------------------- CLES DE REGISTRE BLOQUEES ---------------------

        [HKEY_USERS\S-1-5-21-1957994488-2077806209-839522115-500\SOFTWARE\Microsoft\Internet Explorer\User Preferences]
        @Denied: (2) (Administrator)
        "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
        d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,82,88,b8,df,51,2d,4f,ab,35,77,\
        "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
        d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,82,88,b8,df,51,2d,4f,ab,35,77,\
        .
        --------------------- DLLs chargées dans les processus actifs ---------------------

        - - - - - - - > 'winlogon.exe'(744)
        c:\windows\system32\Ati2evxx.dll
        .
        Heure de fin: 2010-01-12 09:21:04
        ComboFix-quarantined-files.txt 2010-01-12 08:21
        ComboFix2.txt 2010-01-05 13:31

        Avant-CF: 65 937 264 640 octets libres
        Après-CF: 65 906 130 944 octets libres

        - - End Of File - - 6DFEA319108A408A92966DEFB0BBD374


        et merci encore
        0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Téléchargez Tools Cleaner 2 sur votre bureau ici: https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/

    * Double-cliquez sur Tools Cleaner2 pour l’exécuter. (Si vous êtes sous Vista, cliquez droit sur le fichier Tools Cleaner 2 et exécutez-le en tant qu'administrateur.)
    * Cliquez sur Recherche et laissez-la se dérouler
    * Cliquez sur Suppression pour finaliser.
    * Vous pouvez, si vous le souhaitez, vous servir des Options facultatives.
    * Cliquez sur Quitter pour obtenir le rapport.
    * Postez le rapport (TCleaner.txt) qui se trouve à la racine de votre disque dur (C:) dans le forum où cela vous a été demandé.

    ____________________

    comment va le pc?

    colle un rapport avec kaspersky
    0
  12. 3omda_75 Messages postés 28 Statut Membre
     
    re, merci pour vos réponses et vos conseils mais le problème majeur celui de désinstaller avast persiste encore et le mode sans échec est toujours inaccessible par contre il y a comme même une grande amélioration quant à vitesse du pc et la navigation sur internet.
    donc reste à trouver une solution à désinstaller avast (de le faire apparaître, de le rendre fonctionelle...) ou bien activer le mode sans échec qui se bloque au démarrage avec un écran bleu

    pour le rapport tools cleaner le voila.
    Merci encore pour le sacrifice et du temps précieux que vous m'accordez.

    [ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

    --> Recherche:

    C:\Combofix.txt: trouvé !
    C:\UsbFix.txt: trouvé !
    C:\avenger: trouvé !
    C:\Qoobox: trouvé !
    C:\_OTM: trouvé !
    C:\UsbFix: trouvé !
    C:\FindyKill: trouvé !
    C:\Rsit: trouvé !
    C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk: trouvé !
    C:\Documents and Settings\Administrateur\Bureau\OTM.exe: trouvé !
    C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe: trouvé !
    C:\Documents and Settings\Administrateur\Bureau\HJTInstall.exe: trouvé !
    C:\Documents and Settings\Administrateur\Bureau\UsbFix.exe: trouvé !
    C:\Documents and Settings\Administrateur\Bureau\Rsit.exe: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
    C:\Qoobox\Quarantine\catchme.log: trouvé !
    C:\WINDOWS\mbr.exe: trouvé !

    ---------------------------------
    --> Suppression:

    C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk: supprimé !
    C:\Documents and Settings\Administrateur\Bureau\OTM.exe: supprimé !
    C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
    C:\Documents and Settings\Administrateur\Bureau\HJTInstall.exe: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Combofix.txt: supprimé !
    C:\UsbFix.txt: supprimé !
    C:\Documents and Settings\Administrateur\Bureau\UsbFix.exe: supprimé !
    C:\Documents and Settings\Administrateur\Bureau\Rsit.exe: supprimé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
    C:\Qoobox\Quarantine\catchme.log: supprimé !
    C:\WINDOWS\mbr.exe: supprimé !
    C:\avenger: supprimé !
    C:\Qoobox: supprimé !
    C:\_OTM: supprimé !
    C:\UsbFix: supprimé !
    C:\FindyKill: supprimé !
    C:\Rsit: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !
    0
  13. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok alors répare windows comme ceci

    * Cliquez sur le menu Démarrer
    * Sélectionnez executer
    * tapez SFC /scannow puis cliquez sur OK ( bien mettre un espace entre SFC et /scannow)

    si le cd de windows est demandé le mettre

    puis remets un rapport RSIT
    0
    1. 3omda_75 Messages postés 28 Statut Membre
       
      OK c'est fait mais le scan ne se lance pas juste une fenêtre noire apparaît en clin d'œil et s'évapore.
      0
  14. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    0
    1. 3omda_75 Messages postés 28 Statut Membre
       
      Le problème que je dispose pas maintenant du CD windows (je vais le chercher plus tard) d'ailleurs j'ai effectué le scan complet avec malwarebytes (3 fois successives) et je trouve toujours les mêmes résultats (on dirait qu'il n'as pas supprimé la sélection des infections)

      voila le dernier rapport malwarebytes:

      Malwarebytes' Anti-Malware 1.43
      Version de la base de données: 3495
      Windows 5.1.2600 Service Pack 2
      Internet Explorer 8.0.6001.18702

      12/01/2010 16:08:09
      mbam-log-2010-01-12 (16-08-09).txt

      Type de recherche: Examen complet (C:\|E:\|)
      Eléments examinés: 134607
      Temps écoulé: 21 minute(s), 36 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 5
      Elément(s) de données du Registre infecté(s): 3
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 3

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\frameworkservice (Trojan.Delf) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\frameworkservice (Trojan.Delf) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\Documents and Settings\Administrateur\Application Data\smss.exe (Trojan.Delf) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\Sexy Girls.scr (Trojan.Delf) -> Quarantined and deleted successfully.
      C:\WINDOWS\inf\smss.exe (Trojan.Delf) -> Quarantined and deleted successfully.
      0
  15. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    Télécharger OAD (Outil d'Aide au Diagnostic) < http://sosvirus.changelog.fr/OAD.exe >
    → Enregistre-le sur ton bureau
    → Lancer 'OAD.exe' en faisant un double clique sur le fichier
    → Saisir la valeur recherchée -> ' Sexy Girls ' ( fait un copier/coller )
    → Type de recherche : sélectionner l'option 6 puis valide [entrée]
    → OAD va maintenant rechercher le fichier.
    → Laisse-le travailler jusqu'à ce qu'il en ait terminé.
    → Suivant la taille des disques durs, cette recherche peut prendre plusieurs minutes.

    ------------- Patienter. --------------

    → Le rapport de recherche s'affichera automatiquement dès qu'il en aura terminé.
    → Faire un copier/coller de ce rapport dans ton prochain post.

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Note: Certains Antivirus peuvent émettre une alerte lors du téléchargement / utilisation > ignore

    ______________

    colle aussi un rapport RSIT comme demandé
    0
    1. 3omda_75 Messages postés 28 Statut Membre
       
      rapport AOD:

      12/01/2010 ---- 16:44:44,42

      ----------------------------------
      §§§§§§ [Sexy Girls] §§§§§§
      ----------------------------------
      [X] Registre
      [ ] Fichier (rapide)
      [ ] Fichier (disque systeme)
      [X] Fichier (complete)




      ********************
      [Registre]
      ********************

      Aucune entrée détectée

      *******************
      [Fichier]
      *******************

      c:\WINDOWS\system32\Sexy Girls.scr


      *********************
      [Même date]
      *********************

      C:\WINDOWS\system32\Sexy



      ----------------------------------
      §§§§§ Fin Rapport §§§§§
      ----------------------------------


      rapport RSIT:

      Logfile of random's system information tool 1.06 (written by random/random)
      Run by Administrateur at 2010-01-12 16:50:03
      Microsoft Windows XP Professionnel Service Pack 2
      System drive C: has 63 GB (83%) free of 75 GB
      Total RAM: 2043 MB (76% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 16:50:05, on 12/01/2010
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Google\Update\GoogleUpdate.exe
      C:\WINDOWS\System32\SCardSvr.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\AccelerometerSt.Exe
      C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
      C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
      C:\Program Files\SuperCopier2\SuperCopier2.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
      C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\agrsmsvc.exe
      C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\TEMP\winnypq.exe
      C:\WINDOWS\TEMP\wintwvso.exe
      C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\Program Files\trend micro\Administrateur.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe
      O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
      O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
      O4 - Startup: Dos Optimizer.pif = ?
      O4 - Global Startup: BTTray.lnk = ?
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
      O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
      O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
      0
    2. 3omda_75 Messages postés 28 Statut Membre
       
      je viens maintenant d'essayer d'installer une version ancienne de avast, j'ai pensé que cela peut aider à le désinstaller après. mais un rapport ci-dessous c'est affiché le voila peut être ça va aider je pense!

      12.01.2010 17:17:12 general: Started: 12.01.2010, 17:17:12
      12.01.2010 17:17:12 general: Running setup_av_pro-537 (1335)
      12.01.2010 17:17:12 system: Operating system: WindowsXP ver 5.1, build 2600, sp 2.0 [Service Pack 2]
      12.01.2010 17:17:12 system: Memory: 21% load. Phys:1632468/2092228K free, Page:3720024/4030144K free, Virt:2067740/2097024K free
      12.01.2010 17:17:12 system: Computer WinName: STANDARD
      12.01.2010 17:17:12 system: Windows Net User: STANDARD\Administrateur
      12.01.2010 17:17:12 general: Cmdline: /sfx /sfxstorage "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_av_sfx.tm~a02272" /srcpath "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IR_EXT~1\AutoPlay\Docs" /sfxname "setupengpro" /spawnfordeleter
      12.01.2010 17:17:12 general: DldSrc set to sfx
      12.01.2010 17:17:12 general: Old version: 558 (1368)
      12.01.2010 17:17:12 registry: Deleted registry: Software\Alwil Software\Avast\4.0\UpdateReady
      12.01.2010 17:17:12 general: SGW32P::CheckIfInstalled set m_bAlreadyInstalled to 1
      12.01.2010 17:17:12 system: Installed in: C:\Program Files\Alwil Software\Avast4 (62357M free)
      12.01.2010 17:17:12 internet: SYNCER: Type: use IE settings
      12.01.2010 17:17:12 internet: SYNCER: Auth: another authentication, use WinInet
      12.01.2010 17:17:12 package: IsInstalledPartVpuOkay: C:\Program Files\Alwil Software\Avast4\Setup\part--537.vpu does not exist
      12.01.2010 17:17:12 package: Part prg_av_pro-558 was guessed as installed
      12.01.2010 17:17:12 package: IsInstalledPartVpuOkay: C:\Program Files\Alwil Software\Avast4\Setup\part--ffffffff.vpu does not exist
      12.01.2010 17:17:12 package: Part vps-9112701 was guessed as installed
      12.01.2010 17:17:12 package: IsInstalledPartVpuOkay: C:\Program Files\Alwil Software\Avast4\Setup\part--ffffffff.vpu does not exist
      12.01.2010 17:17:12 package: Part news-53 was guessed as installed
      12.01.2010 17:17:12 package: IsInstalledPartVpuOkay: C:\Program Files\Alwil Software\Avast4\Setup\part--537.vpu does not exist
      12.01.2010 17:17:12 package: Part setup_av_pro-558 was guessed as installed
      12.01.2010 17:17:12 package: IsInstalledPartVpuOkay: C:\Program Files\Alwil Software\Avast4\Setup\part--ffffffff.vpu does not exist
      12.01.2010 17:17:12 package: Part jrog-1f6 was guessed as installed
      12.01.2010 17:17:12 general: Old version: 558 (1368)
      12.01.2010 17:17:12 file: SetExistingFilesBitmap: Setting group av_pro_core because of existing file C:\Program Files\Alwil Software\Avast4\aswRegSvr.exe
      12.01.2010 17:17:12 file: SetExistingFilesBitmap: Setting group av_pro_corepro because of existing file C:\Program Files\Alwil Software\Avast4\ashEnhcd.exe
      12.01.2010 17:17:12 file: SetExistingFilesBitmap: Setting group av_pro_rdr because of existing file C:\Program Files\Alwil Software\Avast4\Setup\INF\AswRdr.sys
      12.01.2010 17:17:12 file: SetExistingFilesBitmap: Setting group av_pro_res_mai because of existing file C:\Program Files\Alwil Software\Avast4\AhResMai.dll
      12.01.2010 17:17:12 file: SetExistingFilesBitmap: Setting group av_pro_res_mes because of existing file C:\Program Files\Alwil Software\Avast4\ahResMes.dll
      12.01.2010 17:17:12 file: SetExistingFilesBitmap: Setting group av_pro_res_ns because of existing file C:\Program Files\Alwil Software\Avast4\AhResNS.dll
      12.01.2010 17:17:12 file: SetExistingFilesBitmap: Setting group av_pro_res_out because of existing file C:\Program Files\Alwil Software\Avast4\AhResOut.dll
      12.01.2010 17:17:12 file: SetExistingFilesBitmap: Setting group av_pro_res_p2p because of existing file C:\Program Files\Alwil Software\Avast4\ahResP2P.dll
      12.01.2010 17:17:12 file: SetExistingFilesBitmap: Setting group av_pro_res_scr because of existing file C:\Program Files\Alwil Software\Avast4\AhAScr.dll
      12.01.2010 17:17:12 file: SetExistingFilesBitmap: Setting group av_pro_res_std because of existing file C:\Program Files\Alwil Software\Avast4\AhResStd.dll
      12.01.2010 17:17:12 file: SetExistingFilesBitmap: Setting group av_pro_res_ws because of existing file C:\Program Files\Alwil Software\Avast4\AhResWS.dll
      12.01.2010 17:17:12 file: SetExistingFilesBitmap: Setting group av_pro_skins because of existing file C:\Program Files\Alwil Software\Avast4\DATA\Skin\SZC-KDE.asws
      12.01.2010 17:17:12 file: SetExistingFilesBitmap: Setting group av_pro_sysx because of existing file C:\WINDOWS\system32\OleAcc.dll
      12.01.2010 17:17:12 file: SetExistingFilesBitmap: 1055->132->36
      12.01.2010 17:17:12 general: GUID: 73313693-af02-44bf-b0b9-cf10f451b912
      12.01.2010 17:17:12 general: SelectCurrent: selected server 'tmp sfx storage' from 'sfx'
      12.01.2010 17:17:12 internet: SYNCER: Type: use IE settings
      12.01.2010 17:17:12 internet: SYNCER: Auth: another authentication, use WinInet
      12.01.2010 17:17:12 package: LoadProductVpu: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_av_sfx.tm~a02272\prod-av_pro.vpu
      12.01.2010 17:17:12 package: LoadPartInfo: jrog = jrog-b3 returned 00000000
      12.01.2010 17:17:12 package: LoadPartInfo: news = news-4b returned 00000000
      12.01.2010 17:17:12 package: LoadPartInfo: program = prg_av_pro-537 returned 00000000
      12.01.2010 17:17:12 package: LoadPartInfo: setup = setup_av_pro-537 returned 00000000
      12.01.2010 17:17:12 package: LoadPartInfo: vps = vps-9020501 returned 00000000
      12.01.2010 17:17:12 package: LoadProductVpu: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_av_sfx.tm~a02272\prod-av_pro.vpu ended with 00000000
      12.01.2010 17:17:12 package: versions: 1368 > 1335
      12.01.2010 17:17:12 general: Err:You are trying to install an older version than the one currently installed.If you really want to install such a version, please uninstall the current version first.
      0
  16. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    télécharge OTM
    http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/ (de Old_Timer) sur ton Bureau.

    double-clique sur OTM.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTM :Paste instruction for items to be moved.

    :processes
    explorer.exe
    :services
    mchInjDrv
    aswMon2
    avast! Standard Shield Support
    Aavmker4
    avast! Asynchronous Virus Monito
    aswSP
    avast! Self Protection
    aswFsBlk
    :files
    C:\WINDOWS\system32\drivers\Aavmker4.sys
    C:\WINDOWS\system32\drivers\aswSP.sys
    C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc22.tmp
    C:\WINDOWS\system32\MFC71.dll
    C:\WINDOWS\system32\aswBoot.exe
    C:\Program Files\Alwil Software
    c:\WINDOWS\system32\Sexy Girls.scr
    C:\WINDOWS\system32\Sexy
    C:\WINDOWS\TEMP\winnypq.exe
    C:\WINDOWS\TEMP\wintwvso.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ajxwu.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rjwivy.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winaobgiq.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winyxig.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\flwfja.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhmdxm.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xccuuj.exe
    C:\WINDOWS\TEMP\bpmkd.exe
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rjwivy.exe"=-
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winaobgiq.exe"=-
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ajxwu.exe"=-
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winyxig.exe"=-
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\flwfja.exe"=-
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhmdxm.exe"=-
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xccuuj.exe"=-
    C:\WINDOWS\TEMP\wintwvso.exe
    C:\WINDOWS\TEMP\jqenk.exe
    C:\WINDOWS\TEMP\rlhkfk.exe
    C:\WINDOWS\TEMP\ewwlpv.exe
    C:\WINDOWS\TEMP\khrrs.exe
    C:\WINDOWS\TEMP\bkgdg.exe
    C:\WINDOWS\TEMP\winxnrvly.exe
    C:\WINDOWS\TEMP\gxwflp.exe
    C:\WINDOWS\TEMP\winafknv.exe
    C:\WINDOWS\TEMP\winydnrwi.exe
    C:\WINDOWS\TEMP\winknou.exe
    C:\WINDOWS\TEMP\winkchgbm.exe
    C:\WINDOWS\TEMP\winragv.exe
    C:\WINDOWS\TEMP\winsqdjo.exe
    C:\WINDOWS\TEMP\wvlcd.exe
    C:\WINDOWS\TEMP\winnypq.exe
    C:\WINDOWS\TEMP\rhhykd.exe
    :reg
    "C:\WINDOWS\TEMP\bpmkd.exe"=-
    "C:\WINDOWS\TEMP\jqenk.exe"=-
    "C:\WINDOWS\TEMP\rlhkfk.exe"=-
    "C:\WINDOWS\TEMP\ewwlpv.exe"=-
    "C:\WINDOWS\TEMP\khrrs.exe"=-
    "C:\WINDOWS\TEMP\bkgdg.exe"=-
    "C:\WINDOWS\TEMP\winxnrvly.exe"=-
    "C:\WINDOWS\TEMP\gxwflp.exe"=-
    "C:\WINDOWS\TEMP\winafknv.exe"=-
    "C:\WINDOWS\TEMP\winydnrwi.exe"=-
    "C:\WINDOWS\TEMP\winknou.exe"=-
    "C:\WINDOWS\TEMP\winkchgbm.exe"="-
    "C:\WINDOWS\TEMP\winragv.exe"=-
    "C:\WINDOWS\TEMP\winsqdjo.exe"=-
    "C:\WINDOWS\TEMP\wvlcd.exe"=-
    "C:\WINDOWS\TEMP\winnypq.exe"=-
    "C:\WINDOWS\TEMP\rhhykd.exe"=-
    "C:\WINDOWS\TEMP\wintwvso.exe"=-
    :commands
    [purity]
    [emptytemp]
    [start explorer]

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTM\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    _______________________

    colle ensuite un scan en ligne de chez bitdefender
    http://www.bitdefender.fr/scanner/online/free.html
    0
  17. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    après OTM
    mais avant le scan en ligne bitdefender passe ce logiciel de bitdefender pour eradiquer ce que tu as

    http://www.bdtools.net/download/dcleaner.zip

    puis fais le scan en ligne
    0
    1. 3omda_75 Messages postés 28 Statut Membre
       
      Bonjour;
      voila le rapport OTM
      All processes killed
      ========== PROCESSES ==========
      No active process named explorer.exe was found!
      ========== SERVICES/DRIVERS ==========
      Error: No service named mchInjDrv was found to stop!
      Unable to stop service mchInjDrv!
      Error: Unable to stop service aswMon2!
      Unable to delete service\driver keyaswMon2.
      Error: No service named avast! Standard Shield Support was found to stop!
      Unable to stop service avast! Standard Shield Support!
      Error: Unable to stop service Aavmker4!
      Unable to delete service\driver keyAavmker4.
      Error: No service named avast! Asynchronous Virus Monito was found to stop!
      Unable to stop service avast! Asynchronous Virus Monito!
      Error: Unable to stop service aswSP!
      Unable to delete service\driver keyaswSP.
      Error: No service named avast! Self Protection was found to stop!
      Unable to stop service avast! Self Protection!
      Error: Unable to stop service aswFsBlk!
      Unable to delete service\driver keyaswFsBlk.
      ========== FILES ==========
      File move failed. C:\WINDOWS\system32\drivers\aavmker4.sys scheduled to be moved on reboot.
      File move failed. C:\WINDOWS\system32\drivers\aswSP.sys scheduled to be moved on reboot.
      File move failed. C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys scheduled to be moved on reboot.
      File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc22.tmp not found.
      DllUnregisterServer procedure not found in C:\WINDOWS\system32\MFC71.dll
      C:\WINDOWS\system32\MFC71.dll moved successfully.
      File move failed. C:\WINDOWS\system32\aswBoot.exe scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\Sfx scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64 scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64 scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\images scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\FRENCH\HtmlData scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\FRENCH\HELP scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\FRENCH scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\Skin scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\report scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4 scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software scheduled to be moved on reboot.
      c:\WINDOWS\system32\Sexy Girls.scr moved successfully.
      File/Folder C:\WINDOWS\system32\Sexy not found.
      File/Folder C:\WINDOWS\TEMP\winnypq.exe not found.
      File/Folder C:\WINDOWS\TEMP\wintwvso.exe not found.
      File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ajxwu.exe not found.
      File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rjwivy.exe not found.
      File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winaobgiq.exe not found.
      File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winyxig.exe not found.
      File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\flwfja.exe not found.
      File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhmdxm.exe not found.
      File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xccuuj.exe not found.
      File/Folder C:\WINDOWS\TEMP\bpmkd.exe not found.
      File/Folder [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shared­access\parameters\firewallpolicy\standardprofile\authorizeda­pplications\list] not found.
      File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rjwivy.exe"= not found.
      File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winaobgiq.exe"= not found.
      File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ajxwu.exe"= not found.
      File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winyxig.exe"= not found.
      File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\flwfja.exe"= not found.
      File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhmdxm.exe"= not found.
      File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xccuuj.exe"= not found.
      File/Folder C:\WINDOWS\TEMP\wintwvso.exe not found.
      File/Folder C:\WINDOWS\TEMP\jqenk.exe not found.
      File/Folder C:\WINDOWS\TEMP\rlhkfk.exe not found.
      File/Folder C:\WINDOWS\TEMP\ewwlpv.exe not found.
      File/Folder C:\WINDOWS\TEMP\khrrs.exe not found.
      File/Folder C:\WINDOWS\TEMP\bkgdg.exe not found.
      File/Folder C:\WINDOWS\TEMP\winxnrvly.exe not found.
      File/Folder C:\WINDOWS\TEMP\gxwflp.exe not found.
      File/Folder C:\WINDOWS\TEMP\winafknv.exe not found.
      File/Folder C:\WINDOWS\TEMP\winydnrwi.exe not found.
      File/Folder C:\WINDOWS\TEMP\winknou.exe not found.
      File/Folder C:\WINDOWS\TEMP\winkchgbm.exe not found.
      File/Folder C:\WINDOWS\TEMP\winragv.exe not found.
      File/Folder C:\WINDOWS\TEMP\winsqdjo.exe not found.
      File/Folder C:\WINDOWS\TEMP\wvlcd.exe not found.
      File/Folder C:\WINDOWS\TEMP\winnypq.exe not found.
      File/Folder C:\WINDOWS\TEMP\rhhykd.exe not found.
      ========== REGISTRY ==========
      Registry key Invalid\\"C:\WINDOWS\TEMP\bpmkd.exe"\ not found.
      Registry key Invalid\\"C:\WINDOWS\TEMP\jqenk.exe"\ not found.
      Registry key Invalid\\"C:\WINDOWS\TEMP\rlhkfk.exe"\ not found.
      Registry key Invalid\\"C:\WINDOWS\TEMP\ewwlpv.exe"\ not found.
      Registry key Invalid\\"C:\WINDOWS\TEMP\khrrs.exe"\ not found.
      Registry key Invalid\\"C:\WINDOWS\TEMP\bkgdg.exe"\ not found.
      Registry key Invalid\\"C:\WINDOWS\TEMP\winxnrvly.exe"\ not found.
      Registry key Invalid\\"C:\WINDOWS\TEMP\gxwflp.exe"\ not found.
      Registry key Invalid\\"C:\WINDOWS\TEMP\winafknv.exe"\ not found.
      Registry key Invalid\\"C:\WINDOWS\TEMP\winydnrwi.exe"\ not found.
      Registry key Invalid\\"C:\WINDOWS\TEMP\winknou.exe"\ not found.
      \\"C:\WINDOWS\TEMP\winkchgbm.exe"|"- /E :invalid edit format. No such root key.
      Registry key Invalid\\"C:\WINDOWS\TEMP\winragv.exe"\ not found.
      Registry key Invalid\\"C:\WINDOWS\TEMP\winsqdjo.exe"\ not found.
      Registry key Invalid\\"C:\WINDOWS\TEMP\wvlcd.exe"\ not found.
      Registry key Invalid\\"C:\WINDOWS\TEMP\winnypq.exe"\ not found.
      Registry key Invalid\\"C:\WINDOWS\TEMP\rhhykd.exe"\ not found.
      Registry key Invalid\\"C:\WINDOWS\TEMP\wintwvso.exe"\ not found.
      ========== COMMANDS ==========

      [EMPTYTEMP]

      User: Administrateur
      ->Temp folder emptied: 220400171 bytes
      ->Temporary Internet Files folder emptied: 823701 bytes
      ->FireFox cache emptied: 37871846 bytes

      User: All Users

      User: Default User
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes

      User: LocalService
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 32902 bytes

      User: NetworkService
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 32902 bytes

      %systemdrive% .tmp files removed: 0 bytes
      %systemroot% .tmp files removed: 0 bytes
      %systemroot%\System32 .tmp files removed: 0 bytes
      %systemroot%\System32\dllcache .tmp files removed: 0 bytes
      %systemroot%\System32\drivers .tmp files removed: 0 bytes
      Windows Temp folder emptied: 128512 bytes
      %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
      %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
      RecycleBin emptied: 0 bytes

      Total Files Cleaned = 247,00 mb


      OTM by OldTimer - Version 3.1.5.0 log created on 01132010_102927

      Files moved on Reboot...
      File move failed. C:\WINDOWS\system32\drivers\aavmker4.sys scheduled to be moved on reboot.
      File move failed. C:\WINDOWS\system32\drivers\aswSP.sys scheduled to be moved on reboot.
      File move failed. C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys scheduled to be moved on reboot.
      File move failed. C:\WINDOWS\system32\aswBoot.exe scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\Sfx scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64 scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64 scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64 scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64 scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\Sfx scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64 scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64 scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\images scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\FRENCH\HtmlData scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\FRENCH\HELP scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\FRENCH\HtmlData scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\FRENCH\HELP scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\FRENCH scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\Skin scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\report scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\Skin scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\report scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\Sfx scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64 scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64 scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\images scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\FRENCH\HtmlData scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\FRENCH\HELP scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\FRENCH scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\Skin scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\report scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4 scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\Sfx scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64 scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64 scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\images scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\FRENCH\HtmlData scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\FRENCH\HELP scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\FRENCH scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\Skin scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\report scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software\Avast4 scheduled to be moved on reboot.
      Folder move failed. C:\Program Files\Alwil Software scheduled to be moved on reboot.

      Registry entries deleted on Reboot...

      ensuite le traitement deBitDefender Removal Tool

      BITDEFENDER Removal Tool for Win32.Worm.Downadup.Gen

      --> Scanning..
      Ok Loading BitDefender Engines
      State 0 of m :
      Sleeping 3 seconds...
      Searching for Downadup file ....
      Searching in : C:\WINDOWS\system32\
      Searching in : C:\WINDOWS\Temp\
      Searching in : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
      Searching in : C:\Program Files\Internet Explorer
      Searching in : C:\Program Files\Movie Maker
      Searching in : C:\Documents and Settings\All Users\Application Data\
      Searching in : C:\Documents and Settings\Administrateur\Application Data\
      Searching in : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
      Found so far : 0x0 files/regs
      No Traces of Downadup Worm were found
      --> Your computer is not infected

      Mais la connexion au site pour le scan en ligne n'arrive pas à s'établir
      par contre la connexion existe et je peux connecter à plusieur sites mais je pense qu'il y a un bloquage lorsque j'essaye de me connecter aux sites de scan car j'ai essayé plusieur autres site de scan en ligne mais j'arrive pas!! Depuis un autre PC en réseau ses sites sont joignables!!
      0
  18. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    installe bitdefender free et colle un rapport avec
    0
    1. 3omda_75 Messages postés 28 Statut Membre
       
      J'ai bien peur de vous dire que c'est impossibe, alors, j'ai éssayé toutes les méthodes dont je connaissais
      téléchargement ce bloque en 99%
      je l'ai téléchargé sur un autre PC et je l'ai posé sur favorie réseau, ce dernier ce bloque (pas de réponse)
      j'ai changé le nom en premier lieu et l'extension en deuxième lieu Kif kif
      enfin je l'ai enregistré sur un stickmemory avec le nom test.aze et j'ai branché le stick à ce PC et j'ai changé l'extension en .exe et j'ai tapé deux fois par la souris et c'est marché et le programme commence l'installation mais ma joie n'a pas durée, à l'étape "démarre service" de BitDefender un message "le service 'BitDefender Desktop Update Service' (LIVESRV) n'a pas démarré. Vérifier si vous avez assez d'autorité pour démarrer les services système."

      Je sais que j'ai gaspillé beaucoup de votre temps mais j'arrive au stade de désespoire, par contre j'en ai une trés grande confience à tous les membres de comment ça marche...

      et bien sur que j'ai trouvé le stick memory infecté aprés un scan de kaspersky sur l'autre PC
      0
    2. 3omda_75 Messages postés 28 Statut Membre
       
      j'ai une mauvaise nouvelle je pense
      j'ai téléchargé Avira AntiVir Premium 9.0.0.455 et je l'ai installé sur le PC après plusieurs tentatives sauf que au démarrage de avira plusieurs alertes se manifeste et détection de plusieurs virus j'ai utilsé l'option delete (par erreur) pour le fichier mmc.exe (je pense) après l'option repair pour toutes les autres détections. à la fin du premier scan (5détections) j'ai mis à jour le logiciel ensuite j'ai commencé un scan complet (plusieurs détections , le compteur arrive à 58 infection) soudain il fait redémarrage du PC tout seul, et voila rien sur le bureau et le pointeur sous forme d'horloge de sable et j'arrive à rien faire. est c'est grave ça???
      0
  19. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    regarde ici

    https://www.commentcamarche.net/faq/24781-reparer-sa-connexion-suite-a-une-infection-ou-une-desinfection
    0
    1. 3omda_75 Messages postés 28 Statut Membre
       
      Bonjour cher ami,
      2150 infections trouvés par avira le log file est très long pour être posté.
      une fenêtre pour insertion du CD windows est affiché pour récupérer les fichiers modifié!! (je vais avoir le CD cet après midi)
      connexion internet rétablie je pense puisque je viens de faire le scan avec BitDefender en ligne dont voila le rapport.

      BitDefender QuickScan Beta 32-bit v0.9.9.0
      ------------------------------------------

      Date de l'analyse : Thu Jan 14 11:48:05 2010
      ID de la machine : 38B62D92

      Processus Dos Optimizer.pif (2816) - Win32.Worm.Delf.NEC


      1 fichier infecté a été détecté !
      -----------------------------------
      C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif - Win32.Worm.Delf.NEC


      Processus
      ---------
      <non signé> AntiVir Desktop 1812 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      <non signé> AntiVir Desktop 1428 C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
      <non signé> AntiVir Desktop 1440 C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
      <non signé> AntiVir Desktop 1796 C:\Program Files\Avira\AntiVir Desktop\sched.exe
      <non signé> Google Update 1776 C:\Program Files\Google\Update\GoogleUpdate.exe
      <non signé> SuperCopier 2 (explorer file copy replacement) 2728 C:\Program Files\SuperCopier2\SuperCopier2.exe
      <non signé> W32.KuCo.A 2816 C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif

      <verifié> Agere Soft Modem Call Progress Service 1416 C:\WINDOWS\system32\agrsmsvc.exe
      <verifié> ATI External Event Utility for Windows 984 C:\WINDOWS\system32\Ati2evxx.exe
      <verifié> ATI External Event Utility for Windows 1324 C:\WINDOWS\system32\Ati2evxx.exe
      <verifié> Bluetooth Software 1132 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      <verifié> Firefox 2984 C:\Program Files\Mozilla Firefox\firefox.exe
      <verifié> Hewlett-Packard Corporation 3D DriveGuard System 2708 C:\WINDOWS\system32\AccelerometerSt.Exe
      <verifié> Malwarebytes' Anti-Malware 1516 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
      <verifié> Microsoft® Windows® Operating System 2576 \\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
      <verifié> Microsoft® Windows® Operating System 716 C:\WINDOWS\system32\csrss.exe
      <verifié> Microsoft® Windows® Operating System 804 C:\WINDOWS\system32\lsass.exe
      <verifié> Microsoft® Windows® Operating System 1672 C:\WINDOWS\system32\spoolsv.exe
      <verifié> Microsoft® Windows® Operating System 1636 C:\WINDOWS\system32\svchost.exe
      <verifié> Microsoft® Windows® Operating System 1000 C:\WINDOWS\system32\svchost.exe
      <verifié> Microsoft® Windows® Operating System 1068 C:\WINDOWS\system32\svchost.exe
      <verifié> Microsoft® Windows® Operating System 1108 C:\WINDOWS\System32\svchost.exe
      <verifié> Microsoft® Windows® Operating System 1200 C:\WINDOWS\system32\svchost.exe
      <verifié> Microsoft® Windows® Operating System 1268 C:\WINDOWS\system32\svchost.exe
      <verifié> Microsoft® Windows® Operating System 196 C:\WINDOWS\system32\svchost.exe
      <verifié> Microsoft® Windows® Operating System 3164 C:\WINDOWS\System32\svchost.exe
      <verifié> Microsoft® Windows® Operating System 2632 C:\WINDOWS\system32\wbem\wmiprvse.exe
      <verifié> Microsoft® Windows® Operating System 2144 C:\WINDOWS\system32\wuauclt.exe
      <verifié> Microsoft® Windows® Operating System 472 C:\WINDOWS\system32\wuauclt.exe
      <verifié> Système d'exploitation Microsoft® Windows® 1824 C:\WINDOWS\Explorer.EXE
      <verifié> Système d'exploitation Microsoft® Windows® 1720 C:\WINDOWS\System32\SCardSvr.exe
      <verifié> Système d'exploitation Microsoft® Windows® 792 C:\WINDOWS\system32\services.exe
      <verifié> Système d'exploitation Microsoft® Windows® 600 C:\WINDOWS\System32\smss.exe
      <verifié> Système d'exploitation Microsoft® Windows® 748 C:\WINDOWS\system32\winlogon.exe


      Activité du réseau
      ------------------
      Processus AVWEBGRD.EXE (1440) connecté sur le port 80 (HTTP) - gv-in-f102.1e100.net
      Processus AVWEBGRD.EXE (1440) connecté sur le port 80 (HTTP) - a92-123-192-20.deploy.akamaitechnologies.com
      Processus AVWEBGRD.EXE (1440) connecté sur le port 80 (HTTP) - 80.157.169.136

      Processus svchost.exe (1068) écoute sur les ports: 135 (RPC)
      Processus svchost.exe (1268) écoute sur les ports: 2869 (SSDP event notification, UPNP)
      Processus avmailc.exe (1428) écoute sur les ports: 44110
      Processus AVWEBGRD.EXE (1440) écoute sur les ports: 44080


      Fichiers critiques et Autorun
      -----------------------------
      <non signé> AntiVir Desktop C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
      <non signé> Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
      <non signé> SuperCopier 2 (explorer file copy replacement) C:\Program Files\SuperCopier2\SuperCopier2.exe

      <verifié> ATI External Event Utility for Windows C:\WINDOWS\system32\ati2evxx.dll
      <verifié> Glary Utilities C:\Program Files\Glary Utilities\initialize.exe
      <verifié> Hewlett-Packard Corporation 3D DriveGuard System C:\WINDOWS\system32\AccelerometerSt.Exe
      <verifié> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
      <verifié> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\browseui.dll
      <verifié> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\crypt32.dll
      <verifié> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\cscdll.dll
      <verifié> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\logonui.exe
      <verifié> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\sclgntfy.dll
      <verifié> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\shell32.dll
      <verifié> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\stobject.dll
      <verifié> Système d'exploitation Microsoft® Windows® c:\windows\system32\userinit.exe
      <verifié> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\wlnotify.dll
      <verifié> Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


      Plugins du navigateur
      ---------------------
      <non signé> AntiVir Desktop C:\Program Files\Avira\AntiVir Desktop\avsda.dll
      <non signé> Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
      <non signé> RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
      <non signé> RealPlayer Version Plugin C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll

      <verifié> BitDefender QuickScan C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles/tw9l25d6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
      <verifié> BitDefender QuickScan C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles/tw9l25d6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
      <verifié> Foxit Reader Plugin for Mozilla C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
      <verifié> Google Update C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
      <verifié> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
      <verifié> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
      <verifié> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
      <verifié> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
      <verifié> RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
      <verifié> RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32- C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
      <verifié> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\mswsock.dll
      <verifié> Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
      <verifié> Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
      <verifié> Yahoo! activeX Plug-in Bridge C:\Program Files\Yahoo!\Common\npyaxmpb.dll
      <verifié> Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn\yt.dll


      Fichiers manquants
      ------------------
      Fichier non trouvé : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys
      référencé dans : HKLM\System\CurrentControlSet\Services\catchme\"ImagePath"

      Fichier non trouvé : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc26.tmp
      référencé dans : HKLM\System\CurrentControlSet\Services\mchInjDrv\"ImagePath"

      Fichier non trouvé : C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
      référencé dans : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"QlbCtrl.exe"

      Fichier non trouvé : C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
      référencé dans : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"Malwarebytes' Anti-Malware"

      Fichier non trouvé : C:\Program Files\Softwin\BitDefender10\bdfdll.sys
      référencé dans : HKLM\System\CurrentControlSet\Services\bdfdll\"ImagePath"

      Fichier non trouvé : C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys
      référencé dans : HKLM\System\CurrentControlSet\Services\BDFsDrv\"ImagePath"

      Fichier non trouvé : C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys
      référencé dans : HKLM\System\CurrentControlSet\Services\BDRsDrv\"ImagePath"


      Analyse
      -------
      Le(s) fichier(s) suivant(s) doit/doivent être téléchargé(s) pour une analyse côté serveur:
      C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

      Le téléchargement vers le serveur a démarré - 1 fichier(s)
      téléchargement vers le serveur : C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe - 165192 octets, hash : 019e5d16bd861f8ef09b2ee256033ef6
      Vitesse de téléchargement vers le serveur - 17 KB/s
      Téléchargement vers le serveur terminé - 1 téléchargés vers le serveur, 0 ont échoué

      Le(s) fichier(s) téléchargé(s) vers le serveur est/sont sain(s)

      Analyse terminée - la communication a duré 12 secondes
      Trafic total - 0.20 Mo envoyés, 2.66 Ko reçus
      846 fichiers et modules analysés - 44 seconds
      0
  20. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok tu diras!

    tu pourras refaire un scan antivir aussi et coller le rapport pour voir ce qu'il reste
    0
    1. 3omda_75 Messages postés 28 Statut Membre
       
      Beginning disinfection:
      C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20100114-095536-55EA415A\ARKA.tmp
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
      [WARNING] The file could not be deleted!
      [NOTE] Attempting to perform action using the ARK library.
      [NOTE] The file was moved to '4b99f25e.qua'!
      C:\Documents and Settings\All Users\Documents\U992.exe
      [DETECTION] Contains recognition pattern of the SPR/Tool.UltraSur.A program
      [NOTE] The file was moved to '4b87f246.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037737.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef23d.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037738.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48c71a0e.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037739.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4a092e66.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037740.exe
      [DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
      [NOTE] The file was moved to '4b7ef23e.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037741.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48c61257.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037742.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48c41dc7.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037743.exe
      [DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
      [NOTE] The file was moved to '4b7ef23f.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037744.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48c20dc8.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037745.exe
      [DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
      [NOTE] The file was moved to '48c0f510.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037746.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef240.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037747.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48bee4a1.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037748.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48bfece9.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037749.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48bcd431.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037750.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef241.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037751.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef244.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037752.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef245.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037753.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef246.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037754.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef248.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037755.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48bbcf81.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037756.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef24a.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037757.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48b496fb.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037758.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48b59e33.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037759.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48b2860b.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037760.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48b38e43.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037761.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48b0719b.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037762.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48b179d3.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037763.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48ae612b.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037764.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48af6963.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037765.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48ac50bb.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037766.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48ad58f3.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037767.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48aa40cb.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037768.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48ab4803.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037769.EXE
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48a8305b.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037770.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48a93b93.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037771.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48a623eb.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037772.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48a72b23.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037773.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef24e.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037774.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48a51ab7.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037775.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48a2028f.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037776.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef24f.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037777.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48a1f200.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037778.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef251.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037779.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '489ffdb2.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037780.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef256.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037781.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '489ded27.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037782.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '489ad56f.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037783.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '489bdd57.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037784.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4898c49f.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037785.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4899ccc7.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037786.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4896b40f.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037787.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4897bc77.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037788.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4894a7bf.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037789.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4895afe7.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037790.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef257.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037791.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48939f18.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037792.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48908750.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037793.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48918e88.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037794.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '488e76c0.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037795.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '488f7e38.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037796.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '488c6670.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037797.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '488d69a8.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037798.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef258.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037799.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '488b59d9.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037800.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4fa51231.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037801.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4fa21a69.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037802.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4fa31da1.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037803.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef259.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037804.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4fa10dd2.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037805.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4f9ff50a.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037806.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4f9cfd42.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037807.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4f9de4ba.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037808.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4f9aecf2.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037809.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4f9bd42a.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037810.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4f98dc62.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037811.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4f99c45a.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037812.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4f96cf92.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037813.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4f97b7ca.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037814.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4f94bf02.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037815.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef25b.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037816.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4f92aeb4.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037817.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef25c.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037818.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4f909e25.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037819.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4f91861d.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037820.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef25d.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037821.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef25e.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037822.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef25f.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037823.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4f8d6100.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037824.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4f8a6948.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037825.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4f8b5090.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037826.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4f8858d8.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037827.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4f8940e0.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037828.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef260.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037829.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4f873071.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037830.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4f843bb9.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037831.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4f8523c1.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037832.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef261.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037833.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4f831352.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037834.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4f801a9a.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037835.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4f8102a2.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037836.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e7e0aea.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037837.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e7cf232.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037838.EXE
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e7dfa7a.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037839.EXE
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e7afd82.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037840.EXE
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e7be5ca.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037841.EXE
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e78ed12.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037842.EXE
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef262.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037843.EXE
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e76dd63.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037844.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e77c4ab.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037845.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e74ccf3.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037846.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e73020b.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037847.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e700a83.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037848.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef263.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037849.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e6ffa14.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037850.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e6ce25c.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037851.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e6dea64.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037852.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e6aedac.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037853.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e6bd5f4.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037854.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e68dd3c.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037855.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef264.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037856.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e66cc8d.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037857.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e67b4d5.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037858.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e64bc1d.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037859.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e65a425.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037860.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e62ac6d.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037861.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e6397b5.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037862.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e609ffd.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037863.EXE
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef265.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037864.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e5e8f4e.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037865.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e5f7696.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037866.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e5c7ede.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037867.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e5d66e6.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037868.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e5a6e2e.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037869.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef266.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037870.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e5859bf.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037871.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef26a.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037872.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e564903.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037873.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e57315b.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037874.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e543893.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037875.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e5520ab.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037876.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef26b.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037877.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e53103c.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037878.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e501874.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037879.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e51038c.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037880.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e4e0bc4.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037881.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e4cf31c.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037882.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e4dfb54.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037883.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e4ae36c.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037884.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef26c.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037885.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e48d2fd.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037886.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e49da35.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037887.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e46c24d.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037888.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e47c585.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037889.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e44cddd.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037890.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e45b515.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037891.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e42bd2d.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037892.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e43a565.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037893.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e40acbd.qua'!
      C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037894.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e4194f5.qua'!
      E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037895.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e3e9c0d.qua'!
      E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037896.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef272.qua'!
      E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037897.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4b7ef276.qua'!
      E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037898.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '48b6a757.qua'!
      E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037899.exe
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e3d77cf.qua'!
      E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037900.EXE
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e3b673f.qua'!
      E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037901.EXE
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4e75b42f.qua'!
      E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037902.EXE
      [DETECTION] Contains code of the W32/Sality.AA Windows virus
      [NOTE] The file was moved to '4a0401c7.qua'!


      End of the scan: jeudi 14 janvier 2010 11:30
      Used time: 31:23 Minute(s)

      The scan has been done completely.

      3846 Scanned directories
      118925 Files were scanned
      172 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      2 files were deleted
      0 Viruses and unwanted programs were repaired
      168 Files were moved to quarantine
      0 Files were renamed
      1 Files cannot be scanned
      118752 Files not concerned
      1140 Archives were scanned
      2 Warnings
      171 Notes
      30962 Objects were scanned with rootkit scan
      0 Hidden objects were found
      0
    2. 3omda_75 Messages postés 28 Statut Membre
       
      le dernier scan de cet après midi

      Avira AntiVir Premium
      Report file date: jeudi 14 janvier 2010 15:08

      Scanning for 1529455 virus strains and unwanted programs.

      Licensee : Willie Inouye
      Serial number : 2205201620-PEPWE-0001
      Platform : Windows XP
      Windows version : (Service Pack 2) [5.1.2600]
      Boot mode : Normally booted
      Username : SYSTEM
      Computer name : STANDARD

      Version information:
      BUILD.DAT : 9.0.0.455 24915 Bytes 02/12/2009 16:05:00
      AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 10:26:33
      AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 09:58:24
      LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:49
      LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 09:58:52
      VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 06:35:52
      VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 14:32:09
      VBASE002.VDF : 7.10.1.1 2048 Bytes 19/11/2009 14:32:10
      VBASE003.VDF : 7.10.1.2 2048 Bytes 19/11/2009 14:32:11
      VBASE004.VDF : 7.10.1.3 2048 Bytes 19/11/2009 14:32:11
      VBASE005.VDF : 7.10.1.4 2048 Bytes 19/11/2009 14:32:12
      VBASE006.VDF : 7.10.1.5 2048 Bytes 19/11/2009 14:32:12
      VBASE007.VDF : 7.10.1.6 2048 Bytes 19/11/2009 14:32:12
      VBASE008.VDF : 7.10.1.7 2048 Bytes 19/11/2009 14:32:12
      VBASE009.VDF : 7.10.1.8 2048 Bytes 19/11/2009 14:32:12
      VBASE010.VDF : 7.10.1.9 2048 Bytes 19/11/2009 14:32:13
      VBASE011.VDF : 7.10.1.10 2048 Bytes 19/11/2009 14:32:14
      VBASE012.VDF : 7.10.1.11 2048 Bytes 19/11/2009 14:32:14
      VBASE013.VDF : 7.10.1.79 209920 Bytes 25/11/2009 14:32:21
      VBASE014.VDF : 7.10.1.128 197632 Bytes 30/11/2009 14:32:29
      VBASE015.VDF : 7.10.1.178 195584 Bytes 07/12/2009 14:32:36
      VBASE016.VDF : 7.10.1.224 183296 Bytes 14/12/2009 14:32:41
      VBASE017.VDF : 7.10.1.247 182272 Bytes 15/12/2009 14:32:51
      VBASE018.VDF : 7.10.2.30 198144 Bytes 21/12/2009 14:32:58
      VBASE019.VDF : 7.10.2.63 187392 Bytes 24/12/2009 14:33:04
      VBASE020.VDF : 7.10.2.93 195072 Bytes 29/12/2009 14:33:11
      VBASE021.VDF : 7.10.2.131 201216 Bytes 07/01/2010 14:33:17
      VBASE022.VDF : 7.10.2.158 192000 Bytes 11/01/2010 14:33:27
      VBASE023.VDF : 7.10.2.159 2048 Bytes 11/01/2010 14:33:27
      VBASE024.VDF : 7.10.2.160 2048 Bytes 11/01/2010 14:33:27
      VBASE025.VDF : 7.10.2.161 2048 Bytes 11/01/2010 14:33:29
      VBASE026.VDF : 7.10.2.162 2048 Bytes 11/01/2010 14:33:29
      VBASE027.VDF : 7.10.2.163 2048 Bytes 11/01/2010 14:33:30
      VBASE028.VDF : 7.10.2.164 2048 Bytes 11/01/2010 14:33:31
      VBASE029.VDF : 7.10.2.165 2048 Bytes 11/01/2010 14:33:31
      VBASE030.VDF : 7.10.2.166 2048 Bytes 11/01/2010 14:33:31
      VBASE031.VDF : 7.10.2.183 200704 Bytes 14/01/2010 13:15:02
      Engineversion : 8.2.1.142
      AEVDF.DLL : 8.1.1.2 106867 Bytes 08/11/2009 06:38:52
      AESCRIPT.DLL : 8.1.3.7 594296 Bytes 13/01/2010 14:35:01
      AESCN.DLL : 8.1.3.1 127348 Bytes 14/01/2010 11:15:29
      AESBX.DLL : 8.1.1.1 246132 Bytes 08/11/2009 06:38:44
      AERDL.DLL : 8.1.3.4 479605 Bytes 13/01/2010 14:34:47
      AEPACK.DLL : 8.2.0.5 422262 Bytes 14/01/2010 11:15:28
      AEOFFICE.DLL : 8.1.0.38 196987 Bytes 08/11/2009 06:38:38
      AEHEUR.DLL : 8.1.0.195 2232695 Bytes 14/01/2010 11:15:23
      AEHELP.DLL : 8.1.10.0 237942 Bytes 14/01/2010 11:15:05
      AEGEN.DLL : 8.1.1.83 369014 Bytes 13/01/2010 14:33:49
      AEEMU.DLL : 8.1.1.0 393587 Bytes 08/11/2009 06:38:26
      AECORE.DLL : 8.1.9.5 184693 Bytes 14/01/2010 11:15:03
      AEBB.DLL : 8.1.0.3 53618 Bytes 08/11/2009 06:38:20
      AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59
      AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 14:14:02
      AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
      AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 09:32:09
      AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:41
      AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:08
      SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
      SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:33
      NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 09:32:10
      RCIMAGE.DLL : 9.0.0.28 2623745 Bytes 19/05/2009 13:28:53
      RCTEXT.DLL : 9.0.74.0 90369 Bytes 14/10/2009 07:59:08

      Configuration settings for the scan:
      Jobname.............................: Complete system scan
      Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
      Logging.............................: low
      Primary action......................: interactive
      Secondary action....................: ignore
      Scan master boot sector.............: on
      Scan boot sector....................: on
      Boot sectors........................: C:, E:,
      Process scan........................: on
      Scan registry.......................: on
      Search for rootkits.................: on
      Integrity checking of system files..: off
      Scan all files......................: All files
      Scan archives.......................: on
      Recursion depth.....................: 20
      Smart extensions....................: on
      Macro heuristic.....................: on
      File heuristic......................: medium
      Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

      Start of the scan: jeudi 14 janvier 2010 15:08

      Starting search for hidden objects.
      '29324' objects were checked, '0' hidden objects were found.

      The scan of running processes will be started
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'vlc.exe' - '1' Module(s) have been scanned
      Scan process 'firefox.exe' - '1' Module(s) have been scanned
      Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'Dos Optimizer.pif' - '1' Module(s) have been scanned
      Scan process 'SuperCopier2.exe' - '1' Module(s) have been scanned
      Scan process 'accelerometerST.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'mbamservice.exe' - '1' Module(s) have been scanned
      Scan process 'avwebgrd.exe' - '1' Module(s) have been scanned
      Scan process 'avmailc.exe' - '1' Module(s) have been scanned
      Scan process 'agrsmsvc.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Scan process 'avguard.exe' - '1' Module(s) have been scanned
      Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
      Scan process 'sched.exe' - '1' Module(s) have been scanned
      Scan process 'scardsvr.exe' - '1' Module(s) have been scanned
      Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
      Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'btwdins.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned
      34 processes with 34 modules were scanned

      Starting master boot sector scan:
      Master boot sector HD0
      [INFO] No virus was found!

      Start scanning boot sectors:
      Boot sector 'C:\'
      [INFO] No virus was found!
      Boot sector 'E:\'
      [INFO] No virus was found!

      Starting to scan executable files (registry).
      The registry was scanned ( '44' files ).


      Starting the file scan:

      Begin scan in 'C:\'
      C:\pagefile.sys
      [WARNING] The file could not be opened!
      [NOTE] This file is a Windows system file.
      [NOTE] This file cannot be opened for scanning.
      Begin scan in 'E:\'


      End of the scan: jeudi 14 janvier 2010 15:27
      Used time: 19:45 Minute(s)

      The scan has been done completely.

      3785 Scanned directories
      115883 Files were scanned
      0 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 files were deleted
      0 Viruses and unwanted programs were repaired
      0 Files were moved to quarantine
      0 Files were renamed
      1 Files cannot be scanned
      115882 Files not concerned
      1110 Archives were scanned
      1 Warnings
      1 Notes
      29324 Objects were scanned with rootkit scan
      0 Hidden objects were found
      0
  21. 3omda_75 Messages postés 28 Statut Membre
     
    j'ai effectué un scan ce matin et j'ai trouvé 172 infections (le rapport sur deux parties)
    Avira AntiVir Premium
    Report file date: jeudi 14 janvier 2010 10:53

    Scanning for 1528437 virus strains and unwanted programs.

    Licensee : Willie Inouye
    Serial number : 2205201620-PEPWE-0001
    Platform : Windows XP
    Windows version : (Service Pack 2) [5.1.2600]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : STANDARD

    Version information:
    BUILD.DAT : 9.0.0.455 24915 Bytes 02/12/2009 16:05:00
    AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 10:26:33
    AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 09:58:24
    LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:49
    LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 09:58:52
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 06:35:52
    VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 14:32:09
    VBASE002.VDF : 7.10.1.1 2048 Bytes 19/11/2009 14:32:10
    VBASE003.VDF : 7.10.1.2 2048 Bytes 19/11/2009 14:32:11
    VBASE004.VDF : 7.10.1.3 2048 Bytes 19/11/2009 14:32:11
    VBASE005.VDF : 7.10.1.4 2048 Bytes 19/11/2009 14:32:12
    VBASE006.VDF : 7.10.1.5 2048 Bytes 19/11/2009 14:32:12
    VBASE007.VDF : 7.10.1.6 2048 Bytes 19/11/2009 14:32:12
    VBASE008.VDF : 7.10.1.7 2048 Bytes 19/11/2009 14:32:12
    VBASE009.VDF : 7.10.1.8 2048 Bytes 19/11/2009 14:32:12
    VBASE010.VDF : 7.10.1.9 2048 Bytes 19/11/2009 14:32:13
    VBASE011.VDF : 7.10.1.10 2048 Bytes 19/11/2009 14:32:14
    VBASE012.VDF : 7.10.1.11 2048 Bytes 19/11/2009 14:32:14
    VBASE013.VDF : 7.10.1.79 209920 Bytes 25/11/2009 14:32:21
    VBASE014.VDF : 7.10.1.128 197632 Bytes 30/11/2009 14:32:29
    VBASE015.VDF : 7.10.1.178 195584 Bytes 07/12/2009 14:32:36
    VBASE016.VDF : 7.10.1.224 183296 Bytes 14/12/2009 14:32:41
    VBASE017.VDF : 7.10.1.247 182272 Bytes 15/12/2009 14:32:51
    VBASE018.VDF : 7.10.2.30 198144 Bytes 21/12/2009 14:32:58
    VBASE019.VDF : 7.10.2.63 187392 Bytes 24/12/2009 14:33:04
    VBASE020.VDF : 7.10.2.93 195072 Bytes 29/12/2009 14:33:11
    VBASE021.VDF : 7.10.2.131 201216 Bytes 07/01/2010 14:33:17
    VBASE022.VDF : 7.10.2.158 192000 Bytes 11/01/2010 14:33:27
    VBASE023.VDF : 7.10.2.159 2048 Bytes 11/01/2010 14:33:27
    VBASE024.VDF : 7.10.2.160 2048 Bytes 11/01/2010 14:33:27
    VBASE025.VDF : 7.10.2.161 2048 Bytes 11/01/2010 14:33:29
    VBASE026.VDF : 7.10.2.162 2048 Bytes 11/01/2010 14:33:29
    VBASE027.VDF : 7.10.2.163 2048 Bytes 11/01/2010 14:33:30
    VBASE028.VDF : 7.10.2.164 2048 Bytes 11/01/2010 14:33:31
    VBASE029.VDF : 7.10.2.165 2048 Bytes 11/01/2010 14:33:31
    VBASE030.VDF : 7.10.2.166 2048 Bytes 11/01/2010 14:33:31
    VBASE031.VDF : 7.10.2.181 187392 Bytes 14/01/2010 09:15:02
    Engineversion : 8.2.1.134
    AEVDF.DLL : 8.1.1.2 106867 Bytes 08/11/2009 06:38:52
    AESCRIPT.DLL : 8.1.3.7 594296 Bytes 13/01/2010 14:35:01
    AESCN.DLL : 8.1.3.0 127348 Bytes 13/01/2010 14:34:52
    AESBX.DLL : 8.1.1.1 246132 Bytes 08/11/2009 06:38:44
    AERDL.DLL : 8.1.3.4 479605 Bytes 13/01/2010 14:34:47
    AEPACK.DLL : 8.2.0.4 422263 Bytes 13/01/2010 14:34:38
    AEOFFICE.DLL : 8.1.0.38 196987 Bytes 08/11/2009 06:38:38
    AEHEUR.DLL : 8.1.0.194 2228599 Bytes 13/01/2010 14:34:30
    AEHELP.DLL : 8.1.9.0 237943 Bytes 13/01/2010 14:33:53
    AEGEN.DLL : 8.1.1.83 369014 Bytes 13/01/2010 14:33:49
    AEEMU.DLL : 8.1.1.0 393587 Bytes 08/11/2009 06:38:26
    AECORE.DLL : 8.1.9.1 180598 Bytes 13/01/2010 14:33:42
    AEBB.DLL : 8.1.0.3 53618 Bytes 08/11/2009 06:38:20
    AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59
    AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 14:14:02
    AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
    AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 09:32:09
    AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:41
    AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:08
    SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
    SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:33
    NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 09:32:10
    RCIMAGE.DLL : 9.0.0.28 2623745 Bytes 19/05/2009 13:28:53
    RCTEXT.DLL : 9.0.74.0 90369 Bytes 14/10/2009 07:59:08

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:, E:,
    Process scan........................: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium
    Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

    Start of the scan: jeudi 14 janvier 2010 10:53

    Starting search for hidden objects.
    '30962' objects were checked, '0' hidden objects were found.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjpyyqb.exe
    [DETECTION] Is the TR/Downloader.Gen Trojan
    Scan process 'winjpyyqb.exe' - '1' Module(s) have been scanned
    Module is infected -> 'C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjpyyqb.exe'
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winokat.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
    Scan process 'winokat.exe' - '1' Module(s) have been scanned
    Module is infected -> 'C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winokat.exe'
    Scan process 'update.exe' - '1' Module(s) have been scanned
    Scan process 'guardgui.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'mbamservice.exe' - '1' Module(s) have been scanned
    Scan process 'avwebgrd.exe' - '1' Module(s) have been scanned
    Scan process 'avmailc.exe' - '1' Module(s) have been scanned
    Scan process 'agrsmsvc.exe' - '1' Module(s) have been scanned
    Scan process 'Dos Optimizer.pif' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SuperCopier2.exe' - '1' Module(s) have been scanned
    Scan process 'accelerometerST.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'scardsvr.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'btwdins.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    Process 'winjpyyqb.exe' has been terminated
    Process 'winokat.exe' has been terminated
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjpyyqb.exe
    [DETECTION] Is the TR/Downloader.Gen Trojan
    [NOTE] The file was deleted!
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winokat.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
    [NOTE] The file was deleted!

    40 processes with 38 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'E:\'
    [INFO] No virus was found!

    Starting to scan executable files (registry).

    The registry was scanned ( '44' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    [NOTE] This file is a Windows system file.
    [NOTE] This file cannot be opened for scanning.
    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20100114-095536-55EA415A\ARKA.tmp
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\Documents and Settings\All Users\Documents\U992.exe
    [DETECTION] Contains recognition pattern of the SPR/Tool.UltraSur.A program
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037737.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037738.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037739.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037740.exe
    [DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037741.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037742.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037743.exe
    [DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037744.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037745.exe
    [DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037746.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037747.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037748.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037749.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037750.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037751.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037752.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037753.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037754.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037755.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037756.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037757.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037758.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037759.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037760.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037761.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037762.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037763.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037764.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037765.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037766.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037767.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037768.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037769.EXE
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037770.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037771.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037772.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037773.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037774.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037775.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037776.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037777.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037778.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037779.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037780.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037781.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037782.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037783.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037784.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037785.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037786.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037787.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037788.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037789.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037790.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037791.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037792.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037793.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037794.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037795.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037796.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037797.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037798.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037799.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037800.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037801.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037802.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037803.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037804.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037805.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037806.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037807.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037808.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037809.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037810.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037811.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037812.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037813.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037814.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037815.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037816.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037817.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037818.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037819.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037820.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037821.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037822.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037823.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037824.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037825.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037826.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037827.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037828.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037829.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037830.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037831.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037832.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037833.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037834.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037835.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037836.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037837.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037838.EXE
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037839.EXE
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037840.EXE
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037841.EXE
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037842.EXE
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037843.EXE
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037844.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037845.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037846.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037847.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037848.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037849.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037850.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037851.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037852.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037853.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037854.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037855.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037856.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037857.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037858.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037859.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037860.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037861.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037862.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037863.EXE
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037864.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037865.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037866.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037867.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037868.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037869.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037870.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037871.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037872.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037873.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037874.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037875.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037876.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037877.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037878.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037879.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037880.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037881.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037882.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037883.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037884.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037885.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037886.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037887.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037888.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037889.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037890.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037891.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037892.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037893.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037894.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    Begin scan in 'E:\'
    E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037895.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037896.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037897.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037898.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037899.exe
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037900.EXE
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037901.EXE
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037902.EXE
    [DETECTION] Contains code of the W32/Sality.AA Windows virus
    0
  • 1
  • 2