Sujet Précédent Sujet Suivant

Uninstall Avast, safe mode inaccessible

3omda_75 Messages postés 28 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjourà toute l'équipe et joyeuse année 2010,
Je viens d'essayer l'installation de kaspersky mais il me demande de désinstaller Avast que je ne le trouve nulle part, alors j'ai téléchargé aswclear (procédure que j'ai trouvé dans un autre sujet dans ce forum) et j'ai essayer de redémarrer en safe mode mais un écran bleu apparit et disparait en clin d'oeil sans pouvoir exécuter le safe mode, alors j'ai télécharger hijackthis et jv16powertool mais je n'en sait comment les utiliser.
Voila le rapport de hijackthis!! est ce que mon PC est infecté??

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:39, on 05/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\AccelerometerSt.Exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\wincywvp.exe
C:\WINDOWS\TEMP\windpyx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Dos Optimizer.pif = ?
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
A voir également:

21 réponses

  • 1
  • 2
Réponse 1 / 21
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt
analyse ceci sur virus total et colle les rapports https://www.virustotal.com/gui/

C:\WINDOWS\TEMP\wincywvp.exe
C:\WINDOWS\TEMP\windpyx.exe
0
Réponse 2 / 21
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
puis

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
3omda_75 Messages postés 28 Statut Membre
 
Salut jlpjlp, et merci pour votre intervention;
en premier lieu j'ai pas pu établir une connexion sur le site virustotal et ce problème de connexion n'est pas nouveau puisque plusieurs sites sont inaccessible apartir de ce poste par contre accessible depuis un autre PC. pour la deuxième étape voila le contenu de:
log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2010-01-05 13:55:48
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 59 GB (78%) free of 75 GB
Total RAM: 2043 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:55:55, on 05/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\AccelerometerSt.Exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\wincywvp.exe
C:\WINDOWS\TEMP\windpyx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Dos Optimizer.pif = ?
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
0
Réponse 3 / 21
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok il y a du boulot!

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

______________________

mettre a jour internet explorer
pour XP
https://www.microsoft.com/en-us/download

pour VISTA:
https://www.microsoft.com/en-us/download

_____________

mettre à jour adobe reader puis supprimer les anciennes version via le panneau de configuration
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html

ou passer a un lecteur alternatif ce qui évitera les virus circulant via les PDF comme foxit reader (ne pas mettre les barres foxit, ask, ebay..)

https://www.commentcamarche.net/telecharger/ 205 foxit reader

_____________

ensuite

remets un rapport RSIT
0
3omda_75 Messages postés 28 Statut Membre
 
Re;
que dois je faire maintenant??
0
3omda_75
 
Et voila

en premier lieu le rapport de combofix

ComboFix 10-01-04.01 - Administrateur 05/01/2010 14:28:01.2.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2043.1532 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\KillBagle.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrateur\Application Data\lsass.exe
.
---- Exécution préalable -------
.
c:\documents and settings\Administrateur\h7z9c39i7.exe
c:\sin\S-2-3-12-ABCDEF7890-01234567890-1688963592-500\Deskto­p.ini
c:\windows\system32\drivers\sqeffxh.sys
c:\windows\system32\XP-2F95D5BE.EXE

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_aqjgat


((((((((((((((((((((((((((((( Fichiers créés du 2009-12-05 au 2010-01-05 ))))))))))))))))))))))))))))))))))))
.

2010-01-05 13:19 . 2010-01-05 13:19 -------- d-----w- c:\windows\system32\wbem\snmp
2010-01-05 13:19 . 2010-01-05 13:19 -------- d-----w- c:\windows\system32\xircom
2010-01-05 12:55 . 2010-01-05 12:55 -------- d-----w- C:\rsit
2010-01-05 12:36 . 2010-01-05 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-01-05 08:59 . 2010-01-05 08:59 -------- d-----w- c:\program files\jv16 PowerTools
2010-01-05 08:50 . 2010-01-05 08:50 -------- d-----w- c:\program files\Trend Micro
2010-01-05 08:27 . 2010-01-05 08:28 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-01-05 08:04 . 2010-01-05 08:04 5061520 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-05 08:02 . 2010-01-05 08:02 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2010-01-05 08:02 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissar­my.sys
2010-01-05 08:02 . 2010-01-05 08:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-05 08:02 . 2010-01-05 08:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-05 08:02 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 07:44 . 2010-01-05 08:12 180224 ----a-w- c:\documents and settings\Administrateur\ddaqaea4.exe
2010-01-05 07:41 . 2010-01-05 07:41 -------- d-----r- C:\JAN
2010-01-05 07:41 . 2010-01-05 08:11 172032 ----a-w- c:\documents and settings\Administrateur\easddaeu8.exe
2010-01-05 07:34 . 2010-01-05 07:34 -------- d-----w- c:\program files\Yahoo!
2010-01-05 07:34 . 2010-01-05 07:35 -------- d-----w- c:\program files\CCleaner
2010-01-05 07:29 . 2010-01-05 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-01-01 19:39 . 2010-01-01 20:29 33792 ----a-w- c:\documents and settings\Administrateur\easddaeb8.exe
2010-01-01 01:00 . 2010-01-01 01:00 -------- d-----w- c:\windows\system32\XPSViewer
2010-01-01 01:00 . 2010-01-01 01:00 -------- d-----w- c:\program files\Reference Assemblies
2010-01-01 01:00 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x­86\filterpipelineprintproc.dll
2010-01-01 00:59 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipe­lineprintproc.dll
2010-01-01 00:59 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-01-01 00:59 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-01-01 00:59 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.­dll
2010-01-01 00:59 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-01-01 00:59 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.­dll
2010-01-01 00:59 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32­x86\printfilterpipelinesvc.exe
2010-01-01 00:59 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilt­erpipelinesvc.exe
2010-01-01 00:56 . 2010-01-01 00:56 -------- d-----w- c:\program files\MSXML 6.0
2009-12-31 16:37 . 2009-12-31 16:40 33792 ----a-w- c:\documents and settings\Administrateur\easddaeg8.exe
2009-12-31 13:27 . 2009-12-31 13:32 -------- d-----w- c:\documents and settings\Administrateur\Application Data\GlarySoft
2009-12-31 13:14 . 2009-12-31 13:14 -------- d-----w- c:\program files\Glary Utilities
2009-12-31 13:14 . 2007-01-04 11:02 663552 ----a-w- c:\windows\system32\mgxoschk.dll
2009-12-31 12:04 . 2009-12-31 16:19 33792 ----a-w- c:\documents and settings\Administrateur\easddaek9.exe
2009-12-31 01:26 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sy­s
2009-12-31 01:26 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-31 01:26 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-31 01:26 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys­
2009-12-31 01:26 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-31 01:26 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sy­s
2009-12-31 01:25 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-31 01:25 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-12-31 01:25 . 2009-12-31 01:25 -------- d-----w- c:\program files\Alwil Software
2009-12-31 00:49 . 2009-12-31 00:58 151552 ----a-w- c:\documents and settings\Administrateur\easddaeg9.exe
2009-12-30 21:15 . 2009-12-30 21:17 2034352 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-12-30 20:45 . 2010-01-05 08:33 -------- d-----r- C:\JAMA
2009-12-30 20:45 . 2009-12-30 21:35 139264 ----a-w- c:\documents and settings\Administrateur\easddaee1.exe
2009-12-30 15:58 . 2009-12-30 15:58 -------- d-----w- c:\windows\ServicePackFiles
2009-12-29 08:56 . 2010-01-05 12:30 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-12-29 08:51 . 2009-12-29 08:52 184320 ----a-w- c:\documents and settings\Administrateur\easddaet8.exe
2009-12-29 07:59 . 2010-01-05 07:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-29 07:57 . 2009-03-06 14:46 286208 ------w- c:\windows\system32\dllcache\pdh.dll
2009-12-29 07:57 . 2009-02-09 10:20 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-12-29 07:57 . 2009-02-09 10:20 399360 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-12-29 07:57 . 2009-02-06 16:54 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-12-29 07:57 . 2009-02-06 16:39 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-29 07:57 . 2005-07-26 04:39 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2009-12-29 07:57 . 2009-02-09 10:20 685056 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-12-29 07:57 . 2009-02-09 10:20 739840 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-12-29 07:57 . 2009-02-09 10:20 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-29 07:57 . 2009-02-09 10:08 111104 ------w- c:\windows\system32\dllcache\services.exe
2009-12-29 07:51 . 2008-10-24 11:10 453632 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-29 07:51 . 2009-07-10 13:41 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-12-29 07:49 . 2009-08-04 17:16 2065024 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-29 07:49 . 2009-08-04 17:16 2188032 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-29 07:49 . 2009-08-04 17:16 2144768 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-29 07:49 . 2009-08-04 17:16 2022912 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-29 07:49 . 2009-06-05 07:46 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-12-29 07:47 . 2008-06-14 17:59 272768 ------w- c:\windows\system32\drivers\bthport.sys
2009-12-29 07:47 . 2008-06-14 17:59 272768 ------w- c:\windows\system32\dllcache\bthport.sys
2009-12-29 07:47 . 2009-12-29 08:15 180224 ----a-w- c:\documents and settings\Administrateur\easddaey9.exe
2009-12-27 22:17 . 2009-12-27 22:17 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\PCHealth
2009-12-27 12:54 . 2008-05-08 12:28 202752 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-12-27 12:54 . 2008-12-11 11:57 333184 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-27 12:32 . 2008-04-11 18:51 683520 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-27 12:32 . 2008-04-21 21:27 219136 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-12-27 12:23 . 2009-08-25 09:47 352256 ------w- c:\windows\system32\dllcache\winhttp.dll
2009-12-27 12:14 . 2009-07-31 04:58 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-12-27 12:13 . 2009-12-27 12:13 180224 ----a-w- c:\documents and settings\Administrateur\easddaeg4.exe
2009-12-26 20:06 . 2008-07-07 20:31 253952 ------w- c:\windows\system32\dllcache\es.dll
2009-12-26 19:43 . 2008-06-12 14:18 956928 ------w- c:\windows\system32\dllcache\msdtctm.dll
2009-12-26 19:43 . 2008-06-12 14:18 161792 ------w- c:\windows\system32\dllcache\msdtcuiu.dll
2009-12-26 19:43 . 2008-06-12 14:18 91648 ------w- c:\windows\system32\dllcache\mtxoci.dll
2009-12-26 19:43 . 2008-06-12 14:18 66560 ------w- c:\windows\system32\dllcache\mtxclu.dll
2009-12-26 19:43 . 2008-06-12 14:18 58880 ------w- c:\windows\system32\dllcache\msdtclog.dll
2009-12-26 19:43 . 2008-06-12 14:18 428032 ------w- c:\windows\system32\dllcache\msdtcprx.dll
2009-12-26 19:42 . 2009-04-15 15:17 584192 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2009-12-26 19:42 . 2008-10-15 16:59 332800 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-12-26 19:41 . 2009-06-21 22:06 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-12-26 19:41 . 2008-05-01 14:31 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-12-26 19:04 . 2009-12-31 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-26 18:25 . 2009-12-26 18:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-12-26 18:20 . 2009-12-26 18:27 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Temp
2009-12-26 18:20 . 2009-12-26 18:20 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-12-26 18:19 . 2009-12-31 13:06 -------- d-----w- c:\program files\Google
2009-12-26 18:19 . 2009-12-31 13:06 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Google
2009-12-26 17:40 . 2009-12-26 23:08 180224 ----a-w- c:\documents and settings\Administrateur\easddaea8.exe
2009-12-24 21:35 . 2009-12-24 21:35 -------- d-s---w- c:\documents and settings\Administrateur\UserData
2009-12-24 20:09 . 2009-12-24 20:09 -------- d-----r- C:\RESTORIC
2009-12-24 20:09 . 2009-12-24 21:36 139264 ----a-w- c:\documents and settings\Administrateur\easddaeb1.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 13:23 . 2001-09-28 13:00 80946 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-05 13:23 . 2001-09-28 13:00 501138 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-05 13:19 . 2010-01-05 13:19 -------- d-----w- c:\program files\microsoft frontpage
2010-01-05 13:19 . 2009-12-05 14:14 -------- d-----w- c:\program files\SuperCopier2
2010-01-04 10:11 . 2009-12-05 14:15 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Winamp
2009-12-05 17:03 . 2009-12-05 17:03 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Media Player Classic
2009-12-05 14:15 . 2009-12-05 13:55 -------- d-----w- c:\program files\Winamp
2009-12-05 14:00 . 2009-12-05 14:00 -------- d-----w- c:\program files\Real Alternative
2009-12-05 13:59 . 2009-11-11 08:33 -------- d-----w- c:\program files\Fichiers communs\Real
2009-12-05 13:58 . 2009-12-05 13:57 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-05 13:58 . 2009-12-05 13:58 0 ----a-w- c:\windows\nsreg.dat
2009-12-05 13:54 . 2009-12-05 13:54 -------- d-----w- c:\documents and settings\Administrateur\Application Data\vlc
2009-12-05 13:54 . 2009-12-05 13:54 -------- d-----w- c:\program files\VideoLAN
2009-11-19 17:38 . 2009-11-19 17:38 65760 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-14 21:10 . 2009-11-11 07:11 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-11 08:36 . 2009-11-11 08:35 -------- d-----w- c:\program files\PDFCreator
2009-11-11 08:28 . 2009-11-11 08:28 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-11-11 08:26 . 2009-11-11 08:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-11 08:25 . 2009-11-11 08:25 -------- d-----w- c:\program files\Microsoft Works
2009-11-11 08:25 . 2009-11-11 08:25 -------- d-----w- c:\program files\MSBuild
2009-11-11 08:24 . 2009-11-11 08:24 -------- d-----w- c:\program files\Microsoft.NET
2009-11-11 08:23 . 2009-11-11 08:23 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-11-11 08:20 . 2009-11-11 08:20 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-11-11 08:20 . 2009-11-11 08:20 -------- d-----w- c:\documents and settings\Administrateur\Application Data\ATI
2009-11-11 08:19 . 2009-11-11 08:19 0 -c--a-w- c:\windows\ativpsrm.bin
2009-11-11 08:12 . 2009-11-11 08:12 -------- d-----w- c:\program files\Analog Devices
2009-11-11 08:08 . 2009-11-11 08:08 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2009-11-11 08:07 . 2009-11-11 08:07 0 -c-ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-11-11 07:40 . 2009-11-11 07:18 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-11 07:40 . 2009-11-11 07:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-11 07:38 . 2009-11-11 07:38 -------- d-----w- c:\program files\Synaptics
2009-11-11 07:36 . 2009-11-11 07:36 -------- d-----w- c:\program files\Fichiers communs\SNP2UVC
2009-11-11 07:36 . 2009-11-11 07:36 -------- d-----w- c:\documents and settings\Administrateur\Application Data\InstallShield
2009-11-11 07:35 . 2009-11-11 07:35 -------- d-----w- c:\program files\SCM Microsystems
2009-11-11 07:32 . 2009-11-11 07:32 -------- d-----w- c:\program files\Intel
2009-11-11 07:30 . 2009-11-11 07:28 -------- d-----w- c:\program files\ATI Technologies
2009-11-11 07:24 . 2009-11-11 07:18 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-11-11 07:23 . 2009-11-11 07:23 -------- d-----w- c:\program files\WIDCOMM
2009-11-11 07:22 . 2009-11-11 07:22 1614 -csha-r- c:\windows\system32\drivers\103C_HP_NTBK_HP Compaq 6830s_YN_0U_QCNU9020RNG_EU_46_I30E9_SHP_VKBC Version 95.1A_B68PZD Ver. F.07_T080918_WXP2_L40C_M2044_J250_7Intel_8Core2 Duo T5870_92_#091111_N_()_XMOBILE_CN10_Z_2F.07_G.MRK
2009-11-11 07:20 . 2009-11-11 07:20 -------- d-----w- c:\program files\HPQ
2009-11-11 07:11 . 2009-11-11 07:11 -------- d-----w- c:\program files\Services en ligne
2009-11-11 07:09 . 2009-11-11 07:09 21892 -c--a-w- c:\windows\system32\emptyregdb.dat
2009-10-29 05:46 . 2004-08-03 23:54 666112 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 06:03 . 2004-08-03 23:54 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:03 . 2004-08-03 23:54 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:54 . 2009-10-20 16:54 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
2009-10-20 14:58 . 2004-08-03 22:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:52 . 2004-08-03 23:54 267776 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:52 . 2004-08-03 23:54 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:52 . 2004-08-03 23:54 113152 ----a-w- c:\windows\system32\rastls.dll
.

------- Sigcheck -------

[-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ctfmon.exe
[-] 2004-08-03 . 9A8FFEC027A54A8CE63DB61DB617BA61 . 93184 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-06-09 82224]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 251184]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1114112]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-30 511312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 93184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
DosÿOptimizer.pif [2007-4-8 377344]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-3-31 576104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Dos Optimizer.pif]
path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
backup=c:\windows\pss\Dos Optimizer.pifStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^¡¡¡¡¡¡.lnk]
path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\¡¡¡¡¡¡.lnk
backup=c:\windows\pss\¡¡¡¡¡¡.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-05-14 10:26 251184 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2008-04-04 15:09 1114112 ----a-r- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 11:17 143360 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-27 18:28 1216512 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 111616 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gupdate"=2 (0x2)
"Com4QLBEx"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\PROGRA~1\\WIDCOMM\\BLUETO~1\\BTSTAC~1.EXE"=
"c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\system32\\SNDVOL32.EXE"=
"c:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"=
"c:\\WINDOWS\\system32\\AccelerometerSt.Exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\ccc.exe"=
"c:\\Program Files\\Winamp\\winampa.exe"=
"c:\\Documents and Settings\\Administrateur\\Bureau\\Best of Najib\\Best of Najib.exe"=
"c:\\Program Files\\SuperCopier2\\SuperCopier2.exe"=
"c:\\Documents and Settings\\Administrateur\\Bureau\\Bonus\\Bonus.exe"=
"c:\\Documents and Settings\\Administrateur\\Menu Démarrer\\Programmes\\Démarrage\\Dos Optimizer.pif"=
"c:\\WINDOWS\\system32\\regsvr32.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Quick Launch Buttons\\QlbCtrl.exe"=
"c:\\Documents and Settings\\Administrateur\\easddaea8.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Program Files\\Windows Media Player\\setup_wm.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Quick Launch Buttons\\Com4QLBEx.exe"=
"c:\\Program Files\\Hewlett-Packard\\Shared\\hpqwmiex.exe"=

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [11/11/2009 09:12 24064]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31/12/2009 02:26 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/12/2009 02:26 20560]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [05/01/2010 09:02 235344]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\qmgnjn.sys --> c:\windows\system32\drivers\qmgnjn.sys [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [05/01/2010 09:02 19160]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [21/06/2007 04:40 56448]
S4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [11/11/2009 08:40 275760]
S4 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/12/2009 19:19 205296]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67KLN5J0-4OPM-65WE-KKX5-313QWE24444}]
2009-12-26 12:31 102400 ----a-w- c:\restoric\RECYCLER\X0R.exe
.
Contenu du dossier 'Tâches planifiées'

2010-01-05 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-12-31 18:27]

2010-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 18:19]

2010-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 18:19]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\tw9l25d6.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
.
- - - - ORPHELINS SUPPRIMES - - - -

MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe



**************************************************************************
Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc22.tmp"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2010-01-05 14:31:49
ComboFix-quarantined-files.txt 2010-01-05 13:31

Avant-CF: 61 423 673 344 octets libres
Après-CF: 61 363 527 680 octets libres

- - End Of File - - 08ACF255D9789FCFD623FDA7C48B9D57



ensuite j'ai mis à jour internet explorer (version 8)
j'ai désinstallé adobe acrobate reader
j'ai installé foxit reader
et enfin le rapport de RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2010-01-05 15:13:40
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 58 GB (77%) free of 75 GB
Total RAM: 2043 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:13:48, on 05/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\AccelerometerSt.Exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\TEMP\wintqyjgx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Dos Optimizer.pif = ?
O4 - Global Startup: BTTray.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
End of file - 5501 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AccelerometerSysTrayApplet"=C:\WINDOWS\system32\AccelerometerSt.Exe [2008-06-09 82224]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-05-14 251184]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-04-04 1114112]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-12-30 511312]
"FrameWorkService"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
"FrameWorkService"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-05-14 251184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-04-04 1114112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-27 1216512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2009-07-01 111616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Dos Optimizer.pif]
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif [2007-04-08 377344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^¡¡¡¡¡¡.lnk]
C:\WINDOWS\system32\XP-2F9~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gupdate"=2
"Com4QLBEx"=3

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage
Dos Optimizer.pif

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-05-08 126976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
"DisallowRun"=0
"NoFolderOptions"=0
"NoRun"=0
"NoFind"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe:*:Enabled:ipsec"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe:*:Enabled:ipsec"
"C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE"="C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE:*:Enabled:ipsec"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"="C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe:*:Enabled:ipsec"
"C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"="C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe:*:Enabled:ipsec"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\SNDVOL32.EXE"="C:\WINDOWS\system32\SNDVOL32.EXE:*:Enabled:ipsec"
"C:\Program Files\Analog Devices\Core\smax4pnp.exe"="C:\Program Files\Analog Devices\Core\smax4pnp.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\AccelerometerSt.Exe"="C:\WINDOWS\system32\AccelerometerSt.Exe:*:Enabled:ipsec"
"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe:*:Enabled:ipsec"
"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe:*:Enabled:ipsec"
"C:\Program Files\Winamp\winampa.exe"="C:\Program Files\Winamp\winampa.exe:*:Enabled:ipsec"
"C:\Documents and Settings\Administrateur\Bureau\Best of Najib\Best of Najib.exe"="C:\Documents and Settings\Administrateur\Bureau\Best of Najib\Best of Najib.exe:*:Enabled:ipsec"
"C:\Program Files\SuperCopier2\SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe:*:Enabled:ipsec"
"C:\Documents and Settings\Administrateur\Bureau\Bonus\Bonus.exe"="C:\Documents and Settings\Administrateur\Bureau\Bonus\Bonus.exe:*:Enabled:ipsec"
"C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif"="C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif:*:Enabled:ipsec"
"C:\WINDOWS\system32\regsvr32.exe"="C:\WINDOWS\system32\regsvr32.exe:*:Enabled:ipsec"
"C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe:*:Enabled:ipsec"
"C:\Documents and Settings\Administrateur\easddaea8.exe"="C:\Documents and Settings\Administrateur\easddaea8.exe:*:Enabled:ipsec"
"C:\Program Files\Google\Update\GoogleUpdate.exe"="C:\Program Files\Google\Update\GoogleUpdate.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\dwwin.exe"="C:\WINDOWS\system32\dwwin.exe:*:Enabled:ipsec"
"C:\Program Files\Windows Media Player\setup_wm.exe"="C:\Program Files\Windows Media Player\setup_wm.exe:*:Enabled:ipsec"
"C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe:*:Enabled:ipsec"
"C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe"="C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwjydqv.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwjydqv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbpqk.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbpqk.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-01-05 15:10:28 ----D---- C:\Documents and Settings\Administrateur\Application Data\Foxit
2010-01-05 15:10:27 ----D---- C:\Program Files\Foxit Software
2010-01-05 15:04:41 ----A---- C:\Documents and Settings\Administrateur\Application Data\smss.exe
2010-01-05 15:00:37 ----D---- C:\WINDOWS\ie8updates
2010-01-05 14:59:59 ----D---- C:\WINDOWS\WBEM
2010-01-05 14:58:48 ----HDC---- C:\WINDOWS\ie8
2010-01-05 14:58:48 ----D---- C:\WINDOWS\system32\fr-FR
2010-01-05 14:57:01 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-05 14:56:56 ----A---- C:\WINDOWS\imsins.BAK
2010-01-05 14:56:52 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2010-01-05 14:31:50 ----A---- C:\ComboFix.txt
2010-01-05 14:30:16 ----D---- C:\WINDOWS\temp
2010-01-05 14:27:30 ----D---- C:\KillBagle
2010-01-05 14:19:12 ----D---- C:\Program Files\xerox
2010-01-05 14:19:11 ----D---- C:\WINDOWS\system32\xircom
2010-01-05 14:19:11 ----D---- C:\Program Files\netmeeting
2010-01-05 14:19:10 ----D---- C:\Program Files\microsoft frontpage
2010-01-05 14:15:00 ----A---- C:\Boot.bak
2010-01-05 14:14:55 ----RASHD---- C:\cmdcons
2010-01-05 14:12:18 ----A---- C:\WINDOWS\zip.exe
2010-01-05 14:12:18 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-05 14:12:18 ----A---- C:\WINDOWS\SWSC.exe
2010-01-05 14:12:18 ----A---- C:\WINDOWS\SWREG.exe
2010-01-05 14:12:18 ----A---- C:\WINDOWS\sed.exe
2010-01-05 14:12:18 ----A---- C:\WINDOWS\PEV.exe
2010-01-05 14:12:18 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-05 14:12:18 ----A---- C:\WINDOWS\MBR.exe
2010-01-05 14:12:18 ----A---- C:\WINDOWS\grep.exe
2010-01-05 14:10:56 ----D---- C:\WINDOWS\ERDNT
2010-01-05 14:10:17 ----D---- C:\Qoobox
2010-01-05 13:55:48 ----D---- C:\rsit
2010-01-05 13:36:14 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2010-01-05 09:59:48 ----D---- C:\Program Files\jv16 PowerTools
2010-01-05 09:50:38 ----D---- C:\Program Files\Trend Micro
2010-01-05 09:34:10 ----D---- C:\Avenger
2010-01-05 09:27:59 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-01-05 09:02:27 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2010-01-05 09:02:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-05 09:02:22 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-05 09:01:55 ----D---- C:\Documents and Settings\Administrateur\Application Data\WinRAR
2010-01-05 08:41:18 ----RD---- C:\JAN
2010-01-05 08:34:58 ----D---- C:\Program Files\Yahoo!
2010-01-05 08:34:52 ----D---- C:\Program Files\CCleaner
2010-01-05 08:29:25 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-01-05 08:04:31 ----D---- C:\WINDOWS\pss
2010-01-01 02:00:34 ----D---- C:\WINDOWS\system32\XPSViewer
2010-01-01 02:00:28 ----D---- C:\WINDOWS\system32\en-US
2010-01-01 02:00:19 ----D---- C:\Program Files\Reference Assemblies
2010-01-01 01:59:58 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-01-01 01:59:57 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-01-01 01:59:57 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-01-01 01:56:50 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2010-01-01 01:56:45 ----D---- C:\Program Files\MSXML 6.0
2009-12-31 14:27:23 ----D---- C:\Documents and Settings\Administrateur\Application Data\GlarySoft
2009-12-31 14:14:25 ----D---- C:\Program Files\Glary Utilities
2009-12-31 14:14:00 ----A---- C:\WINDOWS\system32\mgxoschk.dll
2009-12-31 14:09:39 ----D---- C:\Config.Msi
2009-12-31 09:11:28 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-31 09:11:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-31 02:25:50 ----A---- C:\WINDOWS\system32\MFC71.dll
2009-12-31 02:25:50 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-12-31 02:25:48 ----D---- C:\Program Files\Alwil Software
2009-12-30 21:45:59 ----RD---- C:\JAMA
2009-12-30 17:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-12-30 17:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-12-30 17:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-12-30 17:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-12-30 17:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-12-30 17:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-12-30 17:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-12-30 17:00:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-30 17:00:41 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-12-30 17:00:36 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-12-30 17:00:31 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-12-30 17:00:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-12-30 17:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-12-30 17:00:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-12-30 17:00:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-12-30 16:59:59 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-12-30 16:59:55 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-12-30 16:59:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-12-30 16:59:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-12-30 16:59:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-12-30 16:59:38 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-12-30 16:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-12-30 16:59:28 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-12-30 16:59:14 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2009-12-30 16:59:08 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-12-30 16:59:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-12-30 16:58:58 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-12-30 16:58:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-12-30 16:58:45 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-12-30 16:58:39 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-30 16:58:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-12-30 16:58:29 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-12-30 16:58:21 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-12-30 16:58:13 ----D---- C:\WINDOWS\ServicePackFiles
2009-12-30 16:58:11 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-12-30 16:58:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-12-30 16:57:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2009-12-30 16:57:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-12-30 16:57:48 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-12-30 16:57:43 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-12-30 16:57:36 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-12-30 16:57:28 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-12-29 09:56:21 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-12-29 08:59:09 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-29 08:47:38 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-12-28 00:12:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-12-28 00:12:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-12-28 00:11:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-28 00:11:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-12-28 00:11:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-12-28 00:11:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-12-28 00:10:52 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-12-28 00:10:33 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-12-27 00:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-12-27 00:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-12-27 00:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-12-27 00:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-12-27 00:00:58 ----D---- C:\WINDOWS\system32\PreInstall
2009-12-27 00:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-12-27 00:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-12-27 00:00:48 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-12-27 00:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-12-26 20:05:42 ----D---- C:\Documents and Settings\Administrateur\Application Data\Macromedia
2009-12-26 20:04:36 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-12-26 19:28:50 ----D---- C:\Documents and Settings\Administrateur\Application Data\Google
2009-12-26 19:19:57 ----D---- C:\Program Files\Google
2009-12-24 22:16:25 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-12-24 21:09:17 ----RD---- C:\RESTORIC
2009-12-21 19:14:57 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt
2009-12-11 14:28:46 ----D---- C:\WINDOWS\system32\appmgmt

======List of files/folders modified in the last 1 months======

2010-01-05 15:11:31 ----D---- C:\WINDOWS\Prefetch
2010-01-05 15:10:40 ----D---- C:\Program Files\Mozilla Firefox
2010-01-05 15:10:27 ----RD---- C:\Program Files
2010-01-05 15:08:57 ----D---- C:\WINDOWS\system32
2010-01-05 15:08:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-05 15:04:57 ----D---- C:\WINDOWS\system32\drivers
2010-01-05 15:04:55 ----D---- C:\WINDOWS
2010-01-05 15:04:41 ----HD---- C:\WINDOWS\inf
2010-01-05 15:04:29 ----D---- C:\WINDOWS\system32\DllCache
2010-01-05 15:04:29 ----D---- C:\WINDOWS\Help
2010-01-05 15:04:29 ----D---- C:\Program Files\Internet Explorer
2010-01-05 15:03:40 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-05 15:03:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-05 15:00:42 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-05 14:59:52 ----D---- C:\WINDOWS\Media
2010-01-05 14:57:02 ----D---- C:\WINDOWS\Debug
2010-01-05 14:54:36 ----D---- C:\Documents and Settings\Administrateur\Application Data\Winamp
2010-01-05 14:53:58 ----SHD---- C:\WINDOWS\Installer
2010-01-05 14:53:28 ----D---- C:\Program Files\Fichiers communs
2010-01-05 14:36:23 ----D---- C:\WINDOWS\SoftwareDistribution
2010-01-05 14:31:22 ----D---- C:\WINDOWS\repair
2010-01-05 14:30:23 ----A---- C:\WINDOWS\system.ini
2010-01-05 14:29:29 ----D---- C:\WINDOWS\AppPatch
2010-01-05 14:19:12 ----D---- C:\WINDOWS\system32\wbem
2010-01-05 14:19:11 ----D---- C:\WINDOWS\ime
2010-01-05 14:19:02 ----D---- C:\Program Files\SuperCopier2
2010-01-05 14:18:39 ----D---- C:\WINDOWS\system32\config
2010-01-05 14:15:00 ----RASH---- C:\boot.ini
2010-01-05 13:31:05 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-05 10:19:58 ----HDC---- C:\WINDOWS\$NtUninstallKB915326$
2010-01-05 09:34:10 ----RD---- C:\WINDOWS\Offline Web Pages
2010-01-05 09:17:45 ----D---- C:\WINDOWS\Microsoft.NET
2010-01-05 09:17:44 ----RSD---- C:\WINDOWS\assembly
2010-01-05 08:06:13 ----A---- C:\WINDOWS\win.ini
2010-01-03 15:28:27 ----D---- C:\WINDOWS\WinSxS
2010-01-01 02:00:26 ----RSD---- C:\WINDOWS\Fonts
2010-01-01 02:00:05 ----D---- C:\WINDOWS\system32\spool
2010-01-01 01:57:48 ----D---- C:\WINDOWS\system32\mui
2009-12-31 14:14:31 ----SD---- C:\WINDOWS\Tasks
2009-12-31 14:08:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-30 17:17:33 ----D---- C:\WINDOWS\system32\Setup
2009-12-30 16:58:54 ----D---- C:\Program Files\Outlook Express
2009-12-26 20:05:40 ----D---- C:\Documents and Settings\Administrateur\Application Data\Adobe
2009-12-26 13:34:26 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2009-12-16 13:11:42 ----D---- C:\Program Files\Windows Media Player

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 abp470n5;abp470n5; \??\C:\WINDOWS\system32\drivers\qmgnjn.sys []
R3 Accelerometer;HP Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2008-05-23 28592]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-04-11 338944]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-03-01 1202560]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-05-08 2880512]
R3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2008-04-03 539512]
R3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-04-03 37424]
R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-04-03 879624]
R3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-04-03 156392]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-04-03 74688]
R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2008-04-28 9344]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NETw5x32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows XP 32 bits ; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-04-28 3626112]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2008-04-10 1804160]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-03-27 224672]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-04-19 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 SCR3XX2K;SCR3xx USB SmartCardReader; C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys [2007-06-21 56448]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc29.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2007-12-11 12800]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-05-08 536576]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-03-31 264800]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-12-30 235344]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-05-01 243016]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 275760]
S4 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-26 205296]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------3
0
Réponse 4 / 21
3omda_75 Messages postés 28 Statut Membre
 
et voila

en premier lieu le rapport de combofix

ComboFix 10-01-04.01 - Administrateur 05/01/2010 14:28:01.2.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2043.1532 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\KillBagle.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrateur\Application Data\lsass.exe
.
---- Exécution préalable -------
.
c:\documents and settings\Administrateur\h7z9c39i7.exe
c:\sin\S-2-3-12-ABCDEF7890-01234567890-1688963592-500\Desktop.ini
c:\windows\system32\drivers\sqeffxh.sys
c:\windows\system32\XP-2F95D5BE.EXE

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_aqjgat

((((((((((((((((((((((((((((( Fichiers créés du 2009-12-05 au 2010-01-05 ))))))))))))))))))))))))))))))))))))
.

2010-01-05 13:19 . 2010-01-05 13:19 -------- d-----w- c:\windows\system32\wbem\snmp
2010-01-05 13:19 . 2010-01-05 13:19 -------- d-----w- c:\windows\system32\xircom
2010-01-05 12:55 . 2010-01-05 12:55 -------- d-----w- C:\rsit
2010-01-05 12:36 . 2010-01-05 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-01-05 08:59 . 2010-01-05 08:59 -------- d-----w- c:\program files\jv16 PowerTools
2010-01-05 08:50 . 2010-01-05 08:50 -------- d-----w- c:\program files\Trend Micro
2010-01-05 08:27 . 2010-01-05 08:28 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-01-05 08:04 . 2010-01-05 08:04 5061520 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-05 08:02 . 2010-01-05 08:02 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2010-01-05 08:02 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-05 08:02 . 2010-01-05 08:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-05 08:02 . 2010-01-05 08:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-05 08:02 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 07:44 . 2010-01-05 08:12 180224 ----a-w- c:\documents and settings\Administrateur\ddaqaea4.exe
2010-01-05 07:41 . 2010-01-05 07:41 -------- d-----r- C:\JAN
2010-01-05 07:41 . 2010-01-05 08:11 172032 ----a-w- c:\documents and settings\Administrateur\easddaeu8.exe
2010-01-05 07:34 . 2010-01-05 07:34 -------- d-----w- c:\program files\Yahoo!
2010-01-05 07:34 . 2010-01-05 07:35 -------- d-----w- c:\program files\CCleaner
2010-01-05 07:29 . 2010-01-05 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-01-01 19:39 . 2010-01-01 20:29 33792 ----a-w- c:\documents and settings\Administrateur\easddaeb8.exe
2010-01-01 01:00 . 2010-01-01 01:00 -------- d-----w- c:\windows\system32\XPSViewer
2010-01-01 01:00 . 2010-01-01 01:00 -------- d-----w- c:\program files\Reference Assemblies
2010-01-01 01:00 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-01-01 00:59 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-01-01 00:59 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-01-01 00:59 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-01-01 00:59 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-01-01 00:59 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-01-01 00:59 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-01-01 00:59 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-01-01 00:59 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-01-01 00:56 . 2010-01-01 00:56 -------- d-----w- c:\program files\MSXML 6.0
2009-12-31 16:37 . 2009-12-31 16:40 33792 ----a-w- c:\documents and settings\Administrateur\easddaeg8.exe
2009-12-31 13:27 . 2009-12-31 13:32 -------- d-----w- c:\documents and settings\Administrateur\Application Data\GlarySoft
2009-12-31 13:14 . 2009-12-31 13:14 -------- d-----w- c:\program files\Glary Utilities
2009-12-31 13:14 . 2007-01-04 11:02 663552 ----a-w- c:\windows\system32\mgxoschk.dll
2009-12-31 12:04 . 2009-12-31 16:19 33792 ----a-w- c:\documents and settings\Administrateur\easddaek9.exe
2009-12-31 01:26 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-31 01:26 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-31 01:26 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-31 01:26 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-31 01:26 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-31 01:26 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-31 01:25 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-31 01:25 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-12-31 01:25 . 2009-12-31 01:25 -------- d-----w- c:\program files\Alwil Software
2009-12-31 00:49 . 2009-12-31 00:58 151552 ----a-w- c:\documents and settings\Administrateur\easddaeg9.exe
2009-12-30 21:15 . 2009-12-30 21:17 2034352 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-12-30 20:45 . 2010-01-05 08:33 -------- d-----r- C:\JAMA
2009-12-30 20:45 . 2009-12-30 21:35 139264 ----a-w- c:\documents and settings\Administrateur\easddaee1.exe
2009-12-30 15:58 . 2009-12-30 15:58 -------- d-----w- c:\windows\ServicePackFiles
2009-12-29 08:56 . 2010-01-05 12:30 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-12-29 08:51 . 2009-12-29 08:52 184320 ----a-w- c:\documents and settings\Administrateur\easddaet8.exe
2009-12-29 07:59 . 2010-01-05 07:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-29 07:57 . 2009-03-06 14:46 286208 ------w- c:\windows\system32\dllcache\pdh.dll
2009-12-29 07:57 . 2009-02-09 10:20 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-12-29 07:57 . 2009-02-09 10:20 399360 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-12-29 07:57 . 2009-02-06 16:54 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-12-29 07:57 . 2009-02-06 16:39 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-29 07:57 . 2005-07-26 04:39 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2009-12-29 07:57 . 2009-02-09 10:20 685056 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-12-29 07:57 . 2009-02-09 10:20 739840 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-12-29 07:57 . 2009-02-09 10:20 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-29 07:57 . 2009-02-09 10:08 111104 ------w- c:\windows\system32\dllcache\services.exe
2009-12-29 07:51 . 2008-10-24 11:10 453632 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-29 07:51 . 2009-07-10 13:41 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-12-29 07:49 . 2009-08-04 17:16 2065024 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-29 07:49 . 2009-08-04 17:16 2188032 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-29 07:49 . 2009-08-04 17:16 2144768 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-29 07:49 . 2009-08-04 17:16 2022912 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-29 07:49 . 2009-06-05 07:46 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-12-29 07:47 . 2008-06-14 17:59 272768 ------w- c:\windows\system32\drivers\bthport.sys
2009-12-29 07:47 . 2008-06-14 17:59 272768 ------w- c:\windows\system32\dllcache\bthport.sys
2009-12-29 07:47 . 2009-12-29 08:15 180224 ----a-w- c:\documents and settings\Administrateur\easddaey9.exe
2009-12-27 22:17 . 2009-12-27 22:17 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\PCHealth
2009-12-27 12:54 . 2008-05-08 12:28 202752 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-12-27 12:54 . 2008-12-11 11:57 333184 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-27 12:32 . 2008-04-11 18:51 683520 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-27 12:32 . 2008-04-21 21:27 219136 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-12-27 12:23 . 2009-08-25 09:47 352256 ------w- c:\windows\system32\dllcache\winhttp.dll
2009-12-27 12:14 . 2009-07-31 04:58 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-12-27 12:13 . 2009-12-27 12:13 180224 ----a-w- c:\documents and settings\Administrateur\easddaeg4.exe
2009-12-26 20:06 . 2008-07-07 20:31 253952 ------w- c:\windows\system32\dllcache\es.dll
2009-12-26 19:43 . 2008-06-12 14:18 956928 ------w- c:\windows\system32\dllcache\msdtctm.dll
2009-12-26 19:43 . 2008-06-12 14:18 161792 ------w- c:\windows\system32\dllcache\msdtcuiu.dll
2009-12-26 19:43 . 2008-06-12 14:18 91648 ------w- c:\windows\system32\dllcache\mtxoci.dll
2009-12-26 19:43 . 2008-06-12 14:18 66560 ------w- c:\windows\system32\dllcache\mtxclu.dll
2009-12-26 19:43 . 2008-06-12 14:18 58880 ------w- c:\windows\system32\dllcache\msdtclog.dll
2009-12-26 19:43 . 2008-06-12 14:18 428032 ------w- c:\windows\system32\dllcache\msdtcprx.dll
2009-12-26 19:42 . 2009-04-15 15:17 584192 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2009-12-26 19:42 . 2008-10-15 16:59 332800 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-12-26 19:41 . 2009-06-21 22:06 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-12-26 19:41 . 2008-05-01 14:31 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-12-26 19:04 . 2009-12-31 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-26 18:25 . 2009-12-26 18:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-12-26 18:20 . 2009-12-26 18:27 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Temp
2009-12-26 18:20 . 2009-12-26 18:20 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-12-26 18:19 . 2009-12-31 13:06 -------- d-----w- c:\program files\Google
2009-12-26 18:19 . 2009-12-31 13:06 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Google
2009-12-26 17:40 . 2009-12-26 23:08 180224 ----a-w- c:\documents and settings\Administrateur\easddaea8.exe
2009-12-24 21:35 . 2009-12-24 21:35 -------- d-s---w- c:\documents and settings\Administrateur\UserData
2009-12-24 20:09 . 2009-12-24 20:09 -------- d-----r- C:\RESTORIC
2009-12-24 20:09 . 2009-12-24 21:36 139264 ----a-w- c:\documents and settings\Administrateur\easddaeb1.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 13:23 . 2001-09-28 13:00 80946 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-05 13:23 . 2001-09-28 13:00 501138 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-05 13:19 . 2010-01-05 13:19 -------- d-----w- c:\program files\microsoft frontpage
2010-01-05 13:19 . 2009-12-05 14:14 -------- d-----w- c:\program files\SuperCopier2
2010-01-04 10:11 . 2009-12-05 14:15 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Winamp
2009-12-05 17:03 . 2009-12-05 17:03 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Media Player Classic
2009-12-05 14:15 . 2009-12-05 13:55 -------- d-----w- c:\program files\Winamp
2009-12-05 14:00 . 2009-12-05 14:00 -------- d-----w- c:\program files\Real Alternative
2009-12-05 13:59 . 2009-11-11 08:33 -------- d-----w- c:\program files\Fichiers communs\Real
2009-12-05 13:58 . 2009-12-05 13:57 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-05 13:58 . 2009-12-05 13:58 0 ----a-w- c:\windows\nsreg.dat
2009-12-05 13:54 . 2009-12-05 13:54 -------- d-----w- c:\documents and settings\Administrateur\Application Data\vlc
2009-12-05 13:54 . 2009-12-05 13:54 -------- d-----w- c:\program files\VideoLAN
2009-11-19 17:38 . 2009-11-19 17:38 65760 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-14 21:10 . 2009-11-11 07:11 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-11 08:36 . 2009-11-11 08:35 -------- d-----w- c:\program files\PDFCreator
2009-11-11 08:28 . 2009-11-11 08:28 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-11-11 08:26 . 2009-11-11 08:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-11 08:25 . 2009-11-11 08:25 -------- d-----w- c:\program files\Microsoft Works
2009-11-11 08:25 . 2009-11-11 08:25 -------- d-----w- c:\program files\MSBuild
2009-11-11 08:24 . 2009-11-11 08:24 -------- d-----w- c:\program files\Microsoft.NET
2009-11-11 08:23 . 2009-11-11 08:23 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-11-11 08:20 . 2009-11-11 08:20 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-11-11 08:20 . 2009-11-11 08:20 -------- d-----w- c:\documents and settings\Administrateur\Application Data\ATI
2009-11-11 08:19 . 2009-11-11 08:19 0 -c--a-w- c:\windows\ativpsrm.bin
2009-11-11 08:12 . 2009-11-11 08:12 -------- d-----w- c:\program files\Analog Devices
2009-11-11 08:08 . 2009-11-11 08:08 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2009-11-11 08:07 . 2009-11-11 08:07 0 -c-ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-11-11 07:40 . 2009-11-11 07:18 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-11 07:40 . 2009-11-11 07:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-11 07:38 . 2009-11-11 07:38 -------- d-----w- c:\program files\Synaptics
2009-11-11 07:36 . 2009-11-11 07:36 -------- d-----w- c:\program files\Fichiers communs\SNP2UVC
2009-11-11 07:36 . 2009-11-11 07:36 -------- d-----w- c:\documents and settings\Administrateur\Application Data\InstallShield
2009-11-11 07:35 . 2009-11-11 07:35 -------- d-----w- c:\program files\SCM Microsystems
2009-11-11 07:32 . 2009-11-11 07:32 -------- d-----w- c:\program files\Intel
2009-11-11 07:30 . 2009-11-11 07:28 -------- d-----w- c:\program files\ATI Technologies
2009-11-11 07:24 . 2009-11-11 07:18 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-11-11 07:23 . 2009-11-11 07:23 -------- d-----w- c:\program files\WIDCOMM
2009-11-11 07:22 . 2009-11-11 07:22 1614 -csha-r- c:\windows\system32\drivers\103C_HP_NTBK_HP Compaq 6830s_YN_0U_QCNU9020RNG_EU_46_I30E9_SHP_VKBC Version 95.1A_B68PZD Ver. F.07_T080918_WXP2_L40C_M2044_J250_7Intel_8Core2 Duo T5870_92_#091111_N_()_XMOBILE_CN10_Z_2F.07_G.MRK
2009-11-11 07:20 . 2009-11-11 07:20 -------- d-----w- c:\program files\HPQ
2009-11-11 07:11 . 2009-11-11 07:11 -------- d-----w- c:\program files\Services en ligne
2009-11-11 07:09 . 2009-11-11 07:09 21892 -c--a-w- c:\windows\system32\emptyregdb.dat
2009-10-29 05:46 . 2004-08-03 23:54 666112 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 06:03 . 2004-08-03 23:54 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:03 . 2004-08-03 23:54 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:54 . 2009-10-20 16:54 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
2009-10-20 14:58 . 2004-08-03 22:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:52 . 2004-08-03 23:54 267776 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:52 . 2004-08-03 23:54 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:52 . 2004-08-03 23:54 113152 ----a-w- c:\windows\system32\rastls.dll
.

------- Sigcheck -------

[-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ctfmon.exe
[-] 2004-08-03 . 9A8FFEC027A54A8CE63DB61DB617BA61 . 93184 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-06-09 82224]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 251184]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1114112]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-30 511312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 93184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
DosÿOptimizer.pif [2007-4-8 377344]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-3-31 576104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Dos Optimizer.pif]
path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
backup=c:\windows\pss\Dos Optimizer.pifStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^¡¡¡¡¡¡.lnk]
path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\¡¡¡¡¡¡.lnk
backup=c:\windows\pss\¡¡¡¡¡¡.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-05-14 10:26 251184 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2008-04-04 15:09 1114112 ----a-r- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 11:17 143360 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-27 18:28 1216512 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 111616 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gupdate"=2 (0x2)
"Com4QLBEx"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\PROGRA~1\\WIDCOMM\\BLUETO~1\\BTSTAC~1.EXE"=
"c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\system32\\SNDVOL32.EXE"=
"c:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"=
"c:\\WINDOWS\\system32\\AccelerometerSt.Exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\ccc.exe"=
"c:\\Program Files\\Winamp\\winampa.exe"=
"c:\\Documents and Settings\\Administrateur\\Bureau\\Best of Najib\\Best of Najib.exe"=
"c:\\Program Files\\SuperCopier2\\SuperCopier2.exe"=
"c:\\Documents and Settings\\Administrateur\\Bureau\\Bonus\\Bonus.exe"=
"c:\\Documents and Settings\\Administrateur\\Menu Démarrer\\Programmes\\Démarrage\\Dos Optimizer.pif"=
"c:\\WINDOWS\\system32\\regsvr32.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Quick Launch Buttons\\QlbCtrl.exe"=
"c:\\Documents and Settings\\Administrateur\\easddaea8.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Program Files\\Windows Media Player\\setup_wm.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Quick Launch Buttons\\Com4QLBEx.exe"=
"c:\\Program Files\\Hewlett-Packard\\Shared\\hpqwmiex.exe"=

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [11/11/2009 09:12 24064]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31/12/2009 02:26 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/12/2009 02:26 20560]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [05/01/2010 09:02 235344]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\qmgnjn.sys --> c:\windows\system32\drivers\qmgnjn.sys [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [05/01/2010 09:02 19160]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [21/06/2007 04:40 56448]
S4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [11/11/2009 08:40 275760]
S4 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/12/2009 19:19 205296]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67KLN5J0-4OPM-65WE-KKX5-313QWE24444}]
2009-12-26 12:31 102400 ----a-w- c:\restoric\RECYCLER\X0R.exe
.
Contenu du dossier 'Tâches planifiées'

2010-01-05 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-12-31 18:27]

2010-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 18:19]

2010-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 18:19]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\tw9l25d6.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
.
- - - - ORPHELINS SUPPRIMES - - - -

MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe

**************************************************************************
Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc22.tmp"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2010-01-05 14:31:49
ComboFix-quarantined-files.txt 2010-01-05 13:31

Avant-CF: 61 423 673 344 octets libres
Après-CF: 61 363 527 680 octets libres

- - End Of File - - 08ACF255D9789FCFD623FDA7C48B9D57

ensuite j'ai mis à jour internet explorer (version 8)
j'ai désinstallé adobe acrobate reader
j'ai installé foxit reader
et enfin le rapport de RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2010-01-05 15:13:40
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 58 GB (77%) free of 75 GB
Total RAM: 2043 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:13:48, on 05/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\AccelerometerSt.Exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\TEMP\wintqyjgx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Dos Optimizer.pif = ?
O4 - Global Startup: BTTray.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 21
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
télécharge OTM
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/ (de Old_Timer) sur ton Bureau.

double-clique sur OTM.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTM :Paste instruction for items to be moved.

:processes
explorer.exe
:files
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbpqk.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwjydqv.exe
:reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwjydqv.exe"=-
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbpqk.exe"=-
:commands
[purity]
[emptytemp]
[start explorer]

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTM\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

_________________________

colle ensuite un scan rapide avec malwarebyte antimalware
0
3omda_75 Messages postés 28 Statut Membre
 
Bonjour,

désolé pour ce retard, et voila le rapport de OTM

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbpqk.exe moved successfully.
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwjydqv.exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shared­access\parameters\firewallpolicy\standardprofile\authorizeda­pplications\list not found.
Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shared­access\parameters\firewallpolicy\standardprofile\authorizeda­pplications\list not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 580232 bytes
->Temporary Internet Files folder emptied: 2098281 bytes
->FireFox cache emptied: 69337329 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114937 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 25638 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10939416 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 81,00 mb


OTM by OldTimer - Version 3.1.4.0 log created on 01062010_080331

Files moved on Reboot...

Registry entries deleted on Reboot...


et le rapport de malwarebytes (scan rapide)

Malwarebytes' Anti-Malware 1.43
Version de la base de données: 3495
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

06/01/2010 08:15:56
mbam-log-2010-01-06 (08-15-56).txt

Type de recherche: Examen rapide
Eléments examinés: 102098
Temps écoulé: 3 minute(s), 15 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\frameworkservice (Trojan.Delf) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\frameworkservice (Trojan.Delf) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Administrateur\Application Data\lsass.exe (Trojan.Delf) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\smss.exe (Trojan.Delf) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Sexy Girls.scr (Trojan.Delf) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\smss.exe (Trojan.Delf) -> Quarantined and deleted successfully.


et il me demande de redémarrer l'ordinateur maintenant pour terminer la suppression.
0
Réponse 6 / 21
3omda_75 Messages postés 28 Statut Membre
 
Bonjour,

voila le rapport de OTM

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbpqk.exe moved successfully.
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwjydqv.exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shared­­access\parameters\firewallpolicy\standardprofile\authorizeda­­pplications\list not found.
Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shared­­access\parameters\firewallpolicy\standardprofile\authorizeda­­pplications\list not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 580232 bytes
->Temporary Internet Files folder emptied: 2098281 bytes
->FireFox cache emptied: 69337329 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114937 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 25638 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10939416 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 81,00 mb

OTM by OldTimer - Version 3.1.4.0 log created on 01062010_080331

Files moved on Reboot...

Registry entries deleted on Reboot...

et le rapport de malwarebytes (scan rapide)

Malwarebytes' Anti-Malware 1.43
Version de la base de données: 3495
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

06/01/2010 08:15:56
mbam-log-2010-01-06 (08-15-56).txt

Type de recherche: Examen rapide
Eléments examinés: 102098
Temps écoulé: 3 minute(s), 15 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\frameworkservice (Trojan.Delf) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\frameworkservice (Trojan.Delf) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Administrateur\Application Data\lsass.exe (Trojan.Delf) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\smss.exe (Trojan.Delf) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Sexy Girls.scr (Trojan.Delf) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\smss.exe (Trojan.Delf) -> Quarantined and deleted successfully.

et il me demande de redémarrer l'ordinateur maintenant pour terminer la suppression.
0
Réponse 7 / 21
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
branche tous tes supports externes et colle un rapport option 1 avec usbfix
0
3omda_75 Messages postés 28 Statut Membre
 
############################## | UsbFix V6.070 |

User : Administrateur (Administrateurs) # STANDARD
Update on 03/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 11:47:00 | 06/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled

C:\ -> Disque fixe local # 73,24 Go (57,16 Go free) # NTFS
D:\ -> Disque CD-ROM # 0 Mo (0 Mo free) [Audio CD] # CDFS
E:\ -> Disque fixe local # 159,63 Go (145,93 Go free) # NTFS

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 584
C:\WINDOWS\system32\csrss.exe 716
C:\WINDOWS\system32\winlogon.exe 748
C:\WINDOWS\system32\services.exe 792
C:\WINDOWS\system32\lsass.exe 804
C:\WINDOWS\system32\Ati2evxx.exe 964
C:\WINDOWS\system32\svchost.exe 976
C:\WINDOWS\system32\svchost.exe 1052
C:\WINDOWS\System32\svchost.exe 1092
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 1116
C:\WINDOWS\system32\svchost.exe 1176
C:\WINDOWS\system32\Ati2evxx.exe 1284
C:\WINDOWS\system32\svchost.exe 1360
C:\WINDOWS\system32\spoolsv.exe 1736
C:\WINDOWS\Explorer.EXE 1788
C:\WINDOWS\System32\SCardSvr.exe 1796
C:\WINDOWS\system32\AccelerometerSt.Exe 1880
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe 1888
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe 1908
C:\Program Files\SuperCopier2\SuperCopier2.exe 1920
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe 208
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif 220
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE 280
C:\Program Files\Google\Update\GoogleUpdate.exe 1244
C:\WINDOWS\system32\svchost.exe 2212
C:\WINDOWS\system32\agrsmsvc.exe 2244
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 2312
C:\WINDOWS\system32\svchost.exe 2440
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 2832
C:\WINDOWS\system32\wbem\wmiprvse.exe 3132
C:\WINDOWS\System32\svchost.exe 2136
C:\WINDOWS\system32\wuauclt.exe 3788
C:\Program Files\Mozilla Firefox\firefox.exe 3048
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\lifmrn.exe 2756
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqkwihp.exe 168
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winynukxx.exe 3156
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winpahnc.exe 1572
C:\Documents and Settings\Administrateur\Bureau\Nouveau dossier (2)\Administrateur_Fichiers.exe 1324
C:\Documents and Settings\Administrateur\Bureau\Nouveau dossier (2)\Administrateur_Fichiers.exe 1860
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\beon.exe 3980
C:\WINDOWS\system32\wbem\wmiprvse.exe 1852

################## | Elements infectieux |

C:\WINDOWS\inf\smss.exe
C:\WINDOWS\System32\Sexy Girls.scr
C:\DOCUME~1\ADMINI~1\APPLIC~1\smss.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\svchost.exe

################## | Registre |

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FrameWorkService"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "FrameWorkService"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFind"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRun"

################## | Mountpoints2 |


################## | Cracks > Keygens > Serials |


################## | ! Fin du rapport # UsbFix V6.070 ! |
0
Réponse 8 / 21
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok fais un rapport avec l'option 2

puis dis tes soucis
et remets un rapport RSIT ensuite
0
3omda_75 Messages postés 28 Statut Membre
 
alors c'est fait sauf que usbfix a crée un ficher RAR que je l'ai fait l'upload sur chiquitine.changelog sur sa demande et à la fin de l'upload il me dit que j'ai pas sélectionné un fichier par contre je l'ai déja fait et il s'appelle (UsbFix_Upload_Me_STANDARD).
voici le rapport RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2010-01-06 14:20:54
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 65 GB (86%) free of 75 GB
Total RAM: 2043 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:20:57, on 06/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Dos Optimizer.pif = ?
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
0
Réponse 9 / 21
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

_______________

telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

_________________

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winuhiqew.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwjydqv.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbpqk.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\lifmrn.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqkwihp.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winvospck.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tyws.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windufy.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingvmtnp.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cdxsyq.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qkfbhs.exe
Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwjydqv.exe"=-
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbpqk.exe"=-
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\lifmrn.exe"=-
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqkwihp.exe"=-
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winvospck.exe"=-
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tyws.exe"=-
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windufy.exe"=-
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingvmtnp.exe"=
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cdxsyq.exe"=-
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qkfbhs.exe"=-
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winuhiqew.exe"=-

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
3omda_75 Messages postés 28 Statut Membre
 
Bonjours
0
3omda_75 Messages postés 28 Statut Membre
 
ComboFix 10-01-11.03 - Administrateur 12/01/2010 9:17.3.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2043.1509 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFscript.txt

FILE ::
"c:\docume~1\ADMINI~1\LOCALS~1\Temp\cdxsyq.exe"
"c:\docume~1\ADMINI~1\LOCALS~1\Temp\lifmrn.exe"
"c:\docume~1\ADMINI~1\LOCALS~1\Temp\qkfbhs.exe"
"c:\docume~1\ADMINI~1\LOCALS~1\Temp\tyws.exe"
"c:\docume~1\ADMINI~1\LOCALS~1\Temp\winbpqk.exe"
"c:\docume~1\ADMINI~1\LOCALS~1\Temp\windufy.exe"
"c:\docume~1\ADMINI~1\LOCALS~1\Temp\wingvmtnp.exe"
"c:\docume~1\ADMINI~1\LOCALS~1\Temp\winqkwihp.exe"
"c:\docume~1\ADMINI~1\LOCALS~1\Temp\winuhiqew.exe"
"c:\docume~1\ADMINI~1\LOCALS~1\Temp\winvospck.exe"
"c:\docume~1\ADMINI~1\LOCALS~1\Temp\winwjydqv.exe"
.
Les fichiers ci-dessous ont été désactivés pendant l'exécution:
c:\program files\SuperCopier2\SC2Hook.dll


(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrateur\Application Data\lsass.exe
c:\documents and settings\Administrateur\Application Data\svchost.exe
C:\LOG.TXT
C:\restore
c:\windows\Inf\smss.exe
c:\windows\system32\Sexy Girls.scr

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-12 au 2010-01-12 ))))))))))))))))))))))))))))))))))))
.

2010-01-06 14:40 . 2010-01-06 14:41 -------- d-----w- C:\FindyKill
2010-01-06 10:46 . 2010-01-06 12:46 -------- d-----w- C:\UsbFix
2010-01-06 07:03 . 2010-01-06 07:03 -------- d-----w- C:\_OTM
2010-01-05 14:20 . 2010-01-05 14:20 -------- d-sh--w- c:\documents and settings\Administrateur\IECompatCache
2010-01-05 14:19 . 2010-01-05 14:19 -------- d-sh--w- c:\documents and settings\Administrateur\PrivacIE
2010-01-05 14:10 . 2010-01-05 14:10 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Foxit
2010-01-05 14:10 . 2010-01-05 14:10 -------- d-----w- c:\program files\Foxit Software
2010-01-05 14:04 . 2010-01-05 14:04 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-01-05 14:04 . 2010-01-05 14:04 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2010-01-05 14:00 . 2010-01-06 15:19 -------- d-----w- c:\windows\ie8updates
2010-01-05 13:58 . 2010-01-05 14:00 -------- dc-h--w- c:\windows\ie8
2010-01-05 13:58 . 2010-01-05 13:59 -------- d-----w- c:\windows\system32\fr-FR
2010-01-05 13:56 . 2009-10-29 07:42 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-05 13:56 . 2009-10-29 07:42 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-05 13:56 . 2009-10-29 07:42 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-01-05 13:56 . 2009-10-29 07:42 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-05 13:56 . 2009-10-29 07:42 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-05 13:56 . 2009-10-29 07:42 11069952 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-01-05 13:53 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-01-05 13:27 . 2010-01-05 13:31 -------- d-----w- C:\KillBagle
2010-01-05 13:19 . 2010-01-05 13:19 -------- d-----w- c:\windows\system32\wbem\snmp
2010-01-05 13:19 . 2010-01-05 13:19 -------- d-----w- c:\windows\system32\xircom
2010-01-05 13:19 . 2010-01-05 13:19 -------- d-----w- c:\program files\microsoft frontpage
2010-01-05 12:55 . 2010-01-05 12:55 -------- d-----w- C:\rsit
2010-01-05 12:36 . 2010-01-05 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-01-05 08:59 . 2010-01-05 08:59 -------- d-----w- c:\program files\jv16 PowerTools
2010-01-05 08:50 . 2010-01-05 08:50 -------- d-----w- c:\program files\Trend Micro
2010-01-05 08:27 . 2010-01-05 08:28 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-01-05 08:04 . 2010-01-05 08:04 5061520 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-05 08:02 . 2010-01-05 08:02 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2010-01-05 08:02 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-05 08:02 . 2010-01-05 08:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-05 08:02 . 2010-01-05 08:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-05 08:02 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 07:44 . 2010-01-05 08:12 180224 ----a-w- c:\documents and settings\Administrateur\ddaqaea4.exe
2010-01-05 07:41 . 2010-01-05 07:41 -------- d-----r- C:\JAN
2010-01-05 07:41 . 2010-01-05 08:11 172032 ----a-w- c:\documents and settings\Administrateur\easddaeu8.exe
2010-01-05 07:34 . 2010-01-05 07:34 -------- d-----w- c:\program files\Yahoo!
2010-01-05 07:34 . 2010-01-05 07:35 -------- d-----w- c:\program files\CCleaner
2010-01-05 07:29 . 2010-01-05 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-01-01 19:39 . 2010-01-01 20:29 33792 ----a-w- c:\documents and settings\Administrateur\easddaeb8.exe
2010-01-01 01:00 . 2010-01-01 01:00 -------- d-----w- c:\windows\system32\XPSViewer
2010-01-01 01:00 . 2010-01-01 01:00 -------- d-----w- c:\program files\Reference Assemblies
2010-01-01 01:00 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-01-01 00:59 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-01-01 00:59 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-01-01 00:59 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-01-01 00:59 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-01-01 00:59 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-01-01 00:59 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-01-01 00:59 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-01-01 00:59 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-01-01 00:56 . 2010-01-01 00:56 -------- d-----w- c:\program files\MSXML 6.0
2009-12-31 16:37 . 2009-12-31 16:40 33792 ----a-w- c:\documents and settings\Administrateur\easddaeg8.exe
2009-12-31 13:27 . 2009-12-31 13:32 -------- d-----w- c:\documents and settings\Administrateur\Application Data\GlarySoft
2009-12-31 13:14 . 2009-12-31 13:14 -------- d-----w- c:\program files\Glary Utilities
2009-12-31 13:14 . 2007-01-04 11:02 663552 ----a-w- c:\windows\system32\mgxoschk.dll
2009-12-31 12:04 . 2009-12-31 16:19 33792 ----a-w- c:\documents and settings\Administrateur\easddaek9.exe
2009-12-31 01:26 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-31 01:26 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-31 01:26 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-31 01:26 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-31 01:26 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-31 01:26 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-31 01:25 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-31 01:25 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-12-31 01:25 . 2009-12-31 01:25 -------- d-----w- c:\program files\Alwil Software
2009-12-31 00:49 . 2009-12-31 00:58 151552 ----a-w- c:\documents and settings\Administrateur\easddaeg9.exe
2009-12-30 21:15 . 2009-12-30 21:17 2034352 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-12-30 20:45 . 2010-01-05 08:33 -------- d-----r- C:\JAMA
2009-12-30 20:45 . 2009-12-30 21:35 139264 ----a-w- c:\documents and settings\Administrateur\easddaee1.exe
2009-12-30 15:58 . 2009-12-30 15:58 -------- d-----w- c:\windows\ServicePackFiles
2009-12-29 08:56 . 2010-01-05 12:30 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-12-29 08:51 . 2009-12-29 08:52 184320 ----a-w- c:\documents and settings\Administrateur\easddaet8.exe
2009-12-29 07:59 . 2010-01-05 07:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-29 07:57 . 2009-03-06 14:46 286208 ------w- c:\windows\system32\dllcache\pdh.dll
2009-12-29 07:57 . 2009-02-09 10:20 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-12-29 07:57 . 2009-02-09 10:20 399360 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-12-29 07:57 . 2009-02-06 16:54 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-12-29 07:57 . 2009-02-06 16:39 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-29 07:57 . 2005-07-26 04:39 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2009-12-29 07:57 . 2009-02-09 10:20 685056 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-12-29 07:57 . 2009-02-09 10:20 739840 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-12-29 07:57 . 2009-02-09 10:20 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-29 07:57 . 2009-02-09 10:08 111104 ------w- c:\windows\system32\dllcache\services.exe
2009-12-29 07:51 . 2008-10-24 11:10 453632 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-29 07:51 . 2009-07-10 13:41 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-12-29 07:49 . 2009-08-04 17:16 2065024 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-29 07:49 . 2009-08-04 17:16 2188032 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-29 07:49 . 2009-08-04 17:16 2144768 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-29 07:49 . 2009-08-04 17:16 2022912 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-29 07:49 . 2009-06-05 07:46 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-12-29 07:47 . 2008-06-14 17:59 272768 ------w- c:\windows\system32\drivers\bthport.sys
2009-12-29 07:47 . 2008-06-14 17:59 272768 ------w- c:\windows\system32\dllcache\bthport.sys
2009-12-29 07:47 . 2009-12-29 08:15 180224 ----a-w- c:\documents and settings\Administrateur\easddaey9.exe
2009-12-27 22:17 . 2009-12-27 22:17 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\PCHealth
2009-12-27 12:54 . 2008-05-08 12:28 202752 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-12-27 12:54 . 2008-12-11 11:57 333184 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-27 12:32 . 2008-04-11 18:51 683520 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-27 12:32 . 2008-04-21 21:27 219136 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-12-27 12:23 . 2009-08-25 09:47 352256 ------w- c:\windows\system32\dllcache\winhttp.dll
2009-12-27 12:14 . 2009-07-31 04:58 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-12-27 12:13 . 2009-12-27 12:13 180224 ----a-w- c:\documents and settings\Administrateur\easddaeg4.exe
2009-12-26 20:06 . 2008-07-07 20:31 253952 ------w- c:\windows\system32\dllcache\es.dll
2009-12-26 19:43 . 2008-06-12 14:18 956928 ------w- c:\windows\system32\dllcache\msdtctm.dll
2009-12-26 19:43 . 2008-06-12 14:18 161792 ------w- c:\windows\system32\dllcache\msdtcuiu.dll
2009-12-26 19:43 . 2008-06-12 14:18 91648 ------w- c:\windows\system32\dllcache\mtxoci.dll
2009-12-26 19:43 . 2008-06-12 14:18 66560 ------w- c:\windows\system32\dllcache\mtxclu.dll
2009-12-26 19:43 . 2008-06-12 14:18 58880 ------w- c:\windows\system32\dllcache\msdtclog.dll
2009-12-26 19:43 . 2008-06-12 14:18 428032 ------w- c:\windows\system32\dllcache\msdtcprx.dll
2009-12-26 19:42 . 2009-04-15 15:17 584192 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2009-12-26 19:42 . 2008-10-15 16:59 332800 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-12-26 19:41 . 2009-06-21 22:06 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-12-26 19:41 . 2008-05-01 14:31 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-12-26 19:04 . 2009-12-31 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-26 18:25 . 2009-12-26 18:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-12-26 18:20 . 2009-12-26 18:27 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Temp
2009-12-26 18:20 . 2009-12-26 18:20 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-12-26 18:19 . 2009-12-31 13:06 -------- d-----w- c:\program files\Google
2009-12-26 18:19 . 2009-12-31 13:06 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Google
2009-12-26 17:40 . 2009-12-26 23:08 180224 ----a-w- c:\documents and settings\Administrateur\easddaea8.exe
2009-12-24 21:35 . 2009-12-24 21:35 -------- d-s---w- c:\documents and settings\Administrateur\UserData
2009-12-24 20:09 . 2009-12-24 20:09 -------- d-----r- C:\RESTORIC
2009-12-24 20:09 . 2009-12-24 21:36 139264 ----a-w- c:\documents and settings\Administrateur\easddaeb1.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-12 08:16 . 2009-12-05 14:14 -------- d-----w- c:\program files\SuperCopier2
2010-01-12 08:07 . 2001-09-28 13:00 80946 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-12 08:07 . 2001-09-28 13:00 501138 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-06 15:43 . 2009-11-19 17:38 65760 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-05 13:54 . 2009-12-05 14:15 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Winamp
2009-12-05 17:03 . 2009-12-05 17:03 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Media Player Classic
2009-12-05 14:15 . 2009-12-05 13:55 -------- d-----w- c:\program files\Winamp
2009-12-05 14:00 . 2009-12-05 14:00 -------- d-----w- c:\program files\Real Alternative
2009-12-05 13:59 . 2009-11-11 08:33 -------- d-----w- c:\program files\Fichiers communs\Real
2009-12-05 13:58 . 2009-12-05 13:57 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-05 13:58 . 2009-12-05 13:58 0 ----a-w- c:\windows\nsreg.dat
2009-12-05 13:54 . 2009-12-05 13:54 -------- d-----w- c:\documents and settings\Administrateur\Application Data\vlc
2009-12-05 13:54 . 2009-12-05 13:54 -------- d-----w- c:\program files\VideoLAN
2009-11-14 21:10 . 2009-11-11 07:11 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-11 08:19 . 2009-11-11 08:19 0 -c--a-w- c:\windows\ativpsrm.bin
2009-11-11 07:09 . 2009-11-11 07:09 21892 -c--a-w- c:\windows\system32\emptyregdb.dat
2009-10-29 07:42 . 2004-08-03 23:54 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 06:03 . 2004-08-03 23:54 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:03 . 2004-08-03 23:54 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:54 . 2009-10-20 16:54 141912 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
2009-10-20 14:58 . 2004-08-03 22:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
.
0
3omda_75 Messages postés 28 Statut Membre > 3omda_75 Messages postés 28 Statut Membre
 
------- Sigcheck -------

[-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ctfmon.exe
[-] 2004-08-03 . 9A8FFEC027A54A8CE63DB61DB617BA61 . 93184 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-01-05_13.30.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-03 23:55 . 2004-08-03 23:55 50176 c:\windows\system32\utilman.exe
+ 2004-08-03 23:55 . 2006-10-04 13:32 50176 c:\windows\system32\utilman.exe
- 2004-08-03 23:54 . 2004-08-03 23:54 36864 c:\windows\system32\umandlg.dll
+ 2004-08-03 23:54 . 2006-10-04 13:38 36864 c:\windows\system32\umandlg.dll
+ 2009-11-11 07:18 . 2009-01-07 17:21 26144 c:\windows\system32\spupdsvc.exe
+ 2009-08-19 10:11 . 2008-07-01 10:06 40960 c:\windows\system32\spool\drivers\w32x86\3\SQ0BUR.DLL
+ 2009-08-19 10:11 . 2008-07-09 01:47 40960 c:\windows\system32\spool\drivers\w32x86\3\SQ0BUP29.DLL
+ 2009-08-19 10:11 . 2008-07-09 01:48 24576 c:\windows\system32\spool\drivers\w32x86\3\SQ0BUP2.DLL
+ 2009-08-19 10:11 . 2008-07-09 01:51 24576 c:\windows\system32\spool\drivers\w32x86\3\SQ0BUN.DLL
+ 2009-08-19 10:11 . 2008-06-18 09:48 72737 c:\windows\system32\spool\drivers\w32x86\3\SQ0BU.DLL
+ 2009-08-19 10:11 . 2008-07-02 03:09 49152 c:\windows\system32\spool\drivers\w32x86\3\SQ0BSTMN.DLL
+ 2009-08-19 10:11 . 2002-03-13 04:04 49152 c:\windows\system32\spool\drivers\w32x86\3\SQ0BMTNT.DLL
+ 2009-08-19 10:11 . 2008-07-02 13:05 40960 c:\windows\system32\spool\drivers\w32x86\3\SQ0BLMSW.EXE
+ 2009-08-19 10:11 . 2008-04-18 09:34 81920 c:\windows\system32\spool\drivers\w32x86\3\SQ0BLMIF.DLL
+ 2009-08-19 10:11 . 2008-07-16 00:56 73728 c:\windows\system32\spool\drivers\w32x86\3\SQ0BGC.DLL
+ 2009-08-19 10:11 . 2008-04-18 09:31 57344 c:\windows\system32\spool\drivers\w32x86\3\SQ0BCPIF.DLL
+ 2009-08-19 10:11 . 2008-07-02 13:05 24576 c:\windows\system32\spool\drivers\w32x86\3\SQ0BCFNC.DLL
+ 2009-11-11 07:20 . 2009-01-07 17:21 17952 c:\windows\system32\spmsg.dll
+ 2004-08-03 23:54 . 2009-03-08 03:31 46592 c:\windows\system32\pngfilt.dll
- 2001-09-28 13:00 . 2010-01-05 13:23 67646 c:\windows\system32\perfc009.dat
+ 2001-09-28 13:00 . 2010-01-12 08:07 67646 c:\windows\system32\perfc009.dat
+ 2009-01-07 17:20 . 2009-01-07 17:20 23552 c:\windows\system32\normaliz.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 24576 c:\windows\system32\nlsdl.dll
- 2004-08-03 23:55 . 2004-08-03 23:55 55296 c:\windows\system32\narrator.exe
+ 2004-08-03 23:55 . 2006-10-04 13:32 55296 c:\windows\system32\narrator.exe
+ 2004-08-03 23:53 . 2009-03-08 03:31 48128 c:\windows\system32\mshtmler.dll
+ 2004-08-03 23:54 . 2009-03-08 03:31 66560 c:\windows\system32\mshtmled.dll
+ 2004-08-03 23:54 . 2009-03-08 03:31 45568 c:\windows\system32\mshta.exe
+ 2009-03-08 03:31 . 2009-03-08 03:31 13312 c:\windows\system32\msfeedssync.exe
+ 2009-03-08 03:31 . 2009-10-29 07:42 55296 c:\windows\system32\msfeedsbs.dll
- 2004-08-03 23:54 . 2004-08-03 23:54 73216 c:\windows\system32\magnify.exe
+ 2004-08-03 23:54 . 2006-10-04 13:32 73216 c:\windows\system32\magnify.exe
+ 2010-01-06 08:06 . 2010-01-06 08:06 85173 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2004-08-03 23:54 . 2009-03-08 03:34 43008 c:\windows\system32\licmgr10.dll
+ 2004-08-03 23:54 . 2009-10-29 07:42 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-03 23:54 . 2009-03-08 03:32 94720 c:\windows\system32\inseng.dll
+ 2004-08-03 23:54 . 2009-03-08 03:31 34816 c:\windows\system32\imgutil.dll
+ 2009-03-08 03:32 . 2009-03-08 03:32 36864 c:\windows\system32\ieudinit.exe
+ 2004-08-03 23:54 . 2009-03-08 03:32 71680 c:\windows\system32\iesetup.dll
+ 2004-08-03 23:54 . 2009-03-08 03:32 55808 c:\windows\system32\iernonce.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 26112 c:\windows\system32\idndl.dll
+ 2009-03-08 03:31 . 2009-03-08 03:31 59904 c:\windows\system32\icardie.dll
+ 2006-10-04 13:32 . 2006-10-04 13:32 50176 c:\windows\system32\DllCache\utilman.exe
+ 2006-10-04 13:38 . 2006-10-04 13:38 36864 c:\windows\system32\DllCache\umandlg.dll
+ 2009-10-29 05:46 . 2009-03-08 03:31 46592 c:\windows\system32\DllCache\pngfilt.dll
+ 2006-10-04 13:32 . 2006-10-04 13:32 55296 c:\windows\system32\DllCache\narrator.exe
+ 2009-03-08 03:31 . 2009-03-08 03:31 48128 c:\windows\system32\DllCache\mshtmler.dll
+ 2009-10-29 05:46 . 2009-03-08 03:31 66560 c:\windows\system32\DllCache\mshtmled.dll
+ 2009-03-08 03:31 . 2009-03-08 03:31 45568 c:\windows\system32\DllCache\mshta.exe
+ 2006-10-04 13:32 . 2006-10-04 13:32 73216 c:\windows\system32\DllCache\magnify.exe
+ 2009-03-08 03:34 . 2009-03-08 03:34 43008 c:\windows\system32\DllCache\licmgr10.dll
+ 2009-10-29 05:46 . 2009-10-29 07:42 25600 c:\windows\system32\DllCache\jsproxy.dll
+ 2009-10-29 05:46 . 2009-03-08 03:32 94720 c:\windows\system32\DllCache\inseng.dll
+ 2009-03-08 03:31 . 2009-03-08 03:31 34816 c:\windows\system32\DllCache\imgutil.dll
+ 2009-03-08 03:32 . 2009-03-08 03:32 71680 c:\windows\system32\DllCache\iesetup.dll
+ 2009-03-08 03:32 . 2009-03-08 03:32 55808 c:\windows\system32\DllCache\iernonce.dll
+ 2009-03-08 03:24 . 2009-03-08 03:24 68608 c:\windows\system32\DllCache\hmmapi.dll
+ 2009-03-08 03:33 . 2009-03-08 03:33 18944 c:\windows\system32\DllCache\corpol.dll
+ 2009-03-08 03:32 . 2009-03-08 03:32 72704 c:\windows\system32\DllCache\admparse.dll
+ 2004-08-03 23:54 . 2009-03-08 03:33 18944 c:\windows\system32\corpol.dll
+ 2004-08-03 23:54 . 2009-03-08 03:32 72704 c:\windows\system32\admparse.dll
+ 2010-01-05 14:00 . 2009-03-08 03:33 12288 c:\windows\ie8updates\KB976325-IE8\xpshims.dll
+ 2010-01-05 14:00 . 2009-03-08 03:31 55296 c:\windows\ie8updates\KB976325-IE8\msfeedsbs.dll
+ 2010-01-05 14:00 . 2009-03-08 03:33 25600 c:\windows\ie8updates\KB976325-IE8\jsproxy.dll
+ 2010-01-05 13:58 . 2004-08-03 23:54 37888 c:\windows\ie8\url.dll
+ 2010-01-05 13:59 . 2009-03-08 15:14 58448 c:\windows\ie8\spuninst\iecustom.dll
+ 2010-01-05 13:58 . 2009-10-29 05:46 39424 c:\windows\ie8\pngfilt.dll
+ 2010-01-05 13:58 . 2004-08-03 23:54 97280 c:\windows\ie8\occache.dll
+ 2010-01-05 13:58 . 2004-08-03 23:53 57344 c:\windows\ie8\mshtmler.dll
+ 2010-01-05 13:58 . 2004-08-03 23:54 22528 c:\windows\ie8\licmgr10.dll
+ 2010-01-05 13:58 . 2009-10-29 05:46 16384 c:\windows\ie8\jsproxy.dll
+ 2010-01-05 13:58 . 2009-10-29 05:46 96768 c:\windows\ie8\inseng.dll
+ 2010-01-05 13:58 . 2004-08-03 23:54 35840 c:\windows\ie8\imgutil.dll
+ 2010-01-05 13:58 . 2004-08-03 23:54 63488 c:\windows\ie8\iesetup.dll
+ 2010-01-05 13:58 . 2004-08-03 23:54 49152 c:\windows\ie8\iernonce.dll
+ 2010-01-05 13:58 . 2009-09-25 05:54 81920 c:\windows\ie8\ieencode.dll
+ 2010-01-05 13:58 . 2004-08-03 23:54 34304 c:\windows\ie8\ie4uinit.exe
+ 2010-01-05 13:58 . 2004-08-03 23:54 38912 c:\windows\ie8\hmmapi.dll
+ 2010-01-05 13:58 . 2004-08-03 23:54 35328 c:\windows\ie8\corpol.dll
+ 2010-01-05 13:58 . 2004-08-03 23:54 61440 c:\windows\ie8\admparse.dll
+ 2010-01-06 07:01 . 2010-01-06 07:01 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
+ 2010-01-06 07:43 . 2010-01-06 07:43 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2010-01-06 07:43 . 2010-01-06 07:43 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2010-01-06 07:42 . 2010-01-06 07:42 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-01-06 07:42 . 2010-01-06 07:42 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2010-01-06 06:59 . 2010-01-06 06:59 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
+ 2010-01-06 06:59 . 2010-01-06 06:59 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
+ 2010-01-06 07:43 . 2010-01-06 07:43 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2010-01-06 07:42 . 2010-01-06 07:42 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
+ 2010-01-06 07:41 . 2010-01-06 07:41 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2010-01-06 07:41 . 2010-01-06 07:41 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
+ 2010-01-06 07:41 . 2010-01-06 07:41 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-08-19 10:11 . 2008-06-05 02:01 1912 c:\windows\system32\spool\drivers\w32x86\3\SQ0BWMS1.DAT
+ 2009-08-19 10:11 . 2008-07-03 09:01 5749 c:\windows\system32\spool\drivers\w32x86\3\SQ0BUEP.DAT
+ 2009-08-19 10:11 . 2002-11-01 00:09 1506 c:\windows\system32\spool\drivers\w32x86\3\SQ0BSTMN.DAT
+ 2009-08-19 10:11 . 2008-07-02 00:34 9260 c:\windows\system32\spool\drivers\w32x86\3\SQ0BPIS1.DAT
+ 2009-08-19 10:11 . 2008-06-23 01:44 9437 c:\windows\system32\spool\drivers\w32x86\3\SQ0BNP2.DAT
+ 2009-08-19 10:11 . 2004-12-17 14:34 4796 c:\windows\system32\spool\drivers\w32x86\3\SQ0BGCT.DAT
+ 2009-08-19 10:11 . 2008-07-09 03:12 2976 c:\windows\system32\spool\drivers\w32x86\3\SQ0B_RLV.DAT
+ 2010-01-05 14:00 . 2009-03-08 03:35 2048 c:\windows\ie8updates\KB975364-IE8\iecompat.dll
0
3omda_75 Messages postés 28 Statut Membre > 3omda_75 Messages postés 28 Statut Membre
 
+ 2010-01-05 16:10 . 2010-01-05 16:10 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-01-03 14:28 . 2010-01-03 14:28 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-01-07 17:21 . 2009-01-07 17:21 121856 c:\windows\system32\xmllite.dll
+ 2009-03-08 03:34 . 2009-03-08 03:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2004-08-03 23:54 . 2009-03-08 03:34 236544 c:\windows\system32\webcheck.dll
+ 2004-08-03 23:54 . 2009-03-08 03:33 420352 c:\windows\system32\vbscript.dll
+ 2004-08-03 23:54 . 2009-03-08 03:34 105984 c:\windows\system32\url.dll
+ 2009-08-19 10:11 . 2008-07-01 10:05 122880 c:\windows\system32\spool\drivers\w32x86\3\SQ0BUSR.DLL
+ 2009-08-19 10:11 . 2008-07-09 01:51 532480 c:\windows\system32\spool\drivers\w32x86\3\SQ0BUP.DLL
+ 2009-08-19 10:11 . 2008-07-09 01:51 307200 c:\windows\system32\spool\drivers\w32x86\3\SQ0BUD.DLL
+ 2009-08-19 10:11 . 2008-05-22 01:12 172032 c:\windows\system32\spool\drivers\w32x86\3\SQ0BSTMN.EXE
+ 2009-08-19 10:11 . 2008-05-29 08:11 126976 c:\windows\system32\spool\drivers\w32x86\3\SQ0BLMON.DLL
+ 2009-08-19 10:11 . 2008-05-27 08:28 110592 c:\windows\system32\spool\drivers\w32x86\3\SQ0BGD.DLL
+ 2009-08-19 10:11 . 2008-07-16 00:56 450560 c:\windows\system32\spool\drivers\w32x86\3\SQ0BGCP.DLL
+ 2009-08-19 10:11 . 2005-10-22 05:15 131072 c:\windows\system32\spool\drivers\w32x86\3\SQ0B2CMM.DLL
+ 2009-08-19 10:11 . 2005-10-22 05:16 122880 c:\windows\system32\spool\drivers\w32x86\3\SQ0B2C32.DLL
+ 2009-08-19 10:11 . 2005-08-02 00:09 126976 c:\windows\system32\spool\drivers\w32x86\3\SQ0B2BIM.DLL
- 2001-09-28 13:00 . 2010-01-05 13:23 432690 c:\windows\system32\perfh009.dat
+ 2001-09-28 13:00 . 2010-01-12 08:07 432690 c:\windows\system32\perfh009.dat
- 2004-08-03 23:55 . 2004-08-03 23:55 216576 c:\windows\system32\osk.exe
+ 2004-08-03 23:55 . 2006-10-04 13:32 216576 c:\windows\system32\osk.exe
+ 2004-08-03 23:54 . 2009-10-29 07:42 206848 c:\windows\system32\occache.dll
+ 2004-08-03 23:54 . 2009-03-08 03:32 611840 c:\windows\system32\mstime.dll
+ 2004-08-03 23:54 . 2009-03-08 03:34 193536 c:\windows\system32\msrating.dll
+ 2001-09-28 13:00 . 2009-03-08 03:22 156160 c:\windows\system32\msls31.dll
+ 2009-03-08 03:32 . 2009-10-29 07:42 594432 c:\windows\system32\msfeeds.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 265720 c:\windows\system32\msdbg2.dll
+ 2004-08-03 23:54 . 2008-02-26 12:00 294912 c:\windows\system32\msctf.dll
+ 2009-10-28 03:40 . 2009-10-28 03:40 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2004-08-03 23:54 . 2009-06-22 06:47 726528 c:\windows\system32\jscript.dll
+ 2009-03-08 03:22 . 2009-03-08 03:22 164352 c:\windows\system32\ieui.dll
+ 2004-08-03 23:54 . 2009-10-29 07:42 184320 c:\windows\system32\iepeers.dll
+ 2004-08-03 23:54 . 2009-10-29 07:42 387584 c:\windows\system32\iedkcs32.dll
+ 2009-03-08 03:11 . 2009-03-08 03:11 445952 c:\windows\system32\ieapfltr.dll
+ 2001-09-28 13:00 . 2009-03-08 03:32 163840 c:\windows\system32\ieakui.dll
+ 2004-08-03 23:54 . 2009-03-08 03:33 229376 c:\windows\system32\ieaksie.dll
+ 2004-08-03 23:54 . 2009-03-08 03:33 125952 c:\windows\system32\ieakeng.dll
+ 2004-08-03 23:54 . 2009-10-28 14:40 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-03 23:54 . 2009-03-08 03:31 216064 c:\windows\system32\dxtrans.dll
+ 2004-08-03 23:54 . 2009-03-08 03:31 348160 c:\windows\system32\dxtmsft.dll
+ 2009-10-29 05:46 . 2009-10-29 07:42 916480 c:\windows\system32\DllCache\wininet.dll
+ 2009-03-08 03:34 . 2009-03-08 03:34 236544 c:\windows\system32\DllCache\webcheck.dll
+ 2009-03-08 03:33 . 2009-03-08 03:33 759296 c:\windows\system32\DllCache\VGX.dll
+ 2007-12-18 14:41 . 2009-03-08 03:33 420352 c:\windows\system32\DllCache\vbscript.dll
+ 2009-03-08 03:34 . 2009-03-08 03:34 105984 c:\windows\system32\DllCache\url.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 134144 c:\windows\system32\DllCache\sqmapi.dll
+ 2006-10-04 13:32 . 2006-10-04 13:32 216576 c:\windows\system32\DllCache\osk.exe
+ 2009-03-08 03:34 . 2009-10-29 07:42 206848 c:\windows\system32\DllCache\occache.dll
+ 2009-10-29 05:46 . 2009-03-08 03:32 611840 c:\windows\system32\DllCache\mstime.dll
+ 2009-10-29 05:46 . 2009-03-08 03:34 193536 c:\windows\system32\DllCache\msrating.dll
+ 2009-03-08 03:22 . 2009-03-08 03:22 156160 c:\windows\system32\DllCache\msls31.dll
+ 2008-02-26 12:00 . 2008-02-26 12:00 294912 c:\windows\system32\DllCache\msctf.dll
+ 2007-12-18 14:41 . 2009-06-22 06:47 726528 c:\windows\system32\DllCache\jscript.dll
+ 2009-03-08 13:09 . 2009-03-08 13:09 638816 c:\windows\system32\DllCache\iexplore.exe
+ 2009-10-29 05:46 . 2009-10-29 07:42 184320 c:\windows\system32\DllCache\iepeers.dll
+ 2009-03-08 13:09 . 2009-10-29 07:42 387584 c:\windows\system32\DllCache\iedkcs32.dll
+ 2009-03-08 03:32 . 2009-03-08 03:32 163840 c:\windows\system32\DllCache\ieakui.dll
+ 2009-03-08 03:33 . 2009-03-08 03:33 229376 c:\windows\system32\DllCache\ieaksie.dll
+ 2009-03-08 03:33 . 2009-03-08 03:33 125952 c:\windows\system32\DllCache\ieakeng.dll
+ 2009-03-08 03:32 . 2009-10-28 14:40 173056 c:\windows\system32\DllCache\ie4uinit.exe
+ 2009-10-29 05:46 . 2009-03-08 03:31 216064 c:\windows\system32\DllCache\dxtrans.dll
+ 2009-10-29 05:46 . 2009-03-08 03:31 348160 c:\windows\system32\DllCache\dxtmsft.dll
+ 2009-03-08 03:32 . 2009-03-08 03:32 128512 c:\windows\system32\DllCache\advpack.dll
+ 2004-08-03 23:54 . 2009-03-08 03:32 128512 c:\windows\system32\advpack.dll
+ 2009-08-07 22:51 . 2009-08-07 22:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-01-05 16:08 . 2010-01-05 16:08 969728 c:\windows\Installer\710f0a.msi
+ 2009-03-20 10:48 . 2009-03-20 10:48 183808 c:\windows\Installer\710ef7.msp
+ 2010-01-05 14:00 . 2009-03-08 03:34 914944 c:\windows\ie8updates\KB976325-IE8\wininet.dll
+ 2010-01-05 14:00 . 2009-05-26 11:40 406392 c:\windows\ie8updates\KB976325-IE8\spuninst\updspapi.dll
+ 2010-01-05 14:00 . 2009-05-26 11:40 234872 c:\windows\ie8updates\KB976325-IE8\spuninst\spuninst.exe
+ 2010-01-05 14:00 . 2009-03-08 03:34 109568 c:\windows\ie8updates\KB976325-IE8\occache.dll
+ 2010-01-05 14:00 . 2009-03-08 03:32 594432 c:\windows\ie8updates\KB976325-IE8\msfeeds.dll
+ 2010-01-05 14:00 . 2009-03-08 03:33 246784 c:\windows\ie8updates\KB976325-IE8\ieproxy.dll
+ 2010-01-05 14:00 . 2009-03-08 03:31 183808 c:\windows\ie8updates\KB976325-IE8\iepeers.dll
+ 2010-01-05 14:00 . 2009-03-08 13:09 391536 c:\windows\ie8updates\KB976325-IE8\iedkcs32.dll
+ 2010-01-05 14:00 . 2009-03-08 03:32 173056 c:\windows\ie8updates\KB976325-IE8\ie4uinit.exe
+ 2010-01-05 14:00 . 2009-05-26 11:40 406392 c:\windows\ie8updates\KB975364-IE8\spuninst\updspapi.dll
+ 2010-01-05 14:00 . 2009-05-26 11:40 234872 c:\windows\ie8updates\KB975364-IE8\spuninst\spuninst.exe
+ 2010-01-06 15:19 . 2008-07-08 13:04 406392 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2010-01-06 15:19 . 2008-07-08 13:03 234872 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2010-01-06 15:19 . 2009-03-08 03:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2010-01-05 13:58 . 2009-10-29 05:46 666112 c:\windows\ie8\wininet.dll
+ 2010-01-05 13:58 . 2004-08-03 23:54 281600 c:\windows\ie8\webcheck.dll
+ 2010-01-05 13:58 . 2004-08-03 23:54 848384 c:\windows\ie8\vgx.dll
+ 2010-01-05 13:58 . 2007-12-18 14:41 417792 c:\windows\ie8\vbscript.dll
+ 2010-01-05 13:58 . 2009-10-29 05:46 626688 c:\windows\ie8\urlmon.dll
+ 2010-01-05 13:59 . 2009-01-07 17:21 406048 c:\windows\ie8\spuninst\updspapi.dll
+ 2010-01-05 13:59 . 2009-01-07 17:21 235040 c:\windows\ie8\spuninst\spuninst.exe
+ 2010-01-05 13:58 . 2009-10-29 05:46 532480 c:\windows\ie8\mstime.dll
+ 2010-01-05 13:58 . 2009-10-29 05:46 146432 c:\windows\ie8\msrating.dll
+ 2010-01-05 13:58 . 2001-09-28 13:00 146432 c:\windows\ie8\msls31.dll
+ 2010-01-05 13:58 . 2009-10-29 05:46 449024 c:\windows\ie8\mshtmled.dll
+ 2010-01-05 13:58 . 2004-08-03 23:54 107008 c:\windows\ie8\mshta.exe
+ 2010-01-05 13:58 . 2009-08-21 06:51 450560 c:\windows\ie8\jscript.dll
+ 2010-01-05 13:58 . 2004-08-03 23:54 162816 c:\windows\ie8\iexplore.exe
+ 2010-01-05 13:58 . 2009-10-29 05:46 251392 c:\windows\ie8\iepeers.dll
+ 2010-01-05 13:58 . 2004-08-03 23:54 323584 c:\windows\ie8\iedkcs32.dll
+ 2010-01-05 13:58 . 2001-09-28 13:00 245760 c:\windows\ie8\ieakui.dll
+ 2010-01-05 13:58 . 2004-08-03 23:54 221696 c:\windows\ie8\ieaksie.dll
+ 2010-01-05 13:58 . 2004-08-03 23:54 139264 c:\windows\ie8\ieakeng.dll
+ 2010-01-05 13:58 . 2009-10-29 05:46 205312 c:\windows\ie8\dxtrans.dll
+ 2010-01-05 13:58 . 2009-10-29 05:46 357888 c:\windows\ie8\dxtmsft.dll
+ 2010-01-05 13:58 . 2004-08-03 23:54 101888 c:\windows\ie8\advpack.dll
+ 2010-01-06 07:41 . 2010-01-06 07:41 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
+ 2010-01-06 07:01 . 2010-01-06 07:01 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
+ 2010-01-06 07:01 . 2010-01-06 07:01 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
+ 2010-01-06 07:01 . 2010-01-06 07:01 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
+ 2010-01-06 07:43 . 2010-01-06 07:43 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2010-01-06 07:43 . 2010-01-06 07:43 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2010-01-06 07:43 . 2010-01-06 07:43 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
+ 2010-01-06 07:43 . 2010-01-06 07:43 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2010-01-06 07:43 . 2010-01-06 07:43 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2010-01-06 07:43 . 2010-01-06 07:43 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2010-01-06 07:43 . 2010-01-06 07:43 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2010-01-06 07:43 . 2010-01-06 07:43 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2010-01-06 07:43 . 2010-01-06 07:43 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
+ 2010-01-06 07:43 . 2010-01-06 07:43 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
+ 2010-01-06 07:42 . 2010-01-06 07:42 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
+ 2010-01-06 07:43 . 2010-01-06 07:43 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-01-06 07:43 . 2010-01-06 07:43 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2010-01-06 07:43 . 2010-01-06 07:43 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2010-01-06 07:43 . 2010-01-06 07:43 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2010-01-06 07:41 . 2010-01-06 07:41 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
+ 2010-01-06 07:41 . 2010-01-06 07:41 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
+ 2010-01-06 07:42 . 2010-01-06 07:42 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
+ 2010-01-06 07:42 . 2010-01-06 07:42 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
+ 2010-01-06 07:00 . 2010-01-06 07:00 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
+ 2010-01-06 07:42 . 2010-01-06 07:42 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-01-06 07:42 . 2010-01-06 07:42 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
+ 2010-01-06 07:42 . 2010-01-06 07:42 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2010-01-06 07:42 . 2010-01-06 07:42 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2010-01-06 07:42 . 2010-01-06 07:42 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2010-01-06 07:42 . 2010-01-06 07:42 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2010-01-06 07:41 . 2010-01-06 07:41 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
+ 2010-01-06 07:43 . 2010-01-06 07:43 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2010-01-06 07:42 . 2010-01-06 07:42 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2010-01-06 07:41 . 2010-01-06 07:41 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
+ 2010-01-06 07:41 . 2010-01-06 07:41 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
+ 2010-01-06 07:41 . 2010-01-06 07:41 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
+ 2010-01-06 07:00 . 2010-01-06 07:00 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
+ 2010-01-06 07:00 . 2010-01-06 07:00 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
+ 2010-01-06 07:00 . 2010-01-06 07:00 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
+ 2010-01-06 07:00 . 2010-01-06 07:00 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
+ 2010-01-06 07:41 . 2010-01-06 07:41 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2010-01-06 07:41 . 2010-01-06 07:41 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-01-06 07:42 . 2010-01-06 07:42 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
+ 2010-01-06 07:42 . 2010-01-06 07:42 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-01-06 07:42 . 2010-01-06 07:42 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
+ 2010-01-06 07:42 . 2010-01-06 07:42 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-01-06 07:42 . 2010-01-06 07:42 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
+ 2010-01-06 07:41 . 2010-01-06 07:41 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
+ 2010-01-06 07:41 . 2010-01-06 07:41 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
0
3omda_75 Messages postés 28 Statut Membre > 3omda_75 Messages postés 28 Statut Membre
 
- 2010-01-03 14:28 . 2010-01-03 14:28 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2004-08-03 23:54 . 2009-10-29 07:42 1208832 c:\windows\system32\urlmon.dll
+ 2009-08-19 10:11 . 2008-07-09 01:51 2174976 c:\windows\system32\spool\drivers\w32x86\3\SQ0BUBR.DLL
+ 2009-08-19 16:07 . 2009-08-19 16:07 1415000 c:\windows\system32\msxml6.dll
+ 2004-08-03 23:54 . 2009-10-29 07:42 5940736 c:\windows\system32\mshtml.dll
+ 2009-10-28 03:40 . 2009-10-28 03:40 3885984 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-03-08 03:32 . 2009-10-29 07:42 1985536 c:\windows\system32\iertutil.dll
+ 2009-02-06 20:07 . 2009-02-06 20:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2009-10-29 05:46 . 2009-10-29 07:42 1208832 c:\windows\system32\DllCache\urlmon.dll
+ 2009-10-29 05:46 . 2009-10-29 07:42 5940736 c:\windows\system32\DllCache\mshtml.dll
+ 2009-08-07 22:51 . 2009-08-07 22:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2008-11-25 03:59 . 2008-11-25 03:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2009-08-07 22:51 . 2009-08-07 22:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-01-05 14:00 . 2009-03-08 03:34 1206784 c:\windows\ie8updates\KB976325-IE8\urlmon.dll
+ 2010-01-05 14:00 . 2009-03-08 03:41 5937152 c:\windows\ie8updates\KB976325-IE8\mshtml.dll
+ 2010-01-05 14:00 . 2009-03-08 03:32 1985024 c:\windows\ie8updates\KB976325-IE8\iertutil.dll
+ 2010-01-05 13:58 . 2009-10-29 05:46 3084288 c:\windows\ie8\mshtml.dll
+ 2010-01-06 06:59 . 2010-01-06 06:59 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll
+ 2010-01-06 07:01 . 2010-01-06 07:01 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll
+ 2010-01-06 06:59 . 2010-01-06 06:59 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
+ 2010-01-06 07:01 . 2010-01-06 07:01 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
+ 2010-01-06 07:43 . 2010-01-06 07:43 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2010-01-06 07:43 . 2010-01-06 07:43 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2010-01-06 07:43 . 2010-01-06 07:43 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2010-01-06 07:43 . 2010-01-06 07:43 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2010-01-06 07:43 . 2010-01-06 07:43 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
+ 2010-01-06 07:43 . 2010-01-06 07:43 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll
+ 2010-01-06 07:43 . 2010-01-06 07:43 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
+ 2010-01-06 07:00 . 2010-01-06 07:00 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll
+ 2010-01-06 07:43 . 2010-01-06 07:43 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2010-01-06 07:41 . 2010-01-06 07:41 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
+ 2010-01-06 07:00 . 2010-01-06 07:00 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll
+ 2010-01-06 07:41 . 2010-01-06 07:41 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll
+ 2010-01-06 07:00 . 2010-01-06 07:00 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
+ 2010-01-06 07:42 . 2010-01-06 07:42 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
+ 2010-01-06 07:42 . 2010-01-06 07:42 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll
+ 2010-01-06 07:00 . 2010-01-06 07:00 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll
+ 2010-01-06 07:42 . 2010-01-06 07:42 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2010-01-06 07:42 . 2010-01-06 07:42 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
+ 2010-01-06 07:00 . 2010-01-06 07:00 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll
+ 2010-01-06 07:42 . 2010-01-06 07:42 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
+ 2010-01-06 07:00 . 2010-01-06 07:00 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll
+ 2010-01-06 07:00 . 2010-01-06 07:00 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll
+ 2010-01-06 07:00 . 2010-01-06 07:00 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll
+ 2010-01-06 06:59 . 2010-01-06 06:59 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll
+ 2010-01-06 07:42 . 2010-01-06 07:42 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll
+ 2010-01-06 07:41 . 2010-01-06 07:41 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll
+ 2010-01-06 07:43 . 2010-01-06 07:43 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
+ 2010-01-06 07:42 . 2010-01-06 07:42 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll
+ 2010-01-06 07:42 . 2010-01-06 07:42 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-01-06 07:41 . 2010-01-06 07:41 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-01-03 14:28 . 2010-01-03 14:28 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-01-05 16:10 . 2010-01-05 16:10 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-01-05 13:57 . 2009-12-01 11:06 25966024 c:\windows\system32\MRT.exe
+ 2009-03-08 03:39 . 2009-10-29 07:42 11069952 c:\windows\system32\ieframe.dll
+ 2009-08-14 19:32 . 2009-08-14 19:32 11110912 c:\windows\Installer\710f17.msp
+ 2010-01-05 14:00 . 2009-03-08 03:39 11063808 c:\windows\ie8updates\KB976325-IE8\ieframe.dll
+ 2010-01-06 07:01 . 2010-01-06 07:01 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
+ 2010-01-06 07:43 . 2010-01-06 07:43 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
+ 2010-01-06 07:41 . 2010-01-06 07:41 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll
+ 2010-01-06 07:00 . 2010-01-06 07:00 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll
+ 2010-01-06 07:00 . 2010-01-06 07:00 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll
+ 2010-01-06 06:59 . 2010-01-06 06:59 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll
+ 2010-01-06 06:59 . 2010-01-06 06:59 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-06-09 82224]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 251184]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1114112]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-30 511312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 93184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
DosÿOptimizer.pif [2007-4-8 377344]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-3-31 643072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Dos Optimizer.pif]
path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
backup=c:\windows\pss\Dos Optimizer.pifStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^¡¡¡¡¡¡.lnk]
path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\¡¡¡¡¡¡.lnk
backup=c:\windows\pss\¡¡¡¡¡¡.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-05-14 10:26 251184 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2008-04-04 15:09 1114112 ----a-r- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 11:17 143360 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-27 18:28 1216512 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 111616 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gupdate"=2 (0x2)
"Com4QLBEx"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\PROGRA~1\\WIDCOMM\\BLUETO~1\\BTSTAC~1.EXE"=
"c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\system32\\SNDVOL32.EXE"=
"c:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"=
"c:\\WINDOWS\\system32\\AccelerometerSt.Exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\ccc.exe"=
"c:\\Program Files\\Winamp\\winampa.exe"=
"c:\\Program Files\\SuperCopier2\\SuperCopier2.exe"=
"c:\\Documents and Settings\\Administrateur\\Menu Démarrer\\Programmes\\Démarrage\\Dos Optimizer.pif"=
"c:\\WINDOWS\\system32\\regsvr32.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Quick Launch Buttons\\QlbCtrl.exe"=
"c:\\Documents and Settings\\Administrateur\\easddaea8.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Program Files\\Windows Media Player\\setup_wm.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Quick Launch Buttons\\Com4QLBEx.exe"=
"c:\\Program Files\\Hewlett-Packard\\Shared\\hpqwmiex.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe"=

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [11/11/2009 09:12 24064]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31/12/2009 02:26 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/12/2009 02:26 20560]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [05/01/2010 09:02 235344]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\qmgnjn.sys --> c:\windows\system32\drivers\qmgnjn.sys [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [05/01/2010 09:02 19160]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [21/06/2007 04:40 56448]
S4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [11/11/2009 08:40 275760]
S4 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/12/2009 19:19 205296]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67KLN5J0-4OPM-65WE-KKX5-313QWE24444}]
2009-12-26 12:31 102400 ----a-w- c:\restoric\RECYCLER\X0R.exe
.
Contenu du dossier 'Tâches planifiées'

2010-01-12 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-12-31 18:27]

2010-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 18:19]

2010-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 18:19]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\tw9l25d6.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 09:19
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc22.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1957994488-2077806209-839522115-500\SOFTWARE\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,82,88,b8,df,51,2d,4f,ab,35,77,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,82,88,b8,df,51,2d,4f,ab,35,77,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2010-01-12 09:21:04
ComboFix-quarantined-files.txt 2010-01-12 08:21
ComboFix2.txt 2010-01-05 13:31

Avant-CF: 65 937 264 640 octets libres
Après-CF: 65 906 130 944 octets libres

- - End Of File - - 6DFEA319108A408A92966DEFB0BBD374


et merci encore
0
Réponse 10 / 21
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Téléchargez Tools Cleaner 2 sur votre bureau ici: https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/

* Double-cliquez sur Tools Cleaner2 pour l’exécuter. (Si vous êtes sous Vista, cliquez droit sur le fichier Tools Cleaner 2 et exécutez-le en tant qu'administrateur.)
* Cliquez sur Recherche et laissez-la se dérouler
* Cliquez sur Suppression pour finaliser.
* Vous pouvez, si vous le souhaitez, vous servir des Options facultatives.
* Cliquez sur Quitter pour obtenir le rapport.
* Postez le rapport (TCleaner.txt) qui se trouve à la racine de votre disque dur (C:) dans le forum où cela vous a été demandé.

____________________

comment va le pc?

colle un rapport avec kaspersky
0
Réponse 11 / 21
3omda_75 Messages postés 28 Statut Membre
 
re, merci pour vos réponses et vos conseils mais le problème majeur celui de désinstaller avast persiste encore et le mode sans échec est toujours inaccessible par contre il y a comme même une grande amélioration quant à vitesse du pc et la navigation sur internet.
donc reste à trouver une solution à désinstaller avast (de le faire apparaître, de le rendre fonctionelle...) ou bien activer le mode sans échec qui se bloque au démarrage avec un écran bleu

pour le rapport tools cleaner le voila.
Merci encore pour le sacrifice et du temps précieux que vous m'accordez.

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\UsbFix.txt: trouvé !
C:\avenger: trouvé !
C:\Qoobox: trouvé !
C:\_OTM: trouvé !
C:\UsbFix: trouvé !
C:\FindyKill: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Administrateur\Bureau\OTM.exe: trouvé !
C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Administrateur\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\Administrateur\Bureau\UsbFix.exe: trouvé !
C:\Documents and Settings\Administrateur\Bureau\Rsit.exe: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !
C:\WINDOWS\mbr.exe: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Administrateur\Bureau\OTM.exe: supprimé !
C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\Administrateur\Bureau\HJTInstall.exe: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\UsbFix.txt: supprimé !
C:\Documents and Settings\Administrateur\Bureau\UsbFix.exe: supprimé !
C:\Documents and Settings\Administrateur\Bureau\Rsit.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox\Quarantine\catchme.log: supprimé !
C:\WINDOWS\mbr.exe: supprimé !
C:\avenger: supprimé !
C:\Qoobox: supprimé !
C:\_OTM: supprimé !
C:\UsbFix: supprimé !
C:\FindyKill: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
0
Réponse 12 / 21
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok alors répare windows comme ceci

* Cliquez sur le menu Démarrer
* Sélectionnez executer
* tapez SFC /scannow puis cliquez sur OK ( bien mettre un espace entre SFC et /scannow)

si le cd de windows est demandé le mettre

puis remets un rapport RSIT
0
3omda_75 Messages postés 28 Statut Membre
 
OK c'est fait mais le scan ne se lance pas juste une fenêtre noire apparaît en clin d'œil et s'évapore.
0
Réponse 13 / 21
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
alors comme ceci:
http://www.informatruc.com/reparer-windows-xp/
0
3omda_75 Messages postés 28 Statut Membre
 
Le problème que je dispose pas maintenant du CD windows (je vais le chercher plus tard) d'ailleurs j'ai effectué le scan complet avec malwarebytes (3 fois successives) et je trouve toujours les mêmes résultats (on dirait qu'il n'as pas supprimé la sélection des infections)

voila le dernier rapport malwarebytes:

Malwarebytes' Anti-Malware 1.43
Version de la base de données: 3495
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

12/01/2010 16:08:09
mbam-log-2010-01-12 (16-08-09).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 134607
Temps écoulé: 21 minute(s), 36 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\frameworkservice (Trojan.Delf) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\frameworkservice (Trojan.Delf) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Administrateur\Application Data\smss.exe (Trojan.Delf) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Sexy Girls.scr (Trojan.Delf) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\smss.exe (Trojan.Delf) -> Quarantined and deleted successfully.
0
Réponse 14 / 21
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok

Télécharger OAD (Outil d'Aide au Diagnostic) < http://sosvirus.changelog.fr/OAD.exe >
→ Enregistre-le sur ton bureau
→ Lancer 'OAD.exe' en faisant un double clique sur le fichier
→ Saisir la valeur recherchée -> ' Sexy Girls ' ( fait un copier/coller )
→ Type de recherche : sélectionner l'option 6 puis valide [entrée]
→ OAD va maintenant rechercher le fichier.
→ Laisse-le travailler jusqu'à ce qu'il en ait terminé.
→ Suivant la taille des disques durs, cette recherche peut prendre plusieurs minutes.

------------- Patienter. --------------

→ Le rapport de recherche s'affichera automatiquement dès qu'il en aura terminé.
→ Faire un copier/coller de ce rapport dans ton prochain post.

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note: Certains Antivirus peuvent émettre une alerte lors du téléchargement / utilisation > ignore

______________

colle aussi un rapport RSIT comme demandé
0
3omda_75 Messages postés 28 Statut Membre
 
rapport AOD:

12/01/2010 ---- 16:44:44,42

----------------------------------
§§§§§§ [Sexy Girls] §§§§§§
----------------------------------
[X] Registre
[ ] Fichier (rapide)
[ ] Fichier (disque systeme)
[X] Fichier (complete)




********************
[Registre]
********************

Aucune entrée détectée

*******************
[Fichier]
*******************

c:\WINDOWS\system32\Sexy Girls.scr


*********************
[Même date]
*********************

C:\WINDOWS\system32\Sexy



----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------


rapport RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2010-01-12 16:50:03
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 63 GB (83%) free of 75 GB
Total RAM: 2043 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:50:05, on 12/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\AccelerometerSt.Exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\TEMP\winnypq.exe
C:\WINDOWS\TEMP\wintwvso.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Administrateur.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Dos Optimizer.pif = ?
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
0
3omda_75 Messages postés 28 Statut Membre
 
je viens maintenant d'essayer d'installer une version ancienne de avast, j'ai pensé que cela peut aider à le désinstaller après. mais un rapport ci-dessous c'est affiché le voila peut être ça va aider je pense!

12.01.2010 17:17:12 general: Started: 12.01.2010, 17:17:12
12.01.2010 17:17:12 general: Running setup_av_pro-537 (1335)
12.01.2010 17:17:12 system: Operating system: WindowsXP ver 5.1, build 2600, sp 2.0 [Service Pack 2]
12.01.2010 17:17:12 system: Memory: 21% load. Phys:1632468/2092228K free, Page:3720024/4030144K free, Virt:2067740/2097024K free
12.01.2010 17:17:12 system: Computer WinName: STANDARD
12.01.2010 17:17:12 system: Windows Net User: STANDARD\Administrateur
12.01.2010 17:17:12 general: Cmdline: /sfx /sfxstorage "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_av_sfx.tm~a02272" /srcpath "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IR_EXT~1\AutoPlay\Docs" /sfxname "setupengpro" /spawnfordeleter
12.01.2010 17:17:12 general: DldSrc set to sfx
12.01.2010 17:17:12 general: Old version: 558 (1368)
12.01.2010 17:17:12 registry: Deleted registry: Software\Alwil Software\Avast\4.0\UpdateReady
12.01.2010 17:17:12 general: SGW32P::CheckIfInstalled set m_bAlreadyInstalled to 1
12.01.2010 17:17:12 system: Installed in: C:\Program Files\Alwil Software\Avast4 (62357M free)
12.01.2010 17:17:12 internet: SYNCER: Type: use IE settings
12.01.2010 17:17:12 internet: SYNCER: Auth: another authentication, use WinInet
12.01.2010 17:17:12 package: IsInstalledPartVpuOkay: C:\Program Files\Alwil Software\Avast4\Setup\part--537.vpu does not exist
12.01.2010 17:17:12 package: Part prg_av_pro-558 was guessed as installed
12.01.2010 17:17:12 package: IsInstalledPartVpuOkay: C:\Program Files\Alwil Software\Avast4\Setup\part--ffffffff.vpu does not exist
12.01.2010 17:17:12 package: Part vps-9112701 was guessed as installed
12.01.2010 17:17:12 package: IsInstalledPartVpuOkay: C:\Program Files\Alwil Software\Avast4\Setup\part--ffffffff.vpu does not exist
12.01.2010 17:17:12 package: Part news-53 was guessed as installed
12.01.2010 17:17:12 package: IsInstalledPartVpuOkay: C:\Program Files\Alwil Software\Avast4\Setup\part--537.vpu does not exist
12.01.2010 17:17:12 package: Part setup_av_pro-558 was guessed as installed
12.01.2010 17:17:12 package: IsInstalledPartVpuOkay: C:\Program Files\Alwil Software\Avast4\Setup\part--ffffffff.vpu does not exist
12.01.2010 17:17:12 package: Part jrog-1f6 was guessed as installed
12.01.2010 17:17:12 general: Old version: 558 (1368)
12.01.2010 17:17:12 file: SetExistingFilesBitmap: Setting group av_pro_core because of existing file C:\Program Files\Alwil Software\Avast4\aswRegSvr.exe
12.01.2010 17:17:12 file: SetExistingFilesBitmap: Setting group av_pro_corepro because of existing file C:\Program Files\Alwil Software\Avast4\ashEnhcd.exe
12.01.2010 17:17:12 file: SetExistingFilesBitmap: Setting group av_pro_rdr because of existing file C:\Program Files\Alwil Software\Avast4\Setup\INF\AswRdr.sys
12.01.2010 17:17:12 file: SetExistingFilesBitmap: Setting group av_pro_res_mai because of existing file C:\Program Files\Alwil Software\Avast4\AhResMai.dll
12.01.2010 17:17:12 file: SetExistingFilesBitmap: Setting group av_pro_res_mes because of existing file C:\Program Files\Alwil Software\Avast4\ahResMes.dll
12.01.2010 17:17:12 file: SetExistingFilesBitmap: Setting group av_pro_res_ns because of existing file C:\Program Files\Alwil Software\Avast4\AhResNS.dll
12.01.2010 17:17:12 file: SetExistingFilesBitmap: Setting group av_pro_res_out because of existing file C:\Program Files\Alwil Software\Avast4\AhResOut.dll
12.01.2010 17:17:12 file: SetExistingFilesBitmap: Setting group av_pro_res_p2p because of existing file C:\Program Files\Alwil Software\Avast4\ahResP2P.dll
12.01.2010 17:17:12 file: SetExistingFilesBitmap: Setting group av_pro_res_scr because of existing file C:\Program Files\Alwil Software\Avast4\AhAScr.dll
12.01.2010 17:17:12 file: SetExistingFilesBitmap: Setting group av_pro_res_std because of existing file C:\Program Files\Alwil Software\Avast4\AhResStd.dll
12.01.2010 17:17:12 file: SetExistingFilesBitmap: Setting group av_pro_res_ws because of existing file C:\Program Files\Alwil Software\Avast4\AhResWS.dll
12.01.2010 17:17:12 file: SetExistingFilesBitmap: Setting group av_pro_skins because of existing file C:\Program Files\Alwil Software\Avast4\DATA\Skin\SZC-KDE.asws
12.01.2010 17:17:12 file: SetExistingFilesBitmap: Setting group av_pro_sysx because of existing file C:\WINDOWS\system32\OleAcc.dll
12.01.2010 17:17:12 file: SetExistingFilesBitmap: 1055->132->36
12.01.2010 17:17:12 general: GUID: 73313693-af02-44bf-b0b9-cf10f451b912
12.01.2010 17:17:12 general: SelectCurrent: selected server 'tmp sfx storage' from 'sfx'
12.01.2010 17:17:12 internet: SYNCER: Type: use IE settings
12.01.2010 17:17:12 internet: SYNCER: Auth: another authentication, use WinInet
12.01.2010 17:17:12 package: LoadProductVpu: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_av_sfx.tm~a02272\prod-av_pro.vpu
12.01.2010 17:17:12 package: LoadPartInfo: jrog = jrog-b3 returned 00000000
12.01.2010 17:17:12 package: LoadPartInfo: news = news-4b returned 00000000
12.01.2010 17:17:12 package: LoadPartInfo: program = prg_av_pro-537 returned 00000000
12.01.2010 17:17:12 package: LoadPartInfo: setup = setup_av_pro-537 returned 00000000
12.01.2010 17:17:12 package: LoadPartInfo: vps = vps-9020501 returned 00000000
12.01.2010 17:17:12 package: LoadProductVpu: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_av_sfx.tm~a02272\prod-av_pro.vpu ended with 00000000
12.01.2010 17:17:12 package: versions: 1368 > 1335
12.01.2010 17:17:12 general: Err:You are trying to install an older version than the one currently installed.If you really want to install such a version, please uninstall the current version first.
0
Réponse 15 / 21
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
télécharge OTM
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/ (de Old_Timer) sur ton Bureau.

double-clique sur OTM.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTM :Paste instruction for items to be moved.

:processes
explorer.exe
:services
mchInjDrv
aswMon2
avast! Standard Shield Support
Aavmker4
avast! Asynchronous Virus Monito
aswSP
avast! Self Protection
aswFsBlk
:files
C:\WINDOWS\system32\drivers\Aavmker4.sys
C:\WINDOWS\system32\drivers\aswSP.sys
C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc22.tmp
C:\WINDOWS\system32\MFC71.dll
C:\WINDOWS\system32\aswBoot.exe
C:\Program Files\Alwil Software
c:\WINDOWS\system32\Sexy Girls.scr
C:\WINDOWS\system32\Sexy
C:\WINDOWS\TEMP\winnypq.exe
C:\WINDOWS\TEMP\wintwvso.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ajxwu.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rjwivy.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winaobgiq.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winyxig.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\flwfja.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhmdxm.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xccuuj.exe
C:\WINDOWS\TEMP\bpmkd.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rjwivy.exe"=-
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winaobgiq.exe"=-
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ajxwu.exe"=-
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winyxig.exe"=-
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\flwfja.exe"=-
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhmdxm.exe"=-
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xccuuj.exe"=-
C:\WINDOWS\TEMP\wintwvso.exe
C:\WINDOWS\TEMP\jqenk.exe
C:\WINDOWS\TEMP\rlhkfk.exe
C:\WINDOWS\TEMP\ewwlpv.exe
C:\WINDOWS\TEMP\khrrs.exe
C:\WINDOWS\TEMP\bkgdg.exe
C:\WINDOWS\TEMP\winxnrvly.exe
C:\WINDOWS\TEMP\gxwflp.exe
C:\WINDOWS\TEMP\winafknv.exe
C:\WINDOWS\TEMP\winydnrwi.exe
C:\WINDOWS\TEMP\winknou.exe
C:\WINDOWS\TEMP\winkchgbm.exe
C:\WINDOWS\TEMP\winragv.exe
C:\WINDOWS\TEMP\winsqdjo.exe
C:\WINDOWS\TEMP\wvlcd.exe
C:\WINDOWS\TEMP\winnypq.exe
C:\WINDOWS\TEMP\rhhykd.exe
:reg
"C:\WINDOWS\TEMP\bpmkd.exe"=-
"C:\WINDOWS\TEMP\jqenk.exe"=-
"C:\WINDOWS\TEMP\rlhkfk.exe"=-
"C:\WINDOWS\TEMP\ewwlpv.exe"=-
"C:\WINDOWS\TEMP\khrrs.exe"=-
"C:\WINDOWS\TEMP\bkgdg.exe"=-
"C:\WINDOWS\TEMP\winxnrvly.exe"=-
"C:\WINDOWS\TEMP\gxwflp.exe"=-
"C:\WINDOWS\TEMP\winafknv.exe"=-
"C:\WINDOWS\TEMP\winydnrwi.exe"=-
"C:\WINDOWS\TEMP\winknou.exe"=-
"C:\WINDOWS\TEMP\winkchgbm.exe"="-
"C:\WINDOWS\TEMP\winragv.exe"=-
"C:\WINDOWS\TEMP\winsqdjo.exe"=-
"C:\WINDOWS\TEMP\wvlcd.exe"=-
"C:\WINDOWS\TEMP\winnypq.exe"=-
"C:\WINDOWS\TEMP\rhhykd.exe"=-
"C:\WINDOWS\TEMP\wintwvso.exe"=-
:commands
[purity]
[emptytemp]
[start explorer]

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTM\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

_______________________

colle ensuite un scan en ligne de chez bitdefender
http://www.bitdefender.fr/scanner/online/free.html
0
Réponse 16 / 21
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
après OTM
mais avant le scan en ligne bitdefender passe ce logiciel de bitdefender pour eradiquer ce que tu as

http://www.bdtools.net/download/dcleaner.zip

puis fais le scan en ligne
0
3omda_75 Messages postés 28 Statut Membre
 
Bonjour;
voila le rapport OTM
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
Error: No service named mchInjDrv was found to stop!
Unable to stop service mchInjDrv!
Error: Unable to stop service aswMon2!
Unable to delete service\driver keyaswMon2.
Error: No service named avast! Standard Shield Support was found to stop!
Unable to stop service avast! Standard Shield Support!
Error: Unable to stop service Aavmker4!
Unable to delete service\driver keyAavmker4.
Error: No service named avast! Asynchronous Virus Monito was found to stop!
Unable to stop service avast! Asynchronous Virus Monito!
Error: Unable to stop service aswSP!
Unable to delete service\driver keyaswSP.
Error: No service named avast! Self Protection was found to stop!
Unable to stop service avast! Self Protection!
Error: Unable to stop service aswFsBlk!
Unable to delete service\driver keyaswFsBlk.
========== FILES ==========
File move failed. C:\WINDOWS\system32\drivers\aavmker4.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\aswSP.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys scheduled to be moved on reboot.
File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc22.tmp not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\MFC71.dll
C:\WINDOWS\system32\MFC71.dll moved successfully.
File move failed. C:\WINDOWS\system32\aswBoot.exe scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\Sfx scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\images scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\FRENCH\HtmlData scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\FRENCH\HELP scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\FRENCH scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\Skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software scheduled to be moved on reboot.
c:\WINDOWS\system32\Sexy Girls.scr moved successfully.
File/Folder C:\WINDOWS\system32\Sexy not found.
File/Folder C:\WINDOWS\TEMP\winnypq.exe not found.
File/Folder C:\WINDOWS\TEMP\wintwvso.exe not found.
File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ajxwu.exe not found.
File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rjwivy.exe not found.
File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winaobgiq.exe not found.
File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winyxig.exe not found.
File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\flwfja.exe not found.
File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhmdxm.exe not found.
File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xccuuj.exe not found.
File/Folder C:\WINDOWS\TEMP\bpmkd.exe not found.
File/Folder [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shared­access\parameters\firewallpolicy\standardprofile\authorizeda­pplications\list] not found.
File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rjwivy.exe"= not found.
File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winaobgiq.exe"= not found.
File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ajxwu.exe"= not found.
File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winyxig.exe"= not found.
File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\flwfja.exe"= not found.
File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhmdxm.exe"= not found.
File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xccuuj.exe"= not found.
File/Folder C:\WINDOWS\TEMP\wintwvso.exe not found.
File/Folder C:\WINDOWS\TEMP\jqenk.exe not found.
File/Folder C:\WINDOWS\TEMP\rlhkfk.exe not found.
File/Folder C:\WINDOWS\TEMP\ewwlpv.exe not found.
File/Folder C:\WINDOWS\TEMP\khrrs.exe not found.
File/Folder C:\WINDOWS\TEMP\bkgdg.exe not found.
File/Folder C:\WINDOWS\TEMP\winxnrvly.exe not found.
File/Folder C:\WINDOWS\TEMP\gxwflp.exe not found.
File/Folder C:\WINDOWS\TEMP\winafknv.exe not found.
File/Folder C:\WINDOWS\TEMP\winydnrwi.exe not found.
File/Folder C:\WINDOWS\TEMP\winknou.exe not found.
File/Folder C:\WINDOWS\TEMP\winkchgbm.exe not found.
File/Folder C:\WINDOWS\TEMP\winragv.exe not found.
File/Folder C:\WINDOWS\TEMP\winsqdjo.exe not found.
File/Folder C:\WINDOWS\TEMP\wvlcd.exe not found.
File/Folder C:\WINDOWS\TEMP\winnypq.exe not found.
File/Folder C:\WINDOWS\TEMP\rhhykd.exe not found.
========== REGISTRY ==========
Registry key Invalid\\"C:\WINDOWS\TEMP\bpmkd.exe"\ not found.
Registry key Invalid\\"C:\WINDOWS\TEMP\jqenk.exe"\ not found.
Registry key Invalid\\"C:\WINDOWS\TEMP\rlhkfk.exe"\ not found.
Registry key Invalid\\"C:\WINDOWS\TEMP\ewwlpv.exe"\ not found.
Registry key Invalid\\"C:\WINDOWS\TEMP\khrrs.exe"\ not found.
Registry key Invalid\\"C:\WINDOWS\TEMP\bkgdg.exe"\ not found.
Registry key Invalid\\"C:\WINDOWS\TEMP\winxnrvly.exe"\ not found.
Registry key Invalid\\"C:\WINDOWS\TEMP\gxwflp.exe"\ not found.
Registry key Invalid\\"C:\WINDOWS\TEMP\winafknv.exe"\ not found.
Registry key Invalid\\"C:\WINDOWS\TEMP\winydnrwi.exe"\ not found.
Registry key Invalid\\"C:\WINDOWS\TEMP\winknou.exe"\ not found.
\\"C:\WINDOWS\TEMP\winkchgbm.exe"|"- /E :invalid edit format. No such root key.
Registry key Invalid\\"C:\WINDOWS\TEMP\winragv.exe"\ not found.
Registry key Invalid\\"C:\WINDOWS\TEMP\winsqdjo.exe"\ not found.
Registry key Invalid\\"C:\WINDOWS\TEMP\wvlcd.exe"\ not found.
Registry key Invalid\\"C:\WINDOWS\TEMP\winnypq.exe"\ not found.
Registry key Invalid\\"C:\WINDOWS\TEMP\rhhykd.exe"\ not found.
Registry key Invalid\\"C:\WINDOWS\TEMP\wintwvso.exe"\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 220400171 bytes
->Temporary Internet Files folder emptied: 823701 bytes
->FireFox cache emptied: 37871846 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 128512 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 247,00 mb


OTM by OldTimer - Version 3.1.5.0 log created on 01132010_102927

Files moved on Reboot...
File move failed. C:\WINDOWS\system32\drivers\aavmker4.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\aswSP.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\aswBoot.exe scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\Sfx scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\Sfx scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\images scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\FRENCH\HtmlData scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\FRENCH\HELP scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\FRENCH\HtmlData scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\FRENCH\HELP scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\FRENCH scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\Skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\Skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\Sfx scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\images scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\FRENCH\HtmlData scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\FRENCH\HELP scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\FRENCH scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\Skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\Sfx scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\images scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\FRENCH\HtmlData scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\FRENCH\HELP scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\FRENCH scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\Skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software scheduled to be moved on reboot.

Registry entries deleted on Reboot...

ensuite le traitement deBitDefender Removal Tool

BITDEFENDER Removal Tool for Win32.Worm.Downadup.Gen

--> Scanning..
Ok Loading BitDefender Engines
State 0 of m :
Sleeping 3 seconds...
Searching for Downadup file ....
Searching in : C:\WINDOWS\system32\
Searching in : C:\WINDOWS\Temp\
Searching in : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
Searching in : C:\Program Files\Internet Explorer
Searching in : C:\Program Files\Movie Maker
Searching in : C:\Documents and Settings\All Users\Application Data\
Searching in : C:\Documents and Settings\Administrateur\Application Data\
Searching in : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
Found so far : 0x0 files/regs
No Traces of Downadup Worm were found
--> Your computer is not infected

Mais la connexion au site pour le scan en ligne n'arrive pas à s'établir
par contre la connexion existe et je peux connecter à plusieur sites mais je pense qu'il y a un bloquage lorsque j'essaye de me connecter aux sites de scan car j'ai essayé plusieur autres site de scan en ligne mais j'arrive pas!! Depuis un autre PC en réseau ses sites sont joignables!!
0
Réponse 17 / 21
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
installe bitdefender free et colle un rapport avec
0
3omda_75 Messages postés 28 Statut Membre
 
J'ai bien peur de vous dire que c'est impossibe, alors, j'ai éssayé toutes les méthodes dont je connaissais
téléchargement ce bloque en 99%
je l'ai téléchargé sur un autre PC et je l'ai posé sur favorie réseau, ce dernier ce bloque (pas de réponse)
j'ai changé le nom en premier lieu et l'extension en deuxième lieu Kif kif
enfin je l'ai enregistré sur un stickmemory avec le nom test.aze et j'ai branché le stick à ce PC et j'ai changé l'extension en .exe et j'ai tapé deux fois par la souris et c'est marché et le programme commence l'installation mais ma joie n'a pas durée, à l'étape "démarre service" de BitDefender un message "le service 'BitDefender Desktop Update Service' (LIVESRV) n'a pas démarré. Vérifier si vous avez assez d'autorité pour démarrer les services système."

Je sais que j'ai gaspillé beaucoup de votre temps mais j'arrive au stade de désespoire, par contre j'en ai une trés grande confience à tous les membres de comment ça marche...

et bien sur que j'ai trouvé le stick memory infecté aprés un scan de kaspersky sur l'autre PC
0
3omda_75 Messages postés 28 Statut Membre
 
j'ai une mauvaise nouvelle je pense
j'ai téléchargé Avira AntiVir Premium 9.0.0.455 et je l'ai installé sur le PC après plusieurs tentatives sauf que au démarrage de avira plusieurs alertes se manifeste et détection de plusieurs virus j'ai utilsé l'option delete (par erreur) pour le fichier mmc.exe (je pense) après l'option repair pour toutes les autres détections. à la fin du premier scan (5détections) j'ai mis à jour le logiciel ensuite j'ai commencé un scan complet (plusieurs détections , le compteur arrive à 58 infection) soudain il fait redémarrage du PC tout seul, et voila rien sur le bureau et le pointeur sous forme d'horloge de sable et j'arrive à rien faire. est c'est grave ça???
0
Réponse 18 / 21
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
regarde ici

https://www.commentcamarche.net/faq/24781-reparer-sa-connexion-suite-a-une-infection-ou-une-desinfection
0
3omda_75 Messages postés 28 Statut Membre
 
Bonjour cher ami,
2150 infections trouvés par avira le log file est très long pour être posté.
une fenêtre pour insertion du CD windows est affiché pour récupérer les fichiers modifié!! (je vais avoir le CD cet après midi)
connexion internet rétablie je pense puisque je viens de faire le scan avec BitDefender en ligne dont voila le rapport.

BitDefender QuickScan Beta 32-bit v0.9.9.0
------------------------------------------

Date de l'analyse : Thu Jan 14 11:48:05 2010
ID de la machine : 38B62D92

Processus Dos Optimizer.pif (2816) - Win32.Worm.Delf.NEC


1 fichier infecté a été détecté !
-----------------------------------
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif - Win32.Worm.Delf.NEC


Processus
---------
<non signé> AntiVir Desktop 1812 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
<non signé> AntiVir Desktop 1428 C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
<non signé> AntiVir Desktop 1440 C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
<non signé> AntiVir Desktop 1796 C:\Program Files\Avira\AntiVir Desktop\sched.exe
<non signé> Google Update 1776 C:\Program Files\Google\Update\GoogleUpdate.exe
<non signé> SuperCopier 2 (explorer file copy replacement) 2728 C:\Program Files\SuperCopier2\SuperCopier2.exe
<non signé> W32.KuCo.A 2816 C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif

<verifié> Agere Soft Modem Call Progress Service 1416 C:\WINDOWS\system32\agrsmsvc.exe
<verifié> ATI External Event Utility for Windows 984 C:\WINDOWS\system32\Ati2evxx.exe
<verifié> ATI External Event Utility for Windows 1324 C:\WINDOWS\system32\Ati2evxx.exe
<verifié> Bluetooth Software 1132 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
<verifié> Firefox 2984 C:\Program Files\Mozilla Firefox\firefox.exe
<verifié> Hewlett-Packard Corporation 3D DriveGuard System 2708 C:\WINDOWS\system32\AccelerometerSt.Exe
<verifié> Malwarebytes' Anti-Malware 1516 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
<verifié> Microsoft® Windows® Operating System 2576 \\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
<verifié> Microsoft® Windows® Operating System 716 C:\WINDOWS\system32\csrss.exe
<verifié> Microsoft® Windows® Operating System 804 C:\WINDOWS\system32\lsass.exe
<verifié> Microsoft® Windows® Operating System 1672 C:\WINDOWS\system32\spoolsv.exe
<verifié> Microsoft® Windows® Operating System 1636 C:\WINDOWS\system32\svchost.exe
<verifié> Microsoft® Windows® Operating System 1000 C:\WINDOWS\system32\svchost.exe
<verifié> Microsoft® Windows® Operating System 1068 C:\WINDOWS\system32\svchost.exe
<verifié> Microsoft® Windows® Operating System 1108 C:\WINDOWS\System32\svchost.exe
<verifié> Microsoft® Windows® Operating System 1200 C:\WINDOWS\system32\svchost.exe
<verifié> Microsoft® Windows® Operating System 1268 C:\WINDOWS\system32\svchost.exe
<verifié> Microsoft® Windows® Operating System 196 C:\WINDOWS\system32\svchost.exe
<verifié> Microsoft® Windows® Operating System 3164 C:\WINDOWS\System32\svchost.exe
<verifié> Microsoft® Windows® Operating System 2632 C:\WINDOWS\system32\wbem\wmiprvse.exe
<verifié> Microsoft® Windows® Operating System 2144 C:\WINDOWS\system32\wuauclt.exe
<verifié> Microsoft® Windows® Operating System 472 C:\WINDOWS\system32\wuauclt.exe
<verifié> Système d'exploitation Microsoft® Windows® 1824 C:\WINDOWS\Explorer.EXE
<verifié> Système d'exploitation Microsoft® Windows® 1720 C:\WINDOWS\System32\SCardSvr.exe
<verifié> Système d'exploitation Microsoft® Windows® 792 C:\WINDOWS\system32\services.exe
<verifié> Système d'exploitation Microsoft® Windows® 600 C:\WINDOWS\System32\smss.exe
<verifié> Système d'exploitation Microsoft® Windows® 748 C:\WINDOWS\system32\winlogon.exe


Activité du réseau
------------------
Processus AVWEBGRD.EXE (1440) connecté sur le port 80 (HTTP) - gv-in-f102.1e100.net
Processus AVWEBGRD.EXE (1440) connecté sur le port 80 (HTTP) - a92-123-192-20.deploy.akamaitechnologies.com
Processus AVWEBGRD.EXE (1440) connecté sur le port 80 (HTTP) - 80.157.169.136

Processus svchost.exe (1068) écoute sur les ports: 135 (RPC)
Processus svchost.exe (1268) écoute sur les ports: 2869 (SSDP event notification, UPNP)
Processus avmailc.exe (1428) écoute sur les ports: 44110
Processus AVWEBGRD.EXE (1440) écoute sur les ports: 44080


Fichiers critiques et Autorun
-----------------------------
<non signé> AntiVir Desktop C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
<non signé> Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
<non signé> SuperCopier 2 (explorer file copy replacement) C:\Program Files\SuperCopier2\SuperCopier2.exe

<verifié> ATI External Event Utility for Windows C:\WINDOWS\system32\ati2evxx.dll
<verifié> Glary Utilities C:\Program Files\Glary Utilities\initialize.exe
<verifié> Hewlett-Packard Corporation 3D DriveGuard System C:\WINDOWS\system32\AccelerometerSt.Exe
<verifié> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
<verifié> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\browseui.dll
<verifié> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\crypt32.dll
<verifié> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\cscdll.dll
<verifié> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\logonui.exe
<verifié> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\sclgntfy.dll
<verifié> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\shell32.dll
<verifié> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\stobject.dll
<verifié> Système d'exploitation Microsoft® Windows® c:\windows\system32\userinit.exe
<verifié> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\wlnotify.dll
<verifié> Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Plugins du navigateur
---------------------
<non signé> AntiVir Desktop C:\Program Files\Avira\AntiVir Desktop\avsda.dll
<non signé> Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
<non signé> RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
<non signé> RealPlayer Version Plugin C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll

<verifié> BitDefender QuickScan C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles/tw9l25d6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
<verifié> BitDefender QuickScan C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles/tw9l25d6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verifié> Foxit Reader Plugin for Mozilla C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
<verifié> Google Update C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
<verifié> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
<verifié> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
<verifié> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verifié> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verifié> RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
<verifié> RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32- C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
<verifié> Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\mswsock.dll
<verifié> Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verifié> Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
<verifié> Yahoo! activeX Plug-in Bridge C:\Program Files\Yahoo!\Common\npyaxmpb.dll
<verifié> Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn\yt.dll


Fichiers manquants
------------------
Fichier non trouvé : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys
référencé dans : HKLM\System\CurrentControlSet\Services\catchme\"ImagePath"

Fichier non trouvé : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc26.tmp
référencé dans : HKLM\System\CurrentControlSet\Services\mchInjDrv\"ImagePath"

Fichier non trouvé : C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
référencé dans : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"QlbCtrl.exe"

Fichier non trouvé : C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
référencé dans : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"Malwarebytes' Anti-Malware"

Fichier non trouvé : C:\Program Files\Softwin\BitDefender10\bdfdll.sys
référencé dans : HKLM\System\CurrentControlSet\Services\bdfdll\"ImagePath"

Fichier non trouvé : C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys
référencé dans : HKLM\System\CurrentControlSet\Services\BDFsDrv\"ImagePath"

Fichier non trouvé : C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys
référencé dans : HKLM\System\CurrentControlSet\Services\BDRsDrv\"ImagePath"


Analyse
-------
Le(s) fichier(s) suivant(s) doit/doivent être téléchargé(s) pour une analyse côté serveur:
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

Le téléchargement vers le serveur a démarré - 1 fichier(s)
téléchargement vers le serveur : C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe - 165192 octets, hash : 019e5d16bd861f8ef09b2ee256033ef6
Vitesse de téléchargement vers le serveur - 17 KB/s
Téléchargement vers le serveur terminé - 1 téléchargés vers le serveur, 0 ont échoué

Le(s) fichier(s) téléchargé(s) vers le serveur est/sont sain(s)

Analyse terminée - la communication a duré 12 secondes
Trafic total - 0.20 Mo envoyés, 2.66 Ko reçus
846 fichiers et modules analysés - 44 seconds
0
Réponse 19 / 21
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok tu diras!

tu pourras refaire un scan antivir aussi et coller le rapport pour voir ce qu'il reste
0
3omda_75 Messages postés 28 Statut Membre
 
Beginning disinfection:
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20100114-095536-55EA415A\ARKA.tmp
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4b99f25e.qua'!
C:\Documents and Settings\All Users\Documents\U992.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.UltraSur.A program
[NOTE] The file was moved to '4b87f246.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037737.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef23d.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037738.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48c71a0e.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037739.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4a092e66.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037740.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4b7ef23e.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037741.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48c61257.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037742.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48c41dc7.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037743.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4b7ef23f.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037744.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48c20dc8.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037745.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '48c0f510.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037746.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef240.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037747.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48bee4a1.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037748.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48bfece9.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037749.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48bcd431.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037750.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef241.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037751.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef244.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037752.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef245.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037753.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef246.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037754.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef248.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037755.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48bbcf81.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037756.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef24a.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037757.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48b496fb.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037758.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48b59e33.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037759.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48b2860b.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037760.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48b38e43.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037761.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48b0719b.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037762.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48b179d3.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037763.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48ae612b.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037764.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48af6963.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037765.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48ac50bb.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037766.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48ad58f3.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037767.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48aa40cb.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037768.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48ab4803.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037769.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48a8305b.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037770.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48a93b93.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037771.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48a623eb.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037772.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48a72b23.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037773.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef24e.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037774.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48a51ab7.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037775.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48a2028f.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037776.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef24f.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037777.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48a1f200.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037778.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef251.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037779.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '489ffdb2.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037780.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef256.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037781.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '489ded27.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037782.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '489ad56f.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037783.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '489bdd57.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037784.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4898c49f.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037785.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4899ccc7.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037786.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4896b40f.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037787.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4897bc77.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037788.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4894a7bf.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037789.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4895afe7.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037790.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef257.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037791.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48939f18.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037792.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48908750.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037793.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48918e88.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037794.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '488e76c0.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037795.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '488f7e38.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037796.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '488c6670.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037797.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '488d69a8.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037798.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef258.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037799.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '488b59d9.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037800.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4fa51231.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037801.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4fa21a69.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037802.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4fa31da1.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037803.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef259.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037804.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4fa10dd2.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037805.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4f9ff50a.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037806.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4f9cfd42.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037807.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4f9de4ba.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037808.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4f9aecf2.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037809.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4f9bd42a.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037810.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4f98dc62.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037811.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4f99c45a.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037812.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4f96cf92.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037813.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4f97b7ca.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037814.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4f94bf02.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037815.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef25b.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037816.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4f92aeb4.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037817.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef25c.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037818.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4f909e25.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037819.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4f91861d.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037820.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef25d.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037821.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef25e.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037822.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef25f.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037823.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4f8d6100.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037824.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4f8a6948.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037825.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4f8b5090.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037826.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4f8858d8.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037827.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4f8940e0.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037828.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef260.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037829.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4f873071.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037830.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4f843bb9.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037831.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4f8523c1.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037832.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef261.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037833.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4f831352.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037834.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4f801a9a.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037835.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4f8102a2.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037836.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e7e0aea.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037837.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e7cf232.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037838.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e7dfa7a.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037839.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e7afd82.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037840.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e7be5ca.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037841.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e78ed12.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037842.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef262.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037843.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e76dd63.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037844.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e77c4ab.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037845.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e74ccf3.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037846.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e73020b.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037847.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e700a83.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037848.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef263.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037849.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e6ffa14.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037850.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e6ce25c.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037851.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e6dea64.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037852.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e6aedac.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037853.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e6bd5f4.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037854.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e68dd3c.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037855.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef264.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037856.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e66cc8d.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037857.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e67b4d5.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037858.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e64bc1d.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037859.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e65a425.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037860.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e62ac6d.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037861.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e6397b5.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037862.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e609ffd.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037863.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef265.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037864.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e5e8f4e.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037865.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e5f7696.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037866.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e5c7ede.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037867.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e5d66e6.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037868.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e5a6e2e.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037869.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef266.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037870.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e5859bf.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037871.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef26a.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037872.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e564903.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037873.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e57315b.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037874.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e543893.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037875.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e5520ab.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037876.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef26b.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037877.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e53103c.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037878.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e501874.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037879.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e51038c.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037880.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e4e0bc4.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037881.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e4cf31c.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037882.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e4dfb54.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037883.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e4ae36c.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037884.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef26c.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037885.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e48d2fd.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037886.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e49da35.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037887.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e46c24d.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037888.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e47c585.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037889.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e44cddd.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037890.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e45b515.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037891.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e42bd2d.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037892.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e43a565.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037893.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e40acbd.qua'!
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037894.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e4194f5.qua'!
E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037895.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e3e9c0d.qua'!
E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037896.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef272.qua'!
E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037897.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4b7ef276.qua'!
E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037898.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '48b6a757.qua'!
E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037899.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e3d77cf.qua'!
E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037900.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e3b673f.qua'!
E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037901.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4e75b42f.qua'!
E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037902.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4a0401c7.qua'!


End of the scan: jeudi 14 janvier 2010 11:30
Used time: 31:23 Minute(s)

The scan has been done completely.

3846 Scanned directories
118925 Files were scanned
172 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
2 files were deleted
0 Viruses and unwanted programs were repaired
168 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
118752 Files not concerned
1140 Archives were scanned
2 Warnings
171 Notes
30962 Objects were scanned with rootkit scan
0 Hidden objects were found
0
3omda_75 Messages postés 28 Statut Membre
 
le dernier scan de cet après midi

Avira AntiVir Premium
Report file date: jeudi 14 janvier 2010 15:08

Scanning for 1529455 virus strains and unwanted programs.

Licensee : Willie Inouye
Serial number : 2205201620-PEPWE-0001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : STANDARD

Version information:
BUILD.DAT : 9.0.0.455 24915 Bytes 02/12/2009 16:05:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 10:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 09:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 06:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 14:32:09
VBASE002.VDF : 7.10.1.1 2048 Bytes 19/11/2009 14:32:10
VBASE003.VDF : 7.10.1.2 2048 Bytes 19/11/2009 14:32:11
VBASE004.VDF : 7.10.1.3 2048 Bytes 19/11/2009 14:32:11
VBASE005.VDF : 7.10.1.4 2048 Bytes 19/11/2009 14:32:12
VBASE006.VDF : 7.10.1.5 2048 Bytes 19/11/2009 14:32:12
VBASE007.VDF : 7.10.1.6 2048 Bytes 19/11/2009 14:32:12
VBASE008.VDF : 7.10.1.7 2048 Bytes 19/11/2009 14:32:12
VBASE009.VDF : 7.10.1.8 2048 Bytes 19/11/2009 14:32:12
VBASE010.VDF : 7.10.1.9 2048 Bytes 19/11/2009 14:32:13
VBASE011.VDF : 7.10.1.10 2048 Bytes 19/11/2009 14:32:14
VBASE012.VDF : 7.10.1.11 2048 Bytes 19/11/2009 14:32:14
VBASE013.VDF : 7.10.1.79 209920 Bytes 25/11/2009 14:32:21
VBASE014.VDF : 7.10.1.128 197632 Bytes 30/11/2009 14:32:29
VBASE015.VDF : 7.10.1.178 195584 Bytes 07/12/2009 14:32:36
VBASE016.VDF : 7.10.1.224 183296 Bytes 14/12/2009 14:32:41
VBASE017.VDF : 7.10.1.247 182272 Bytes 15/12/2009 14:32:51
VBASE018.VDF : 7.10.2.30 198144 Bytes 21/12/2009 14:32:58
VBASE019.VDF : 7.10.2.63 187392 Bytes 24/12/2009 14:33:04
VBASE020.VDF : 7.10.2.93 195072 Bytes 29/12/2009 14:33:11
VBASE021.VDF : 7.10.2.131 201216 Bytes 07/01/2010 14:33:17
VBASE022.VDF : 7.10.2.158 192000 Bytes 11/01/2010 14:33:27
VBASE023.VDF : 7.10.2.159 2048 Bytes 11/01/2010 14:33:27
VBASE024.VDF : 7.10.2.160 2048 Bytes 11/01/2010 14:33:27
VBASE025.VDF : 7.10.2.161 2048 Bytes 11/01/2010 14:33:29
VBASE026.VDF : 7.10.2.162 2048 Bytes 11/01/2010 14:33:29
VBASE027.VDF : 7.10.2.163 2048 Bytes 11/01/2010 14:33:30
VBASE028.VDF : 7.10.2.164 2048 Bytes 11/01/2010 14:33:31
VBASE029.VDF : 7.10.2.165 2048 Bytes 11/01/2010 14:33:31
VBASE030.VDF : 7.10.2.166 2048 Bytes 11/01/2010 14:33:31
VBASE031.VDF : 7.10.2.183 200704 Bytes 14/01/2010 13:15:02
Engineversion : 8.2.1.142
AEVDF.DLL : 8.1.1.2 106867 Bytes 08/11/2009 06:38:52
AESCRIPT.DLL : 8.1.3.7 594296 Bytes 13/01/2010 14:35:01
AESCN.DLL : 8.1.3.1 127348 Bytes 14/01/2010 11:15:29
AESBX.DLL : 8.1.1.1 246132 Bytes 08/11/2009 06:38:44
AERDL.DLL : 8.1.3.4 479605 Bytes 13/01/2010 14:34:47
AEPACK.DLL : 8.2.0.5 422262 Bytes 14/01/2010 11:15:28
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 08/11/2009 06:38:38
AEHEUR.DLL : 8.1.0.195 2232695 Bytes 14/01/2010 11:15:23
AEHELP.DLL : 8.1.10.0 237942 Bytes 14/01/2010 11:15:05
AEGEN.DLL : 8.1.1.83 369014 Bytes 13/01/2010 14:33:49
AEEMU.DLL : 8.1.1.0 393587 Bytes 08/11/2009 06:38:26
AECORE.DLL : 8.1.9.5 184693 Bytes 14/01/2010 11:15:03
AEBB.DLL : 8.1.0.3 53618 Bytes 08/11/2009 06:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 14:14:02
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 09:32:10
RCIMAGE.DLL : 9.0.0.28 2623745 Bytes 19/05/2009 13:28:53
RCTEXT.DLL : 9.0.74.0 90369 Bytes 14/10/2009 07:59:08

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, E:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: jeudi 14 janvier 2010 15:08

Starting search for hidden objects.
'29324' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'vlc.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Dos Optimizer.pif' - '1' Module(s) have been scanned
Scan process 'SuperCopier2.exe' - '1' Module(s) have been scanned
Scan process 'accelerometerST.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mbamservice.exe' - '1' Module(s) have been scanned
Scan process 'avwebgrd.exe' - '1' Module(s) have been scanned
Scan process 'avmailc.exe' - '1' Module(s) have been scanned
Scan process 'agrsmsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'scardsvr.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '44' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
Begin scan in 'E:\'


End of the scan: jeudi 14 janvier 2010 15:27
Used time: 19:45 Minute(s)

The scan has been done completely.

3785 Scanned directories
115883 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
115882 Files not concerned
1110 Archives were scanned
1 Warnings
1 Notes
29324 Objects were scanned with rootkit scan
0 Hidden objects were found
0
Réponse 20 / 21
3omda_75 Messages postés 28 Statut Membre
 
j'ai effectué un scan ce matin et j'ai trouvé 172 infections (le rapport sur deux parties)
Avira AntiVir Premium
Report file date: jeudi 14 janvier 2010 10:53

Scanning for 1528437 virus strains and unwanted programs.

Licensee : Willie Inouye
Serial number : 2205201620-PEPWE-0001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : STANDARD

Version information:
BUILD.DAT : 9.0.0.455 24915 Bytes 02/12/2009 16:05:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 10:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 09:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 06:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 14:32:09
VBASE002.VDF : 7.10.1.1 2048 Bytes 19/11/2009 14:32:10
VBASE003.VDF : 7.10.1.2 2048 Bytes 19/11/2009 14:32:11
VBASE004.VDF : 7.10.1.3 2048 Bytes 19/11/2009 14:32:11
VBASE005.VDF : 7.10.1.4 2048 Bytes 19/11/2009 14:32:12
VBASE006.VDF : 7.10.1.5 2048 Bytes 19/11/2009 14:32:12
VBASE007.VDF : 7.10.1.6 2048 Bytes 19/11/2009 14:32:12
VBASE008.VDF : 7.10.1.7 2048 Bytes 19/11/2009 14:32:12
VBASE009.VDF : 7.10.1.8 2048 Bytes 19/11/2009 14:32:12
VBASE010.VDF : 7.10.1.9 2048 Bytes 19/11/2009 14:32:13
VBASE011.VDF : 7.10.1.10 2048 Bytes 19/11/2009 14:32:14
VBASE012.VDF : 7.10.1.11 2048 Bytes 19/11/2009 14:32:14
VBASE013.VDF : 7.10.1.79 209920 Bytes 25/11/2009 14:32:21
VBASE014.VDF : 7.10.1.128 197632 Bytes 30/11/2009 14:32:29
VBASE015.VDF : 7.10.1.178 195584 Bytes 07/12/2009 14:32:36
VBASE016.VDF : 7.10.1.224 183296 Bytes 14/12/2009 14:32:41
VBASE017.VDF : 7.10.1.247 182272 Bytes 15/12/2009 14:32:51
VBASE018.VDF : 7.10.2.30 198144 Bytes 21/12/2009 14:32:58
VBASE019.VDF : 7.10.2.63 187392 Bytes 24/12/2009 14:33:04
VBASE020.VDF : 7.10.2.93 195072 Bytes 29/12/2009 14:33:11
VBASE021.VDF : 7.10.2.131 201216 Bytes 07/01/2010 14:33:17
VBASE022.VDF : 7.10.2.158 192000 Bytes 11/01/2010 14:33:27
VBASE023.VDF : 7.10.2.159 2048 Bytes 11/01/2010 14:33:27
VBASE024.VDF : 7.10.2.160 2048 Bytes 11/01/2010 14:33:27
VBASE025.VDF : 7.10.2.161 2048 Bytes 11/01/2010 14:33:29
VBASE026.VDF : 7.10.2.162 2048 Bytes 11/01/2010 14:33:29
VBASE027.VDF : 7.10.2.163 2048 Bytes 11/01/2010 14:33:30
VBASE028.VDF : 7.10.2.164 2048 Bytes 11/01/2010 14:33:31
VBASE029.VDF : 7.10.2.165 2048 Bytes 11/01/2010 14:33:31
VBASE030.VDF : 7.10.2.166 2048 Bytes 11/01/2010 14:33:31
VBASE031.VDF : 7.10.2.181 187392 Bytes 14/01/2010 09:15:02
Engineversion : 8.2.1.134
AEVDF.DLL : 8.1.1.2 106867 Bytes 08/11/2009 06:38:52
AESCRIPT.DLL : 8.1.3.7 594296 Bytes 13/01/2010 14:35:01
AESCN.DLL : 8.1.3.0 127348 Bytes 13/01/2010 14:34:52
AESBX.DLL : 8.1.1.1 246132 Bytes 08/11/2009 06:38:44
AERDL.DLL : 8.1.3.4 479605 Bytes 13/01/2010 14:34:47
AEPACK.DLL : 8.2.0.4 422263 Bytes 13/01/2010 14:34:38
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 08/11/2009 06:38:38
AEHEUR.DLL : 8.1.0.194 2228599 Bytes 13/01/2010 14:34:30
AEHELP.DLL : 8.1.9.0 237943 Bytes 13/01/2010 14:33:53
AEGEN.DLL : 8.1.1.83 369014 Bytes 13/01/2010 14:33:49
AEEMU.DLL : 8.1.1.0 393587 Bytes 08/11/2009 06:38:26
AECORE.DLL : 8.1.9.1 180598 Bytes 13/01/2010 14:33:42
AEBB.DLL : 8.1.0.3 53618 Bytes 08/11/2009 06:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 14:14:02
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 09:32:10
RCIMAGE.DLL : 9.0.0.28 2623745 Bytes 19/05/2009 13:28:53
RCTEXT.DLL : 9.0.74.0 90369 Bytes 14/10/2009 07:59:08

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, E:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: jeudi 14 janvier 2010 10:53

Starting search for hidden objects.
'30962' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjpyyqb.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
Scan process 'winjpyyqb.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjpyyqb.exe'
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winokat.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
Scan process 'winokat.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winokat.exe'
Scan process 'update.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mbamservice.exe' - '1' Module(s) have been scanned
Scan process 'avwebgrd.exe' - '1' Module(s) have been scanned
Scan process 'avmailc.exe' - '1' Module(s) have been scanned
Scan process 'agrsmsvc.exe' - '1' Module(s) have been scanned
Scan process 'Dos Optimizer.pif' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SuperCopier2.exe' - '1' Module(s) have been scanned
Scan process 'accelerometerST.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'scardsvr.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'winjpyyqb.exe' has been terminated
Process 'winokat.exe' has been terminated
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjpyyqb.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was deleted!
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winokat.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
[NOTE] The file was deleted!

40 processes with 38 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '44' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20100114-095536-55EA415A\ARKA.tmp
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Documents and Settings\All Users\Documents\U992.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.UltraSur.A program
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037737.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037738.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037739.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037740.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037741.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037742.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037743.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037744.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037745.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037746.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037747.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037748.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037749.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037750.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037751.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037752.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037753.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037754.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037755.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037756.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037757.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037758.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037759.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037760.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037761.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037762.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037763.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037764.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037765.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037766.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037767.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037768.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037769.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037770.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037771.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037772.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037773.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037774.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037775.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037776.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037777.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037778.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037779.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037780.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037781.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037782.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037783.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037784.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037785.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037786.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037787.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037788.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037789.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037790.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037791.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037792.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037793.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037794.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037795.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037796.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037797.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037798.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037799.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037800.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037801.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037802.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037803.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037804.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037805.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037806.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037807.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037808.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037809.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037810.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037811.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037812.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037813.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037814.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037815.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037816.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037817.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037818.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037819.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037820.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037821.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037822.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037823.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037824.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037825.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037826.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037827.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037828.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037829.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037830.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037831.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037832.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037833.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037834.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037835.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037836.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037837.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037838.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037839.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037840.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037841.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037842.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037843.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037844.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037845.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037846.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037847.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037848.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037849.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037850.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037851.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037852.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037853.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037854.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037855.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037856.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037857.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037858.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037859.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037860.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037861.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037862.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037863.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037864.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037865.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037866.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037867.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037868.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037869.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037870.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037871.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037872.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037873.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037874.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037875.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037876.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037877.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037878.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037879.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037880.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037881.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037882.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037883.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037884.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037885.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037886.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037887.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037888.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037889.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037890.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037891.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037892.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037893.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037894.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
Begin scan in 'E:\'
E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037895.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037896.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037897.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037898.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037899.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037900.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037901.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
E:\System Volume Information\_restore{67B8D661-A85E-4A5E-A024-8ED1D006EB14}\RP64\A0037902.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
0
  • 1
  • 2

Discussions similaires

Comment désactiver le mode sécurisé de la Freebox POP.
Cycy -
bazfile -

18 réponses
Phishing faux mail d'avast
Colette34 -
Gerper -

2 réponses
Mettre en pause toutes les annonces leboncoin
Munk87 -
lebon -

4 réponses