Salut,

J'ai vu le beau boulot de Merrilym avec bibiche : j'ai moi aussi le virus Trojan-Downloader.Win32.Bagle.ma depuis début avril.

Mon anti-virus n'a rien vu, et depuis il est inop (message "xxxx n'est pas une application win32 valide), lui et quelques autres exe (dont l'outil de rajout / suppression de programme, et toutes mes restaurations système !!)

Après avoir fouiné sur les forums, j'ai passé elibagla, qui m'a nettoyé des choses, mais il reste encore la bestiole en question :

Tue Apr 08 18:14:32 2008
EliBagle v11.21 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Tue Apr 08 18:14:52 2008
EliBagle v11.21 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\drivers\SROSA.SYS --> Acceso Denegado, Bagle (rootkit) (Reiniciar para completar la Limpieza)

Nº Total de Directorios: 16181
Nº Total de Ficheros: 206050
Nº de Ficheros Analizados: 16933
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

J'ai passé kaspersky en ligne, qu me confirme bien :

C:\WINDOWS\system32\drivers\srosa.sys Infecté : Trojan-Downloader.Win32.Bagle.ma ignoré

+ plein de fichiers "L'objet est verrouillé" -> à priori non infectés (?)

La grosse question : comment m'en débarrasser ?
Comme je vois que tu as fait des merveilles avec bibiche, je me permets de t'appeler à l'aide.

Mon système : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

OK. Je suis actuellement au boulot ; je vois ça ce soir.

Re,

Non pas très grave, ça se nettoie bien


Si tu as des crakcs sur ton PC, supprime-les TOUS, car ils vont relancer l'infection en cas d'exécution !

• Fais un scan en ligne Kaspersky avec Internet Explorer :
• Clique sur
• Clique maintenant sur J'accepte.
• Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
• Patiente pendant l'installation des Mises à jour.
• Choisis par la suite l'analyse du Poste de travail
• Sauvegarde puis colle le rapport généré en fin d'analyse.

AIDE : Tuto sur le scan en ligne

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

Re,

Mais non ne t'inquiète pas, je vais nettoyer ta machine

Le rapport posté est incomplet, il ne tient pas en un message. Poste donc la suite du rapport en plusieurs messages si nécessaire.

Bonne nuit, à demain

Oki.

On a bien avancé

1) Fais un nouveau scan avec ELIBAGLA puis poste-moi le rapport.

2) Désinstalle/réinstalle TOUS tes logiciels de protections. Redémarre le PC. Puis reviens me dire s'ils remarchent correctement.

Questions supplémentaires :

3) Au moment de l'infection j'avais NIS 2004. Il n'a pas vu Bagle, et ce dernier me l'a proprement verrolé. Derrière j'ai voulu réinstaller NIS 2008, mais l'install a échoué (et comme c'était une mise à jour, il a d'abord désinstallé NIS 2004 que j'avais avant). Résultat : je n'ai plus NIS du tout (et je me demande bien si une foi désinfecté mon upgrade va fonctionner, car il ne va plus trouver NIS 2004...!?).
De ce côté-là, rien à desinstaller donc.
Derrière j'ai voulu installer AVAST. Là ça s'est bien passé à l'install, mais au lancement j'ai bien évidemment eu le message "xxx n'est pas une application Win32 valide"... Donc là je pourrais effectivement le désinstaller, sauf qu'il n'y a pas de commande de désinstallation dans le menu Démarrage, et que depuis que je suis infecté mon assistant Windows "Ajout / suppression de programmes" ne fonctionne plus + aucune commande avec un nom évident *uninst* dans le répertoire d'install -> comment désinstaller AVAST ?

4) J'avais par ailleurs Windows Defender, mais depuis l'infection, j'ai au démarrage un message d'erreur avec un code hexa en 0x080xxx...Comment désinstaller / réinstaller WD ?

Voili-voilou :
------------------


AntiVir PersonalEdition Classic
Report file date: 2008-04-11 20:22

Scanning for 1198942 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: SN402927450003

Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 18:21:57
ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 2008-04-11 18:21:57
ANTIVIR3.VDF : 7.0.3.158 61952 Bytes 2008-04-11 18:21:57
AVEWIN32.DLL : 7.6.0.85 3461632 Bytes 2008-04-11 18:21:58
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-04-11 18:21:58
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 08:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: N:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2008-04-11 20:22

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'scrnsave.scr' - '1' Module(s) have been scanned
Scan process 'NB11GUTI.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'AOSD.EXE' - '1' Module(s) have been scanned
Scan process 'PRISMSVR.exe' - '1' Module(s) have been scanned
Scan process 'ABOARD.EXE' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'Directcd.exe' - '1' Module(s) have been scanned
Scan process 'ALCWZRD.EXE' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'hpcmpmgr.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'hpztsb10.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'SoundMan.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'NB11GUTI.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'AOSD.EXE' - '1' Module(s) have been scanned
Scan process 'PRISMSVR.exe' - '1' Module(s) have been scanned
Scan process 'ABOARD.EXE' - '1' Module(s) have been scanned
Scan process 'Directcd.exe' - '1' Module(s) have been scanned
Scan process 'ALCWZRD.EXE' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'hpcmpmgr.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'hpztsb10.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'SoundMan.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
59 processes with 59 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'M:\'
[NOTE] No virus was found!
Boot sector 'N:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '37' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Eric\Mes documents\Mon PC\Logiciels téléchargés\Traitement audio\Sony Sound Forge 8\Sony Media (Vegas 6, Sound Forge 8, Dvd Architect 3, Cd Architect 5, Acid Pro 5 Music Studio 5) I.rar
[0] Archive type: RAR
--> Sony CD Architect 5.0 (Build 93)\RENEGADE KeyGen\KEYGEN.EXE
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> Sony 5.1 Surround Plug-In\RENEGADE KeyGen\Sony 5.1 Surround Plug-in Pack KeyGen 1.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> Sony 5.1 Surround Plug-In\RENEGADE KeyGen\Sony 5.1 Surround Plug-in Pack KeyGen 2.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '486db30b.qua'!
C:\Documents and Settings\Eric\Mes documents\Mon PC\Logiciels téléchargés\Traitement vidéo\Conversion MOV\Crack\Crack.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '4860b47b.qua'!
C:\Documents and Settings\Eric\Mes documents\Mon PC\Logiciels téléchargés\Traitement vidéo\Conversion MOV\Crack\Quicktime[1].Pro.7.0.x.GENERiC_CRK-FFF.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '4868b493.qua'!
C:\Documents and Settings\Eric\Mes documents\Mon PC\Logiciels téléchargés\Winrar\Winrar v3.71 fr + Keygen for Windows XP & Vista [100%OK by ROSKA].zip
[0] Archive type: ZIP
--> keygen.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.aac.4 Backdoor server programs
[INFO] The file was moved to '486db595.qua'!
C:\Muestras\FLEC006.EXE.Muestra EliBagle v11.21
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\QooBox\Quarantine\catchme2008-04-10_183624.42.zip
[0] Archive type: ZIP
--> Documents and Settings/Admin/Bureau/catchme.zip
[1] Archive type: ZIP
--> srosa.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
--> hldrrr.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.MA
[INFO] The file was moved to '4873c119.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\hldrrr.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '4863c130.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\1160453.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '4835c101.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\1255937.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4834c108.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\1266687.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4835c10c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\264977546.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4833c114.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\4370859.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '4836c116.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\4396750.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4838c11c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\4430640.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '4832c120.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1074\A0170017.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1075\A0170044.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1075\A0170053.EXE
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.MA
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1076\A0170100.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1076\A0170107.EXE
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.MA
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1077\A0170140.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1077\A0170147.EXE
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.MA
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1077\A0170182.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1078\A0170301.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1082\A0171315.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1085\A0173816.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1088\A0184443.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1091\A0184920.EXE
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.MA
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1091\A0184921.EXE
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.MA
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1091\A0184922.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.MA
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1091\A0184923.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.MA
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1092\A0185756.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1093\A0185800.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1096\A0186804.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1096\A0186805.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1096\A0186829.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1096\A0186846.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1096\A0186847.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1096\A0186851.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1096\A0186883.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1096\A0186889.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\WINDOWS\system32\drivers\atapi.sys
[WARNING] The file could not be opened!
Begin scan in 'M:\' <Extension 1>
M:\Sauvegardes\Documents partagés\ub.exe
[WARNING] The file could not be opened!
M:\Sauvegardes\Julie\ub.exe
[WARNING] The file could not be opened!
M:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1046\A0161895.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was deleted!
Begin scan in 'N:\' <EXTENSION 2>
N:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1046\A0161896.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was deleted!
N:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1088\A0175227.exe
[DETECTION] Contains detection pattern of the dropper DR/Agent.ZM.4
[INFO] The file was deleted!
N:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1088\A0175228.exe
[DETECTION] Contains detection pattern of the dropper DR/Vapsup.awu
[INFO] The file was deleted!
N:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1088\A0175888.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '4830ca9b.qua'!
N:\Sauvegardes\Eric\Eric\Local Settings\Temp\tmp1916.tmp.exe
[DETECTION] Contains detection pattern of the dropper DR/Agent.ZM.4
[INFO] The file was deleted!
N:\Sauvegardes\Eric\Eric\Local Settings\Temp\tmp191A.tmp.exe
[DETECTION] Contains detection pattern of the dropper DR/Vapsup.awu
[INFO] The file was deleted!
N:\Sauvegardes\Eric\Eric\Mes documents\Mon PC\Logiciels téléchargés\Traitement audio\Sony Sound Forge 8\Sony Media (Vegas 6, Sound Forge 8, Dvd Architect 3, Cd Architect 5, Acid Pro 5 Music Studio 5) I.rar
[0] Archive type: RAR
--> Sony CD Architect 5.0 (Build 93)\RENEGADE KeyGen\KEYGEN.EXE
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> Sony 5.1 Surround Plug-In\RENEGADE KeyGen\Sony 5.1 Surround Plug-in Pack KeyGen 1.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> Sony 5.1 Surround Plug-In\RENEGADE KeyGen\Sony 5.1 Surround Plug-in Pack KeyGen 2.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
N:\Sauvegardes\Eric\Eric\Mes documents\Mon PC\Logiciels téléchargés\Traitement vidéo\Conversion MOV\Crack\Crack.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '4860cec8.qua'!
N:\Sauvegardes\Eric\Eric\Mes documents\Mon PC\Logiciels téléchargés\Traitement vidéo\Conversion MOV\Crack\Quicktime[1].Pro.7.0.x.GENERiC_CRK-FFF.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was deleted!
N:\Sauvegardes\Eric\Eric\Mes documents\Mon PC\Logiciels téléchargés\Winrar\Winrar v3.71 fr + Keygen for Windows XP & Vista [100%OK by ROSKA].zip
[0] Archive type: ZIP
--> keygen.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.aac.4 Backdoor server programs
[INFO] The file was deleted!


End of the scan: 2008-04-11 22:53
Used time: 2:30:35 min

The scan has been done completely.

20174 Scanning directories
755712 Files were scanned
51 viruses and/or unwanted programs were found
5 Files were classified as suspicious:
36 files were deleted
0 files were repaired
15 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
755661 Files not concerned
10591 Archives were scanned
4 Warnings
3 Notes
------------------

Mince, c'est long ! ça fait 3 heures que Anti-Malware tourne, et il n'a fait que 60 000 fichiers (il en a plus de 200 000 à se taper...!)
Aucun méchant en vue pour l'instant.

Re,

Poste un nouveau rapport hijackthis et dis-moi comment va le PC.

Voici le rapport de Highjackthis :
----------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:20, on 2008-04-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Wifi\PRISMSVR.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wifi\NB11GUTI.exe
C:\Program Files\Xi\NetXfer 2.48\NetTransport.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer 2.48\NXIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\PROGRA~1\eSnips\SnipBar.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer 2.48\NXToolBar.dll
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Wifi\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-2840067212-4047210102-739398192-1006\..\Run: [Ub4TrayApp] "C:\Program Files\Astase\UltraBackup\4.0\bin\ubtray.exe" /start (User 'Eric')
O4 - HKUS\S-1-5-21-2840067212-4047210102-739398192-1006\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe (User 'Eric')
O4 - HKUS\S-1-5-21-2840067212-4047210102-739398192-1006\..\Run: [mule_st_key] C:\Documents and Settings\Eric\Application Data\m\flec006.exe (User 'Eric')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: 802.11g Wireless USB Adapter Utility.lnk = C:\Program Files\Wifi\NB11GUTI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tec [...] SupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6 [...] vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/tec [...] mAData.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - file://C:\Documents and Settings\Eric\Mes documents\Mon PC\Logiciels téléchargés\Visionneuse panoramique\tmp\MSSurVid.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 11307 bytes
-------------------

La fonctionnalité de rajout / suppression de programme semble avoir été restaurée, du moins sur le compte de secours que j'utilise...

Salut,

1) Voici le rapport d'EliBagle (J'ai toujours 5 ou 6 répertoires dans lesquels il ne peut pas entrer sous C\RECYCLERS) :
-------------------
Sun Apr 13 07:52:58 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 15939
Nº Total de Ficheros: 192774
Nº de Ficheros Analizados: 17122
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
-------------------

2) Zebrestore -> Fait.

3) Avast -> supprimé

4) Pour le reste, je vois en fonction de mon emploi du temps du jour :-)

Suite :

1) Windows Defender -> supprimé

2) rapport de ComboFix lancé en mode sans echec :
--------------------
ComboFix 08-04-12.7 - Admin 2008-04-13 15:02:25.2 - NTFSx86 MINIMAL

Endroit: C:\Documents and Settings\Admin\Bureau\Combo--Fix.exe
.
TimedOut: progfile.dat

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Eric\Application Data\urlredir.cfg
.
---- Previous Run -------
.
C:\Documents and Settings\Admin\Application Data\urlredir.cfg
C:\Documents and Settings\Corinne\Application Data\urlredir.cfg
C:\Documents and Settings\Eric\Application Data\m
C:\Documents and Settings\Eric\Application Data\urlredir.cfg
C:\Documents and Settings\Luc\Application Data\urlredir.cfg
C:\WINDOWS\hosts
C:\WINDOWS\secure32.html
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\DcadsSocial-uninstall.exe
C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\down\1158968.exe
C:\WINDOWS\system32\drivers\down\1160453.exe
C:\WINDOWS\system32\drivers\down\1228687.exe
C:\WINDOWS\system32\drivers\down\1242656.exe
C:\WINDOWS\system32\drivers\down\1253390.exe
C:\WINDOWS\system32\drivers\down\1255937.exe
C:\WINDOWS\system32\drivers\down\1266687.exe
C:\WINDOWS\system32\drivers\down\1318578.exe
C:\WINDOWS\system32\drivers\down\1327078.exe
C:\WINDOWS\system32\drivers\down\1339656.exe
C:\WINDOWS\system32\drivers\down\1346140.exe
C:\WINDOWS\system32\drivers\down\1353203.exe
C:\WINDOWS\system32\drivers\down\1360671.exe
C:\WINDOWS\system32\drivers\down\1382906.exe
C:\WINDOWS\system32\drivers\down\1385296.exe
C:\WINDOWS\system32\drivers\down\1428390.exe
C:\WINDOWS\system32\drivers\down\1433062.exe
C:\WINDOWS\system32\drivers\down\1436250.exe
C:\WINDOWS\system32\drivers\down\1444437.exe
C:\WINDOWS\system32\drivers\down\1457562.exe
C:\WINDOWS\system32\drivers\down\1485218.exe
C:\WINDOWS\system32\drivers\down\1492390.exe
C:\WINDOWS\system32\drivers\down\1499515.exe
C:\WINDOWS\system32\drivers\down\1503281.exe
C:\WINDOWS\system32\drivers\down\1518203.exe
C:\WINDOWS\system32\drivers\down\1546953.exe
C:\WINDOWS\system32\drivers\down\264953125.exe
C:\WINDOWS\system32\drivers\down\264959765.exe
C:\WINDOWS\system32\drivers\down\264963046.exe
C:\WINDOWS\system32\drivers\down\264971437.exe
C:\WINDOWS\system32\drivers\down\264977546.exe
C:\WINDOWS\system32\drivers\down\265007187.exe
C:\WINDOWS\system32\drivers\down\265018765.exe
C:\WINDOWS\system32\drivers\down\265022578.exe
C:\WINDOWS\system32\drivers\down\265031484.exe
C:\WINDOWS\system32\drivers\down\265045843.exe
C:\WINDOWS\system32\drivers\down\265050734.exe
C:\WINDOWS\system32\drivers\down\265053093.exe
C:\WINDOWS\system32\drivers\down\265054718.exe
C:\WINDOWS\system32\drivers\down\265062203.exe
C:\WINDOWS\system32\drivers\down\265071296.exe
C:\WINDOWS\system32\drivers\down\265115453.exe
C:\WINDOWS\system32\drivers\down\265132218.exe
C:\WINDOWS\system32\drivers\down\265138171.exe
C:\WINDOWS\system32\drivers\down\265146156.exe
C:\WINDOWS\system32\drivers\down\265150203.exe
C:\WINDOWS\system32\drivers\down\4369687.exe
C:\WINDOWS\system32\drivers\down\4370859.exe
C:\WINDOWS\system32\drivers\down\4396750.exe
C:\WINDOWS\system32\drivers\down\4407078.exe
C:\WINDOWS\system32\drivers\down\4415140.exe
C:\WINDOWS\system32\drivers\down\4425906.exe
C:\WINDOWS\system32\drivers\down\4430640.exe
C:\WINDOWS\system32\drivers\down\4505484.exe
C:\WINDOWS\system32\drivers\down\4513921.exe
C:\WINDOWS\system32\drivers\down\4527890.exe
C:\WINDOWS\system32\drivers\down\4533468.exe
C:\WINDOWS\system32\drivers\down\4539921.exe
C:\WINDOWS\system32\drivers\down\4545968.exe
C:\WINDOWS\system32\drivers\down\4583625.exe
C:\WINDOWS\system32\drivers\down\4585953.exe
C:\WINDOWS\system32\drivers\down\4628281.exe
C:\WINDOWS\system32\drivers\down\4633125.exe
C:\WINDOWS\system32\drivers\down\4640140.exe
C:\WINDOWS\system32\drivers\down\4669546.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\iebrowserc.dll
C:\WINDOWS\system32\paytime.exe
C:\WINDOWS\tool1.exe
C:\WINDOWS\tool2.exe
C:\WINDOWS\tool3.exe
C:\WINDOWS\tool4.exe
C:\WINDOWS\tool5.exe
N:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA
-------\Legacy_CCEVTMGR
-------\Service_ccEvtMgr


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-13 to 2008-04-13 ))))))))))))))))))))))))))))))))))))
.

2008-04-12 14:11 . 2008-04-12 14:11 125,016 --a------ C:\Documents and Settings\Admin\Application Data\GDIPFONTCACHEV1.DAT
2008-04-12 09:16 . 2008-04-12 09:16 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-12 09:16 . 2008-04-12 09:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-12 09:16 . 2008-04-12 09:16 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Malwarebytes
2008-04-11 20:10 . 2008-04-11 20:10 <REP> d-------- C:\Program Files\Avira
2008-04-11 20:10 . 2008-04-11 20:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-10 18:22 . 2008-04-10 18:41 <REP> d-------- C:\ComboFix[1]
2008-04-08 18:51 . 2008-04-11 21:02 <REP> d-------- C:\Muestras
2008-04-06 15:30 . 2008-04-06 15:30 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-06 10:33 . 2008-04-06 10:33 <REP> d-------- C:\Program Files\Alwil Software
2008-04-05 15:05 . 2008-04-05 15:05 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Ulead Systems
2008-04-05 15:05 . 2008-04-05 15:05 <REP> d-------- C:\Documents and Settings\Admin\Application Data\DivX
2008-04-02 19:05 . 2008-04-02 19:05 <REP> d-------- C:\Documents and Settings\Admin\Application Data\AdobeUM
2008-03-29 18:59 . 2008-03-29 18:59 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Lavasoft
2008-03-29 18:17 . 2008-03-29 18:17 <REP> d-------- C:\Program Files\Windows Defender
2008-03-29 17:48 . 2008-03-29 17:49 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-29 17:48 . 2008-03-29 17:49 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-29 17:48 . 2008-03-29 17:49 10,652 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-29 17:48 . 2008-03-29 17:49 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-26 19:56 . 2008-03-26 19:56 <REP> d-------- C:\Documents and Settings\Admin\Application Data\DonationCoder
2008-03-24 20:40 . 2008-03-24 20:40 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Apple Computer
2008-03-24 20:39 . 2008-04-12 10:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-24 20:39 . 2008-03-24 20:39 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-24 20:35 . 2008-04-05 18:28 284 --a------ C:\Documents and Settings\Admin\Application Data\ViewerApp.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 07:15 --------- d-----w C:\Program Files\Common Files
2008-03-31 17:12 --------- d-----w C:\Program Files\RegistryFix
2008-03-29 15:49 --------- d-----w C:\Program Files\Symantec
2008-03-29 15:49 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-03-24 13:13 --------- d-----w C:\Program Files\eMule
2008-03-17 19:55 125,016 ------w C:\Documents and Settings\Eric\Application Data\GDIPFONTCACHEV1.DAT
2008-03-11 17:50 --------- d-----w C:\Program Files\URLSnooper2
2008-03-11 17:37 --------- d-----w C:\Program Files\WinPcap
2008-03-11 17:37 --------- d-----w C:\Documents and Settings\Eric\Application Data\DonationCoder
2008-03-11 17:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\DonationCoder
2008-03-02 12:57 --------- d-----w C:\Program Files\eSnips
2008-02-25 20:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
2008-02-25 20:34 --------- d-----w C:\Program Files\GRETECH
2008-02-25 20:34 --------- d-----w C:\Documents and Settings\Eric\Application Data\GRETECH
2008-02-25 17:07 560 ------w C:\Documents and Settings\Eric\Application Data\ViewerApp.dat
2008-02-23 10:51 --------- d-----w C:\Program Files\Open Cellar
2008-01-27 21:41 893,459 ----a-w C:\pluridisciplinarite.zip
2007-12-03 18:13 112,560 ----a-w C:\Documents and Settings\Corinne\Application Data\GDIPFONTCACHEV1.DAT
2006-11-23 18:45 106,080 ----a-w C:\Documents and Settings\Julie\Application Data\GDIPFONTCACHEV1.DAT
2004-08-19 15:09 65,024 --sha-w C:\WINDOWS\system32\asycfilt.dll
2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll
2004-08-19 15:09 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2004-08-05 12:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll
2004-08-19 15:09 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2004-08-19 15:09 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2004-08-05 12:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll
2007-12-04 18:41 550,912 --sha-w C:\WINDOWS\system32\oleaut32.dll
2004-08-19 15:09 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll
2004-08-19 15:09 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-10_18.41.28.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-20 07:56:50 1,846,016 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2008-02-20 05:20:23 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:50:24 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
+ 2008-02-20 06:52:42 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
- 2007-09-09 10:08:13 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-04-11 21:06:29 69,120 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2007-09-09 10:08:26 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-04-11 21:06:43 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2007-09-09 10:08:27 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-04-11 21:05:57 4,444,160 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2007-09-09 10:08:29 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-04-11 21:06:49 483,840 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2007-09-09 10:08:20 2,902,016 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-04-11 21:06:10 3,036,160 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2007-09-09 10:08:07 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-04-11 21:06:56 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2007-09-09 10:08:07 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-04-11 21:06:56 113,664 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2007-09-09 10:08:36 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-04-11 21:06:44 261,120 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2007-09-09 10:08:17 5,156,864 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-04-11 21:06:07 5,431,296 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-09-09 10:08:12 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-04-11 21:06:20 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2007-09-09 10:08:06 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-04-11 21:06:08 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2007-09-09 10:08:08 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-04-11 21:06:28 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2007-09-09 10:08:22 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-04-11 21:06:36 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2007-09-09 10:08:24 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-04-11 21:06:38 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2007-09-09 10:08:25 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-04-11 21:06:39 6,656 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2007-09-09 10:08:09 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-04-11 21:06:58 348,160 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2007-09-09 10:08:10 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-04-11 21:07:00 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2007-09-09 10:08:11 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-04-11 21:07:01 655,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2007-09-09 10:08:11 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-04-11 21:07:02 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2007-09-09 10:08:08 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-04-11 21:06:40 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2007-09-09 10:08:39 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-04-11 21:06:37 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2007-09-09 10:08:38 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-04-11 21:06:34 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2007-09-09 10:08:04 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-04-11 21:06:50 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2007-09-09 10:08:37 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-04-11 21:06:32 671,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2007-09-09 10:08:39 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-04-11 21:06:03 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2007-09-09 10:08:06 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-04-11 21:06:54 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2007-09-09 10:08:05 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-04-11 21:06:31 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2007-09-09 10:08:05 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-04-11 21:06:30 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2007-09-09 10:08:32 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-04-11 21:06:41 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2007-09-09 10:08:14 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-04-11 21:06:42 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2007-09-09 10:08:33 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-04-11 21:06:09 425,984 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2007-09-09 10:08:29 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-04-11 21:06:11 741,376 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2007-09-09 10:08:07 888,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-04-11 21:06:12 933,888 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2007-09-09 10:08:21 5,001,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-04-11 21:07:05 5,070,848 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2007-09-09 10:08:15 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-04-11 21:07:01 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2007-09-09 10:08:14 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-04-11 21:06:23 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2007-09-09 10:08:15 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-04-11 21:06:52 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2007-09-09 10:08:34 577,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-04-11 21:06:04 630,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2007-09-09 10:08:30 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-04-11 21:06:55 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2007-09-09 10:08:35 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-04-11 21:06:51 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2007-09-09 10:08:31 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-04-11 21:06:47 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2007-09-09 10:08:31 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-04-11 21:06:46 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2007-09-09 10:08:12 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-04-11 21:06:05 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2007-09-09 10:08:16 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-04-11 21:06:05 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2007-09-09 10:08:36 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-04-11 21:06:17 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2007-09-09 10:08:18 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-04-11 21:06:19 90,112 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2007-09-09 10:08:18 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-04-11 21:06:15 839,680 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2007-09-09 10:08:19 5,152,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-04-11 21:06:27 5,013,504 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2007-09-09 10:08:20 2,027,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-04-11 21:06:06 2,068,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2007-09-09 10:08:34 2,940,928 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-04-11 21:06:14 3,076,096 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-04-11 21:21:13 27,136 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll
+ 2008-04-11 21:21:17 69,632 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AjaVideoProperties\c875c9c154281ae0d798bdad0f8559f9\AjaVideoProperties.ni.dll
+ 2008-04-11 21:21:17 884,736 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetMMCExt.ni.dll
+ 2008-04-11 21:21:25 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\CustomMarshalers.ni.dll
+ 2008-04-11 21:21:18 77,824 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DecklinkVideoProper#\9ba948ca93da3c952e788e251abf0cc4\DecklinkVideoProperties.ni.dll
+ 2008-04-11 21:21:25 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe
+ 2008-04-11 21:21:27 876,544 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b\Microsoft.Build.Engine.ni.dll
+ 2008-04-11 21:21:28 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e\Microsoft.Build.Framework.ni.dll
+ 2008-04-11 21:21:32 1,695,744 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8\Microsoft.Build.Tasks.ni.dll
+ 2008-04-11 21:21:33 167,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489\Microsoft.Build.Utilities.ni.dll
+ 2008-04-11 21:21:36 1,740,800 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f\Microsoft.VisualBasic.ni.dll
+ 2008-04-11 21:09:32 11,722,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll
+ 2008-04-11 21:21:20 692,224 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sony.Capture\c037eccfbfcee147352831e3dff9d4ca\Sony.Capture.ni.dll
+ 2008-04-11 21:21:21 274,432 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sony.MediaSoftware.#\3d70de26304d75fde4757a1c3696269d\Sony.MediaSoftware.ExternalVideoDevice.ni.dll
+ 2008-04-11 21:21:24 258,048 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sony.Vegas.NetRender\dfa3a9f22de2d57ac9bcee578d1fb2bf\Sony.Vegas.NetRender.ni.dll
+ 2008-04-11 21:21:23 630,784 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sony.Vegas\8ec4d8808080a21e9357c5f6ca0a560d\Sony.Vegas.ni.dll
+ 2008-04-11 21:21:38 1,011,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll
+ 2008-04-11 21:10:11 7,049,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.Data.ni.dll
+ 2008-04-11 21:21:40 1,798,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\System.Deployment.ni.dll
+ 2008-04-11 21:10:35 10,969,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\c1e16b40e30a05c39be8aee46311841c\System.Design.ni.dll
+ 2008-04-11 21:21:42 1,224,704 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll
+ 2008-04-11 21:21:43 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d\System.DirectoryServices.Protocols.ni.dll
+ 2008-04-11 21:10:39 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa\System.Drawing.Design.ni.dll
+ 2008-04-11 21:10:38 1,667,072 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll
+ 2008-04-11 21:21:45 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll
+ 2008-04-11 21:21:45 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.Wrapper.dll
+ 2008-04-11 21:21:47 733,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\System.Security.ni.dll
+ 2008-04-11 21:21:47 233,472 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll
+ 2008-04-11 21:21:49 679,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll
+ 2008-04-11 21:22:11 2,342,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\System.Web.Mobile.ni.dll
+ 2008-04-11 21:22:12 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa\System.Web.RegularExpressions.ni.dll
+ 2008-04-11 21:22:15 1,986,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll
+ 2008-04-11 21:22:07 12,509,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll
+ 2008-04-11 21:11:08 13,193,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll
+ 2008-04-11 21:11:22 5,771,264 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll
+ 2008-04-11 21:09:54 8,265,728 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll
+ 2008-04-13 13:12:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-03-04 23:00:00 2,504 ----a-w C:\WINDOWS\Downloaded Program Files\catalog.dat
+ 2008-03-04 23:00:00 1,957 ----a-w C:\WINDOWS\Downloaded Program Files\tinfl.dat
+ 2008-04-06 11:16:46 2,072 ----a-w C:\WINDOWS\Downloaded Program Files\vscanmsx.dat
+ 2004-08-05 12:00:00 2,589 ----a-w C:\WINDOWS\I386\RUNW32.BAT
+ 2007-12-07 02:08:32 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-19 22:53:23 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-07 02:08:32 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:08:32 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:08:32 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-06 11:02:31 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:08:32 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:08:32 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-12-07 02:08:32 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:08:32 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:08:33 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:08:33 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:08:33 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 11:03:16 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-07 02:08:33 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:08:33 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:08:33 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-08 09:38:36 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-07 02:08:34 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:08:34 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:08:34 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:08:34 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:36:55 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:08:34 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:08:34 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:08:34 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:08:34 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
+ 2004-12-30 07:41:40 2,998 ----a-r C:\WINDOWS\Installer\{2F7655DD-793E-40C6-B348-DE67C109F6FF}\ARPPRODUCTICON.exe
+ 2006-10-06 15:25:58 2,238 ----a-r C:\WINDOWS\Installer\{3CD4136D-2983-4BDA-9698-F761B1D425FF}\ARPPRODUCTICON.exe
+ 2008-04-05 08:14:36 2,560 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-03-25 17:27:15 2,560 ----a-r C:\WINDOWS\Installer\{9211040C-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2005-09-23 05:28:52 72,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2007-10-23 23:47:38 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
- 2005-09-23 05:28:52 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
+ 2007-10-23 23:47:38 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
- 2005-09-23 05:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2007-10-23 23:47:40 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
- 2005-09-23 05:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2007-10-23 23:47:42 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
- 2005-09-23 05:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
+ 2007-10-23 23:47:40 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
- 2005-09-23 05:28:52 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2007-10-23 23:47:38 97,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
- 2005-09-23 05:28:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2007-10-23 23:47:26 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
- 2005-09-23 05:28:42 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2007-10-23 23:47:30 145,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
- 2005-09-23 05:28:44 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2007-10-23 23:47:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
- 2005-09-23 05:29:04 183,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2007-10-23 23:47:48 193,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
- 2005-09-23 05:28:28 208,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2007-10-23 23:47:20 218,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
- 2005-09-23 05:28:56 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2007-10-23 23:47:40 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
- 2005-09-23 05:28:58 138,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2007-10-23 23:47:42 147,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
- 2005-09-23 05:28:36 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2007-10-23 23:47:26 99,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
- 2007-04-13 01:21:18 58,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2007-10-23 23:47:42 59,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
- 2005-09-23 05:28:32 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2007-10-23 23:47:22 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
- 2007-04-13 01:20:52 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2007-10-23 23:47:22 22,024 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2007-04-13 01:20:52 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2007-10-23 23:47:22 17,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
- 2007-04-13 01:20:52 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2007-10-23 23:47:22 33,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
- 2007-04-13 01:20:50 75,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2007-10-23 23:47:22 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
- 2005-09-23 05:28:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2007-10-23 23:47:22 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
- 2007-04-13 01:20:52 32,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2007-10-23 23:47:22 32,776 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
- 2005-09-23 05:28:32 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2007-10-23 23:47:22 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2007-04-13 01:20:52 33,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2007-10-23 23:47:22 33,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
- 2007-04-13 01:20:52 32,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2007-10-23 23:47:22 33,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2007-04-13 01:20:52 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2007-10-23 23:47:22 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2005-09-23 05:28:56 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2007-10-23 23:47:40 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- 2007-04-13 01:21:16 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2007-10-23 23:47:40 101,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
- 2005-09-23 05:28:42 76,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2007-10-23 23:47:30 80,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
- 2005-09-23 05:28:42 1,144,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2007-10-23 23:47:30 1,162,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
- 2005-09-23 05:28:42 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2007-10-23 23:47:30 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
- 2005-09-23 05:28:58 17,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2007-10-23 23:47:42 27,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2005-09-23 05:28:56 68,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2007-10-23 23:47:40 69,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
- 2005-09-23 05:28:44 31,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2007-10-23 23:47:30 35,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
- 2005-09-23 05:28:38 52,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2007-10-23 23:47:28 66,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
- 2007-04-13 01:20:58 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2007-10-23 23:47:28 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- 2005-09-23 05:29:12 547,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2007-10-23 23:47:54 572,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
- 2005-09-23 05:28:56 788,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2007-10-23 23:47:40 798,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
- 2005-09-23 05:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2007-10-23 23:47:36 18,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
- 2007-04-13 01:21:16 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2007-10-23 23:47:40 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2005-09-23 05:28:56 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2007-10-23 23:47:40 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2005-09-23 05:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2007-10-23 23:47:40 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
- 2005-09-23 05:28:56 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2007-10-23 23:47:40 6,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
- 2007-04-13 01:21:16 228,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2007-10-23 23:47:40 230,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
- 2007-04-13 01:21:16 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2007-10-23 23:47:40 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2005-09-23 05:28:56 55,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2007-10-23 23:47:40 65,032 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
- 2005-09-23 05:28:56 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2007-10-23 23:47:40 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
- 2005-09-23 05:28:48 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2007-10-23 23:47:34 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2007-04-13 01:21:10 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2007-10-23 23:47:36 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
- 2005-09-23 05:28:48 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2007-10-23 23:47:36 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2007-04-13 01:21:10 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2007-10-23 23:47:36 655,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
- 2005-09-23 05:28:48 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2007-10-23 23:47:36 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
- 2007-04-13 01:21:08 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2007-10-23 23:47:34 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
- 2005-09-23 05:29:10 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2007-10-23 23:47:52 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
- 2005-09-23 05:29:10 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2007-10-23 23:47:52 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2005-09-23 05:29:08 667,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2007-10-23 23:47:50 671,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
- 2005-09-23 05:28:30 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2007-10-23 23:47:20 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
- 2005-09-23 05:29:10 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2007-10-23 23:47:52 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
- 2005-09-23 05:28:30 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2007-10-23 23:47:20 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 05:28:30 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2007-10-23 23:47:20 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2005-09-23 05:28:30 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2007-10-23 23:47:20 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2007-04-13 01:20:52 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2007-10-23 23:47:22 97,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2005-09-23 05:28:48 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2007-10-23 23:47:36 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2007-04-13 01:21:18 802,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2007-10-23 23:47:40 822,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2005-09-23 05:28:56 73,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2007-10-23 23:47:40 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
- 2005-09-23 05:28:56 288,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2007-10-23 23:47:40 308,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
- 2007-04-13 01:21:16 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2007-10-23 23:47:40 47,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
- 2007-04-13 01:21:16 326,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2007-10-23 23:47:40 348,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2005-09-23 05:28:56 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2007-10-23 23:47:40 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
- 2007-04-13 01:21:16 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2007-10-23 23:47:40 4,444,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2007-04-13 01:21:16 102,912 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2007-10-23 23:47:40 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
- 2005-09-23 05:29:00 330,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2007-10-23 23:47:44 340,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
- 2005-09-23 05:28:56 67,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2007-10-23 23:47:40 77,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
- 2005-09-23 05:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2007-10-23 23:47:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
- 2007-04-13 01:21:18 227,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2007-10-23 23:47:40 242,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
- 2007-04-13 01:21:18 68,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2007-10-23 23:47:40 70,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
- 2005-09-23 05:28:56 10,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2007-10-23 23:47:40 19,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
- 2007-04-13 01:21:12 5,634,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2007-10-23 23:47:36 5,814,784 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2005-09-23 05:29:00 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2007-10-23 23:47:44 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
- 2007-04-13 01:21:16 99,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2007-10-23 23:47:40 101,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
- 2007-04-13 01:21:18 15,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2007-10-23 23:47:40 24,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
- 2005-09-23 05:28:56 78,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2007-10-23 23:47:40 89,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
- 2007-04-13 01:21:12 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2007-10-23 23:47:36 144,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
- 2005-09-23 05:28:56 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2007-10-23 23:47:40 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- 2005-09-23 05:28:56 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2007-10-23 23:47:40 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2005-09-23 05:29:02 59,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2007-10-23 23:47:46 61,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
- 2005-09-23 05:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2007-10-23 23:47:42 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
- 2005-09-23 05:28:56 107,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2007-10-23 23:47:40 119,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
- 2005-09-23 05:29:00 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2007-10-23 23:47:44 95,232 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
- 2007-04-13 01:21:18 382,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2007-10-23 23:47:40 392,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2007-04-13 01:21:18 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2007-10-23 23:47:40 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2007-04-13 01:21:18 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2007-10-23 23:47:42 425,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
- 2005-09-23 05:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2007-10-23 23:47:40 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
- 2007-04-13 01:21:16 2,902,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2007-10-23 23:47:40 3,036,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
- 2007-04-13 01:21:18 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2007-10-23 23:47:40 483,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
- 2007-04-13 01:21:18 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2007-10-23 23:47:40 741,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
- 2007-04-13 01:20:58 888,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2007-10-23 23:47:28 933,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
- 2007-04-13 01:21:16 5,001,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2007-10-23 23:47:40 5,070,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2005-09-23 05:28:56 397,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2007-10-23 23:47:40 401,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
- 2007-04-13 01:21:18 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2007-10-23 23:47:40 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2007-04-13 01:21:16 2,940,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2007-10-23 23:47:40 3,076,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2005-09-23 05:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2007-10-23 23:47:40 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
- 2007-04-13 01:21:16 577,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2007-10-23 23:47:40 630,784 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2007-04-13 01:21:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2007-10-23 23:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
- 2007-04-13 01:21:18 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2007-10-23 23:47:40 57,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2007-04-13 01:21:18 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2007-10-23 23:47:40 113,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2007-04-13 01:21:16 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2007-10-23 23:47:40 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
- 2005-09-23 05:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2007-10-23 23:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
- 2007-04-13 01:21:16 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2007-10-23 23:47:40 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
- 2005-09-23 05:28:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2007-10-23 23:47:40 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
- 2005-09-23 05:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2007-10-23 23:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 05:28:56 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2007-10-23 23:47:40 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2007-04-13 01:21:18 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2007-10-23 23:47:40 261,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
- 2007-04-13 01:21:16 5,156,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2007-10-23 23:47:40 5,431,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2005-09-23 05:28:56 835,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2007-10-23 23:47:40 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
- 2005-09-23 05:28:56 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2007-10-23 23:47:40 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
- 2005-09-23 05:28:56 823,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2007-10-23 23:47:40 839,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
- 2007-04-13 01:21:16 5,152,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2007-10-23 23:47:40 5,013,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2007-04-13 01:21:16 2,027,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2007-10-23 23:47:40 2,068,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
- 2005-09-23 05:28:56 71,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2007-10-23 23:47:40 81,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
- 2007-04-13 01:21:28 1,166,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2007-10-23 23:47:48 1,172,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- 2007-04-13 01:20:50 1,330,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2007-10-23 23:47:20 1,344,000 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
- 2007-04-13 01:20:52 406,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2007-10-23 23:47:22 434,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2005-09-23 05:28:56 28,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2007-10-23 23:47:40 37,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2004-08-16 16:28:44 2,692 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2004-08-19 15:23:26 1,788 ------w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2004-08-03 22:07:58 2,944 ------w C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys
+ 2004-08-05 12:00:00 2,000 ----a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2004-08-05 12:00:00 2,032 ----a-w C:\WINDOWS\system\MOUSE.DRV
+ 2004-08-05 12:00:00 1,744 ----a-w C:\WINDOWS\system\SOUND.DRV
+ 2004-08-05 12:00:00 2,176 ----a-w C:\WINDOWS\system\VGA.DRV
- 2007-12-07 02:08:32 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 12:58:06 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2004-08-05 12:00:00 1,788 ----a-w C:\WINDOWS\system32\Dcache.bin
- 2005-09-23 05:28:38 83,456 ----a-w C:\WINDOWS\system32\dfshim.dll
+ 2007-10-23 23:47:28 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
- 2007-12-07 02:08:32 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-01 12:58:06 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
- 2006-06-26 17:41:32 148,480 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:35:05 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:35:05 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
- 2007-12-19 22:53:23 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 12:58:06 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-12-07 02:08:32 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 12:58:06 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-12-07 02:08:32 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 12:58:06 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-19 13:32:25 282,112 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:51:00 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2007-12-07 02:08:32 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-03-01 12:58:06 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
- 2007-12-06 11:02:31 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-02-29 08:56:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-12-07 02:08:32 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 12:58:06 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-12-07 02:08:32 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-01 12:58:06 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-12-06 04:59:51 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-12-07 02:08:32 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-03-01 12:58:07 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-12-07 02:08:32 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-01 12:58:07 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-12-07 02:08:33 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-03-01 12:58:08 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-12-07 02:08:33 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 12:58:08 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-12-07 02:08:33 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-03-01 12:58:08 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-12-06 11:00:58 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2007-12-06 11:03:16 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-02-29 08:57:05 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-12-07 02:08:33 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 12:58:08 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-12-07 02:08:33 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-03-01 12:58:08 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2007-12-07 02:08:33 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-03-01 12:58:08 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-12-08 09:38:36 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-03-01 16:28:10 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-12-07 02:08:34 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 12:58:09 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-12-07 02:08:34 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 12:58:10 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-12-07 02:08:34 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 12:58:10 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-12-07 02:08:34 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-01 12:58:10 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-01-11 05:36:55 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 12:58:10 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-12-07 02:08:34 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-01 12:58:10 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
- 2007-12-07 02:08:34 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-01 12:58:10 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-12-07 02:08:34 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-01 12:58:11 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-03-08 15:33:58 1,843,712 ------w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-03-20 08:09:22 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
- 2007-12-07 02:08:34 824,832 ----a-w C:\WINDOWS\system32\dllcache\w

Voici le rapport :
--------------------
Sunday, April 13, 2008 9:41:42 PM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 13/04/2008
Enregistrements dans la base antivirus Kaspersky : 629547


Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai

Cible de l'analyse Poste de travail
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
N:\

Statistiques de l'analyse
Total d'objets analysés 271591
Nombre de virus trouvés 2
Nombre d'objets infectés 2 / 0
Nombre d'objets suspects 0
Durée de l'analyse 03:52:58

Nom de l'objet infecté Nom du virus Dernière action
C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\UserData\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\Admin\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\Admin\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\Admin\Local Settings\Historique\History.IE5\MSHist012008041320080414\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\Admin\Local Settings\Temp\Av-test.txt Infecté : EICAR-Test-File ignoré

C:\Documents and Settings\Admin\Local Settings\Temp\~DFCC03.tmp L'objet est verrouillé ignoré

C:\Documents and Settings\Admin\Local Settings\Temp\~DFCC29.tmp L'objet est verrouillé ignoré

C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\Admin\ntuser.dat L'objet est verrouillé ignoré

C:\Documents and Settings\Admin\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\muvee Technologies\030625\0000\0023\values L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\muvee Technologies\030625\0001\9002\values L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\muvee Technologies\030625\0001\9006\values L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\muvee Technologies\030625\0001\9007\values L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\muvee Technologies\030625\0001\9024\values L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\muvee Technologies\output file log.txt L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Prism\c8daa708 L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-04-13_Log.ALUSchedulerSvc.LiveUpdate L'objet est verrouillé ignoré

C:\Documents and Settings\Eric\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2840067212-4047210102-739398192-1006\c5c512f6f31e3479335cd828a36c3e92_196c1ae6-1349-41ac-abd6-a98b1bbc51f6 L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Program Files\Adobe\Adobe Bridge\install.adb L'objet est verrouillé ignoré

C:\Program Files\Belarc\Advisor\System\Security\BelNotify\Advisor.bcx L'objet est verrouillé ignoré

C:\Program Files\Belarc\Advisor\System\Security\BelNotify\BelNotify.log L'objet est verrouillé ignoré

C:\Program Files\Belarc\Advisor\System\Security\BelNotify\Errors.log L'objet est verrouillé ignoré

C:\Program Files\Belarc\Advisor\System\Security\BelNotify\History.log L'objet est verrouillé ignoré

C:\Program Files\Belarc\Advisor\System\Security\BelNotify\HistoryHF.log L'objet est verrouillé ignoré

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\swg-2.0.301.7164\SearchWithGoogleUpdate_fr.exe L'objet est verrouillé ignoré

C:\Program Files\HP\hpcoretech\hpcmerr.log L'objet est verrouillé ignoré

C:\Program Files\InstallShield Installation Information\{01080000-070D-11D3-B35B-00805F010AA5}\setup.ilg L'objet est verrouillé ignoré

C:\Program Files\InstallShield Installation Information\{3CD4136D-2983-4BDA-9698-F761B1D425FF}\Setup.ilg L'objet est verrouillé ignoré

C:\Program Files\InstallShield Installation Information\{4D701F5D-F149-4FAC-AAA2-A36C088C5FE3}\setup.ilg L'objet est verrouillé ignoré

C:\Program Files\InstallShield Installation Information\{5E6B4F22-C209-4ED6-996E-37A3401706A6}\Setup.ilg L'objet est verrouillé ignoré

C:\Program Files\InstallShield Installation Information\{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}\Setup.ilg L'objet est verrouillé ignoré

C:\Program Files\InstallShield Installation Information\{88F93347-0F9B-4FED-BA71-6C2A4CDFE61D}\setup.ilg L'objet est verrouillé ignoré

C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\setup.ilg L'objet est verrouillé ignoré

C:\Program Files\InstallShield Installation Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\setup.ilg L'objet est verrouillé ignoré

C:\Program Files\InstallShield Installation Information\{A360821C-6B51-4EE4-A7E5-5E14B15004CD}\setup.ilg L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMOD\AuxSetup.exe L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMOD\aviproxy\proxyoff.reg L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMOD\aviproxy\proxyon.reg L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMOD\aviproxy\readme.txt L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMOD\AviSynthLexer.lexer L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMOD\Codecs.ini L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMOD\copying L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMOD\corona.dll L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMOD\license_corona.txt L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMOD\ogg.dll L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMOD\plugins\readme.txt L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMOD\readme_virtualdubmod_dlls.txt L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMOD\SciLexer.dll L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMOD\template\avisource.avst L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMOD\template\default.avst L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMOD\template\directshow.avst L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMOD\template\mpeg2dec.avst L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMOD\template\mpegdecoder.avst L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMOD\UnInstall_VDMOD.exe L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMOD\vdicmdrv.dll L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMOD\vdremote.dll L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMOD\vdsvrlnk.dll L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMOD\VirtualDub.vdhelp L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMOD\VirtualDubMod.chm L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMOD\VirtualDubMod.exe L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMOD\VirtualDubMod.exe.manifest L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMOD\VirtualDubMod.vdi L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMOD\vorbis.dll L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\AVICAP32.dll L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\AVIFIL32.dll L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\aviproxy\proxyoff.reg L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\aviproxy\proxyon.reg L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\aviproxy\readme.txt L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\AviSynthLexer.lexer L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\Changes_MOD.txt L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\Codecs.ini L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\copying L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\corona.dll L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\DCIMAN32.dll L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\DDRAW.dll L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\GLU32.dll L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\hosts.info L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\IMM32.DLL L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\libPNG.dll L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\license_corona.txt L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\MSACM32.dll L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\msvcrt.dll L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\MSVFW32.dll L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\ogg.dll L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\OPENGL32.dll L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\plugins\fxVHS.vdf L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\plugins\readme.txt L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\plugins\template\avisource.avst L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\plugins\template\default.avst L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\plugins\template\directshow.avst L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\plugins\template\mpeg2dec.avst L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\plugins\template\mpegdecoder.avst L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\qsetup.html L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\readme_AviSynthesizer.txt L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\readme_SyncPatch.txt L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\readme_VirtualDubMod.txt L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\readme_virtualdubmod_dlls.txt L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\SciLexer.dll L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\sylia.dll L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\template\AuxSetup.exe L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\template\avisource.avst L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\template\default.avst L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\template\directshow.avst L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\template\mpeg2dec.avst L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\template\mpegdecoder.avst L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\vdicmdrv.dll L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\VDMLangSurprise.dll L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\vdremote.dll L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\vdsvrlnk.dll L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\VirtualD.cnt L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\VirtualD.hlp L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\VirtualDub.vdhelp L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\VirtualDubMod.chm L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\VirtualDubMod.vdi L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\VirtualDubMod1541_FR.exe L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\vorbis.dll L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\vorbisfile.dll L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\WINMM.dll L'objet est verrouillé ignoré

C:\Program Files\VirtualDubMod_1541\zlib.dll L'objet est verrouillé ignoré

C:\QooBox\Quarantine\Registry_backups\Legacy_SROSA.reg.dat Infecté : Trojan-Downloader.Win32.Bagle.hp ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Autorun.inf L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Document\ReadMe\English\INETWH16.DLL L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Document\ReadMe\English\Inetwh32.dll L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Document\ReadMe\English\README.HLP L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Driver\DirectX\DSETUP.dll L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Driver\DirectX\dsetup32.dll L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Driver\DirectX\dxsetup.exe L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Driver\DirectX\mdxredist.msi L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Info.ini L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\MFC42.DLL L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\AXreg.exe L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\AXunreg.exe L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\CFGSetup.dll L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\MFC42.DLL L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\A3\ALL\MPEG\ulDVDAudio.ax L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\A3\ALL\MPEG\uvAC3Enc.dll L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\ADSPlugin\TargetMain\All\ADSCirrusUSB2.dll L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\ADSPlugin\TargetMain\English\ADSCirrusUSB2RC.dll L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\DX\DivX_ul.dll L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\DX\TargetMain\DivX_ul.dll L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\M4\ComFileMain\All\MPEG\uladamr.ax L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\M4\ComFileMain\All\MPEG\uladmp4.ax L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\M4\ComFileMain\All\MPEG\ulaemp4.ax L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\M4\ComFileMain\All\MPEG\ulaspvdmp4.ax L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\M4\ComFileMain\All\MPEG\uleamp3.ax L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\M4\ComFileMain\All\MPEG\ulmp4enc.ax L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\M4\ComFileMain\All\MPEG\ulmxmp4.ax L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\M4\ComFileMain\All\MPEG\ulspmp4.ax L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\M4\ComFileMain\All\MPEG\ulvdmp4.ax L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\M4\ComFileMain\All\MPEG\ulvemp4.ax L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\M4\file_3g2.reg L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\M4\file_3gp.reg L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\M4\file_m4a.reg L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\M4\file_mp4.reg L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\M4\TargetMain\All\MP4Set.ini L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\M4\TargetMain\All\ul263enc.dll L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\M4\TargetMain\All\ulaacdec.dll L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\M4\TargetMain\All\ulaacenc.dll L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\M4\TargetMain\All\ulamrdec.dll L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\M4\TargetMain\All\ulamrenc.dll L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\M4\TargetMain\All\ulaspdec.dll L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\M4\TargetMain\All\ulaspenc.dll L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\M4\TargetMain\All\ulmp3enc.dll L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\M4\TargetMain\All\ulmp4lib.dll L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\M4\TargetMain\All\ulspdec.dll L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\Option\M4\TargetMain\All\ulspenc.dll L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\SuppressAutoRun.dll L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\Setup\U32INST.dll L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\setup.exe L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\setup.ini L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\SmartSound\Full Spectrum 22k.exe L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\SmartSound\Quicktracks.exe L'objet est verrouillé ignoré

C:\RECYCLER\S-1-5-21-2840067212-4047210102-739398192-1006\Dc571\Disk1\ulAR.cfg L'objet est verrouillé ignoré

C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1100\change.log L'objet est verrouillé ignoré

C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré

C:\WINDOWS\pfirewall.log L'objet est verrouillé ignoré

C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré

C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\drivers\atapi.sys L'objet est verrouillé ignoré

C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré

C:\WINDOWS\system32\lsprst7.tgz L'objet est verrouillé ignoré

C:\WINDOWS\system32\ssprs.tgz L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré

C:\WINDOWS\Temp\hlktmp L'objet est verrouillé ignoré

C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré

C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré

C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

M:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré

Analyse terminée.

--------------------

Fichier supprimé.
Antivir-Guard est activé (parapluie ouvert).
Qu'entends-tu par marcher normalement ?

Ce sera pour ce soir... Bonne journée. :-)

Alors voilà le rapport de ComboFix :
-----------------
ComboFix 08-04-12.7 - Admin 2008-04-14 20:21:37.4 - NTFSx86 MINIMAL

Endroit: C:\Documents and Settings\Admin\Bureau\Combo--Fix.exe
.
TimedOut: progfile.dat

((((((((((((((((((((((((((((( Fichiers créés 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))))))))
.

2008-04-12 14:11 . 2008-04-12 14:11 125,016 --a------ C:\Documents and Settings\Admin\Application Data\GDIPFONTCACHEV1.DAT
2008-04-12 09:16 . 2008-04-12 09:16 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-12 09:16 . 2008-04-12 09:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-12 09:16 . 2008-04-12 09:16 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Malwarebytes
2008-04-11 20:10 . 2008-04-11 20:10 <REP> d-------- C:\Program Files\Avira
2008-04-11 20:10 . 2008-04-11 20:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-10 18:22 . 2008-04-10 18:41 <REP> d-------- C:\ComboFix[1]
2008-04-08 18:51 . 2008-04-11 21:02 <REP> d-------- C:\Muestras
2008-04-06 15:30 . 2008-04-06 15:30 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-06 10:33 . 2008-04-06 10:33 <REP> d-------- C:\Program Files\Alwil Software
2008-04-05 15:05 . 2008-04-05 15:05 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Ulead Systems
2008-04-05 15:05 . 2008-04-05 15:05 <REP> d-------- C:\Documents and Settings\Admin\Application Data\DivX
2008-04-02 19:05 . 2008-04-02 19:05 <REP> d-------- C:\Documents and Settings\Admin\Application Data\AdobeUM
2008-03-29 18:59 . 2008-03-29 18:59 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Lavasoft
2008-03-29 17:48 . 2008-03-29 17:49 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-29 17:48 . 2008-03-29 17:49 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-29 17:48 . 2008-03-29 17:49 10,652 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-29 17:48 . 2008-03-29 17:49 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-26 19:56 . 2008-03-26 19:56 <REP> d-------- C:\Documents and Settings\Admin\Application Data\DonationCoder
2008-03-24 20:40 . 2008-03-24 20:40 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Apple Computer
2008-03-24 20:39 . 2008-04-12 10:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-24 20:39 . 2008-03-24 20:39 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-24 20:35 . 2008-04-05 18:28 284 --a------ C:\Documents and Settings\Admin\Application Data\ViewerApp.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 07:15 --------- d-----w C:\Program Files\Common Files
2008-03-31 17:12 --------- d-----w C:\Program Files\RegistryFix
2008-03-29 16:45 40,730 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe
2008-03-29 15:49 --------- d-----w C:\Program Files\Symantec
2008-03-29 15:49 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-03-24 13:13 --------- d-----w C:\Program Files\eMule
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-17 19:55 125,016 ------w C:\Documents and Settings\Eric\Application Data\GDIPFONTCACHEV1.DAT
2008-03-11 17:50 --------- d-----w C:\Program Files\URLSnooper2
2008-03-11 17:37 --------- d-----w C:\Program Files\WinPcap
2008-03-11 17:37 --------- d-----w C:\Documents and Settings\Eric\Application Data\DonationCoder
2008-03-11 17:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\DonationCoder
2008-03-02 12:57 --------- d-----w C:\Program Files\eSnips
2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-25 20:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
2008-02-25 20:34 --------- d-----w C:\Program Files\GRETECH
2008-02-25 20:34 --------- d-----w C:\Documents and Settings\Eric\Application Data\GRETECH
2008-02-25 17:07 560 ------w C:\Documents and Settings\Eric\Application Data\ViewerApp.dat
2008-02-23 10:51 --------- d-----w C:\Program Files\Open Cellar
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-01-27 21:41 893,459 ----a-w C:\pluridisciplinarite.zip
2007-12-03 18:13 112,560 ----a-w C:\Documents and Settings\Corinne\Application Data\GDIPFONTCACHEV1.DAT
2006-11-23 18:45 106,080 ----a-w C:\Documents and Settings\Julie\Application Data\GDIPFONTCACHEV1.DAT
2004-08-19 15:09 65,024 --sha-w C:\WINDOWS\system32\asycfilt.dll
2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll
2004-08-19 15:09 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2004-08-05 12:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll
2004-08-19 15:09 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2004-08-19 15:09 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2004-08-05 12:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll
2007-12-04 18:41 550,912 --sha-w C:\WINDOWS\system32\oleaut32.dll
2004-08-19 15:09 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll
2004-08-19 15:09 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll
.

------- Sigcheck -------

Cryptography Services Error !!
.
((((((((((((((((((((((((((((( snapshot_2008-04-13_15.27.24.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-13 13:12:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 18:19:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-13 13:22:11 98,932 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-14 18:14:46 98,932 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-13 13:22:11 115,578 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-04-14 18:14:46 115,578 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-04-13 13:22:11 487,508 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-14 18:14:46 487,508 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-04-13 13:22:11 559,342 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-04-14 18:14:46 559,342 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zzzHPSETUP"="D:\Setup.exe" [ ]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-10-25 19:20 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"SoundMan"="SOUNDMAN.EXE" [2004-09-10 18:29 77824 C:\WINDOWS\SoundMan.exe]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-10-08 03:14 81920]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00 208952]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 17:46 172032]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 19:55 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 09:38 241664]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 21:10 339968]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-15 11:20 2557952 C:\WINDOWS\ALCWZRD.EXE]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-08-01 01:14 684032]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"PRISMSVR.EXE"="C:\Program Files\Wifi\PRISMSVR.exe" [2005-06-20 15:05 295001]
"Pinnacle WebUpdater"="C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" [2007-07-18 14:54 351304]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-11 20:21 249896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-25 20:06 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 17:09 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2007-05-01 11:23 454144 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
--------- 2007-07-04 13:52 253000 C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-01-25 20:06 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\AOL 9.0\\aol.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\iView MediaPro3\\IVIEW_MP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Xi\\NetXfer 2.48\\NetTransport.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=


.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-14 15:11:47 C:\WINDOWS\Tasks\Documents partagés.job"
- C:\Program Files\Astase\UltraBackup\4.0\usr\Copies\Documents partagés.UB4
"2008-04-14 15:11:47 C:\WINDOWS\Tasks\Sauvegarde Corinne.job"
- C:\Program Files\Astase\UltraBackup\4.0\usr\Copies\Sauvegarde Corinne.UB4
"2008-03-10 17:14:46 C:\WINDOWS\Tasks\Sauvegarde Eric II - Ponctuelle.job"
- C:\Program Files\Astase\UltraBackup\4.0\usr\Copies\Sauvegarde Eric II.UB4
"2008-04-10 16:08:51 C:\WINDOWS\Tasks\Sauvegarde Eric II.job"
- C:\Program Files\Astase\UltraBackup\4.0\usr\Copies\Sauvegarde Eric II.UB4
"2008-04-14 01:00:46 C:\WINDOWS\Tasks\Sauvegarde Julie.job"
- C:\Program Files\Astase\UltraBackup\4.0\usr\Copies\Sauvegarde Julie.UB4
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 20:26:35
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MysqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime"
.
Temps d'accomplissement: 2008-04-14 20:28:59
ComboFix-quarantined-files.txt 2008-04-14 18:28:39
ComboFix2.txt 2008-04-14 17:41:38
Pre-Run: 27,994,279,936 octets libres
Post-Run: 28,008,812,544 octets libres
.
2008-04-11 21:09:41 --- E O F ---
-----------------

Ben il en reste 2 (apparus au moment de l'infection) :

1) L'utilitaire Windows d'ajout / suppression de programmes met 15 mn pour afficher la liste des programmes installés sur le PC (mais au bout du compte il l'affiche)

2) L'utilitaire de restauration système affiche une fenêtre toute blanche (même 15 mn après)

Une idée ?

1) Je vais essayer ça ce soir, mais j'avais déjà lancé ZebRestore dimanche matin pratiquement dans la même config ...? Dois le lancer sur tous les comptes du PC (j'en ai 5) ?

2) Un scan d'antivir cette nuit m'a trouvé une / des bestioles dans combofix ! Pourtant je n'ai plus aucun fichier douteux / crack en ligne.
-> Deux ou trois fichiers infectés, tous apparemment dans le documents & settings du compte que j'ai utilisé pour mes manips de désinfection, apparemment pas bagle, tous mis en quarantaine...
Le pb, c'est qu'Antivir ne nettoie pas automatiquement, il attend donc que tu choisisse à la main ce que tu veux faire, fichier par fichier, et en attendant, le scan est en pause. Existe-t-il une option quelque part qui puisse régler ça (je n'ai rien vu) ?
Le scan continue actuellement ; c'est pourquoi je ne suis pas en mesure de poster le rapport...

3) Que conseilles-tu pour établir une surveillance courante de bon aloi au niveau des virus et malwares ? Bon j'imagine bien un scan Antivir complet au moins une fois par semaine, mais préconises-tu aussi des choses à faire régulièrement au niveau MBAM, Combofix, et autres anti malwares recommandés par toi ? Si oui, est-il possible de lancer ces manips automatiquement / régulièrement ?

Voici le rapport du scan :
----------------


AntiVir PersonalEdition Classic
Report file date: mardi 15 avril 2008 00:00

Scanning for 1198942 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: SN402927450003

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 18:21:57
ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 18:21:57
ANTIVIR3.VDF : 7.0.3.158 61952 Bytes 11/04/2008 18:21:57
AVEWIN32.DLL : 7.6.0.85 3461632 Bytes 11/04/2008 18:21:58
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 11/04/2008 18:21:58
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: N:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Deviating risk categories........: +APPL,+PCK,+SPR,

Start of the scan: mardi 15 avril 2008 00:00

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'logon.scr' - '1' Module(s) have been scanned
Scan process 'logonui.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'NB11GUTI.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'AOSD.EXE' - '1' Module(s) have been scanned
Scan process 'PRISMSVR.exe' - '1' Module(s) have been scanned
Scan process 'ABOARD.EXE' - '1' Module(s) have been scanned
Scan process 'Directcd.exe' - '1' Module(s) have been scanned
Scan process 'ALCWZRD.EXE' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'hpcmpmgr.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'hpztsb10.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'SoundMan.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0083
Master boot sector HD1
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD2
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD3
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD4
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD5
[NOTE] No virus was found!
Master boot sector HD6
[NOTE] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'M:\'
[NOTE] No virus was found!
Boot sector 'N:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '36' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\ComboFix[1]\psexec.cfexe
[DETECTION] Contains detection pattern of the application APPL/Rmadmin.131072
[INFO] The file was moved to '48693651.qua'!
C:\ComboFix[1]\pv.cfexe
[DETECTION] Contains detection pattern of the SPR/Tool.PV program
[INFO] The file was moved to '4832365c.qua'!
C:\Documents and Settings\Admin\Bureau\Combo--Fix.exe
[0] Archive type: RAR SFX (self extracting)
--> 327882R2FWJFW\nircmd.cfexe
[DETECTION] Contains detection pattern of the application APPL/Tool.NirCmd.D
--> 327882R2FWJFW\psexec.cfexe
[DETECTION] Contains detection pattern of the application APPL/Rmadmin.131072
--> 327882R2FWJFW\pv.cfexe
[DETECTION] Contains detection pattern of the SPR/Tool.PV program
[INFO] The file was moved to '48713672.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1100\A0189758.exe
[0] Archive type: RAR SFX (self extracting)
--> 327882R2FWJFW\nircmd.cfexe
[DETECTION] Contains detection pattern of the application APPL/Tool.NirCmd.D
--> 327882R2FWJFW\psexec.cfexe
[DETECTION] Contains detection pattern of the application APPL/Rmadmin.131072
--> 327882R2FWJFW\pv.cfexe
[DETECTION] Contains detection pattern of the SPR/Tool.PV program
[INFO] The file was deleted!
C:\WINDOWS\system32\drivers\atapi.sys
[WARNING] The file could not be opened!
Begin scan in 'M:\' <Extension 1>
M:\Sauvegardes\Documents partagés\ub.exe
[WARNING] The file could not be opened!
M:\Sauvegardes\Julie\ub.exe
[WARNING] The file could not be opened!
Begin scan in 'N:\' <EXTENSION 2>
N:\Sauvegardes\Eric\Eric\Local Settings\Temporary Internet Files\Content.IE5\92DJDBRQ\setup_fr[1].exe
[DETECTION] Contains detection pattern of the SPR/Fake.Syscontrol program
[INFO] The file was deleted!


End of the scan: mardi 15 avril 2008 19:01
Used time: 19:01:41 min

The scan has been done completely.

20182 Scanning directories
752248 Files were scanned
9 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
752239 Files not concerned
10433 Archives were scanned
4 Warnings
4 Notes
----------------

Je pense avoir trouvé la config d'antivir pour des actions automatiques lors du scan (mode expert -> Scan -> Action for Concerned file, et là je suis passé en auto bien sûr, mais aussi Copy to Quarantine before action, puis repair et enfin delete en cas d'échec du repair : est-ce c'est bon ?)

Les résultats de MBAM :
-------------------
Malwarebytes' Anti-Malware 1.11
Version de la base de données: 615

Type de recherche: Examen complet (C:\|M:\|N:\|)
Eléments examinés: 316970
Temps écoulé: 5 hour(s), 53 minute(s), 40 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\adslice.slice (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adslice.slice.1 (Adware.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
-------------------

Voici le rapport :
---------------
SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)

Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\Admin\Bureau\sys43991.exe
Running in: User mode
Date: 16/04/2008
Time: 18:30:14

Output limited to:
-Recent files

===================== RECENT FILES =====================

Showing files newer than 30 days

----- recent files in C:\
11/04/2008 21:02:43 (DIR) 0 byte 5 days old -- Muestras
13/04/2008 08:12:07 6032 byte 3 days old -- InfoSat.txt
13/04/2008 16:00:46 (DIR) 0 byte 3 days old -- Program Files
13/04/2008 17:31:55 (DIR) 0 byte 3 days old -- Config.Msi
14/04/2008 19:26:06 407243 byte 2 days old -- hpfr3840.log
14/04/2008 20:22:12 (DIR) 0 byte 2 days old -- QooBox
14/04/2008 20:29:00 12883 byte 2 days old -- ComboFix.txt
14/04/2008 20:29:02 (DIR) 0 byte 2 days old -- WINDOWS
15/04/2008 06:58:14 (DIR) 0 byte 1 days old -- ComboFix[1]
16/04/2008 06:59:59 (DIR)1073741824 byte 0 days old -- pagefile.sys

----- recent files in C:\WINDOWS\
24/03/2008 15:06:05 73728 byte 23 days old -- ALCFDRTM.VER
24/03/2008 15:15:53 4014294 byte 23 days old -- pfirewall.log.old
24/03/2008 20:39:52 1409 byte 23 days old -- QTFont.for
25/03/2008 19:27:17 385 byte 22 days old -- ODBC.INI
28/03/2008 20:03:30 1080 byte 19 days old -- AUTOLNCH.REG
06/04/2008 15:30:36 (DIR) 0 byte 10 days old -- Downloaded Program Files
11/04/2008 22:58:08 (DIR) 0 byte 5 days old -- $NtUninstallKB945553$
11/04/2008 22:58:17 21850 byte 5 days old -- KB945553.log
11/04/2008 23:01:07 (DIR) 0 byte 5 days old -- $NtUninstallKB948590$
11/04/2008 23:01:10 21377 byte 5 days old -- KB948590.log
11/04/2008 23:01:22 (DIR) 0 byte 5 days old -- ie7updates
11/04/2008 23:01:32 132783 byte 5 days old -- updspapi.log
11/04/2008 23:01:42 45096 byte 5 days old -- KB947864-IE7.log
11/04/2008 23:01:54 (DIR) 0 byte 5 days old -- $NtUninstallKB941693$
11/04/2008 23:01:56 1374 byte 5 days old -- imsins.BAK
11/04/2008 23:01:56 30295 byte 5 days old -- KB941693.log
11/04/2008 23:06:57 (DIR) 0 byte 5 days old -- WinSxS
11/04/2008 23:09:22 (DIR) 0 byte 5 days old -- $hf_mig$
11/04/2008 23:09:32 (DIR) 0 byte 5 days old -- $NtUninstallKB948881$
11/04/2008 23:09:39 186894 byte 5 days old -- setupapi.log
11/04/2008 23:09:39 1099744 byte 5 days old -- FaxSetup.log
11/04/2008 23:09:40 229017 byte 5 days old -- ntdtcsetup.log
11/04/2008 23:09:40 56283 byte 5 days old -- msgsocm.log
11/04/2008 23:09:40 433844 byte 5 days old -- tsoc.log
11/04/2008 23:09:40 61518 byte 5 days old -- ocmsn.log
11/04/2008 23:09:40 553258 byte 5 days old -- ocgen.log
11/04/2008 23:09:40 1374 byte 5 days old -- imsins.log
11/04/2008 23:09:40 174606 byte 5 days old -- iis6.log
11/04/2008 23:09:40 375819 byte 5 days old -- comsetup.log
11/04/2008 23:09:40 22171 byte 5 days old -- KB948881.log
11/04/2008 23:22:15 (DIR) 0 byte 5 days old -- assembly
11/04/2008 23:22:17 (DIR) 0 byte 5 days old -- Microsoft.NET
12/04/2008 08:50:53 116 byte 4 days old -- NeroDigital.ini
12/04/2008 10:42:09 54156 byte 4 days old -- QTFont.qfn
13/04/2008 15:07:11 (DIR) 0 byte 3 days old -- erdnt
13/04/2008 16:00:44 (DIR) 0 byte 3 days old -- Tasks
13/04/2008 16:00:45 (DIR) 0 byte 3 days old -- inf
13/04/2008 16:01:16 (DIR) 0 byte 3 days old -- Installer
14/04/2008 20:26:22 227 byte 2 days old -- system.ini
15/04/2008 20:47:08 32354 byte 1 days old -- SchedLgU.Txt
15/04/2008 20:48:48 2505216 byte 1 days old -- ntbtlog.txt
16/04/2008 07:00:16 2048 byte 0 days old -- bootstat.dat
16/04/2008 07:00:38 50 byte 0 days old -- wiaservc.log
16/04/2008 07:00:39 159 byte 0 days old -- wiadebug.log
16/04/2008 07:01:16 0 byte 0 days old -- 0.log
16/04/2008 07:02:00 1301375 byte 0 days old -- WindowsUpdate.log
16/04/2008 07:04:47 (DIR) 0 byte 0 days old -- system32
16/04/2008 18:28:22 (DIR) 0 byte 0 days old -- TEMP
16/04/2008 18:29:45 2952269 byte 0 days old -- pfirewall.log
16/04/2008 18:30:14 (DIR) 0 byte 0 days old -- Prefetch

----- recent files in C:\WINDOWS\Downloaded Program Files\
06/04/2008 13:16:46 2072 byte 10 days old -- vscanmsx.dat

----- recent files in C:\WINDOWS\system\

----- recent files in C:\WINDOWS\system32\
20/03/2008 10:09:22 1845376 byte 27 days old -- win32k.sys
26/03/2008 19:56:23 46 byte 21 days old -- DonationCoder_urlsnooper_InstallInfo.dat
29/03/2008 17:47:18 85 byte 18 days old -- LuResult.txt
29/03/2008 17:49:09 60808 byte 18 days old -- S32EVNT1.DLL
29/03/2008 18:45:57 40730 byte 18 days old -- superiorads-uninst.exe
06/04/2008 07:56:20 19836024 byte 10 days old -- MRT.exe
06/04/2008 15:30:35 (DIR) 0 byte 10 days old -- Kaspersky Lab
11/04/2008 23:01:54 (DIR) 0 byte 5 days old -- dllcache
11/04/2008 23:12:57 370488 byte 5 days old -- FNTCACHE.DAT
13/04/2008 09:04:15 3072 byte 3 days old -- CONFIG.NT
13/04/2008 15:09:40 (DIR) 0 byte 3 days old -- config
14/04/2008 14:08:08 (DIR) 0 byte 2 days old -- CatRoot2
14/04/2008 20:25:51 (DIR) 0 byte 2 days old -- drivers
16/04/2008 07:03:44 1158 byte 0 days old -- wpa.dbl
16/04/2008 07:04:46 1278760 byte 0 days old -- PerfStringBackup.INI
16/04/2008 07:04:47 115578 byte 0 days old -- perfc00C.dat
16/04/2008 07:04:47 98932 byte 0 days old -- perfc009.dat
16/04/2008 07:04:47 559342 byte 0 days old -- perfh00C.dat
16/04/2008 07:04:47 487508 byte 0 days old -- perfh009.dat

----- recent files in C:\WINDOWS\system32\drivers\
29/03/2008 17:49:09 806 byte 18 days old -- SYMEVENT.INF
29/03/2008 17:49:09 123952 byte 18 days old -- SYMEVENT.SYS
29/03/2008 17:49:09 10652 byte 18 days old -- SYMEVENT.CAT
11/04/2008 20:21:58 61632 byte 5 days old -- avipbb.sys
13/04/2008 15:20:52 (DIR) 0 byte 3 days old -- etc

----- recent files in C:\WINDOWS\temp\
14/04/2008 20:39:07 0 byte 2 days old -- Upd2.tmp
15/04/2008 19:14:46 0 byte 1 days old -- Upd1D.tmp
16/04/2008 07:00:37 0 byte 0 days old -- hlktmp
16/04/2008 07:03:46 409 byte 0 days old -- WGANotify.settings
16/04/2008 18:25:44 255 byte 0 days old -- WGAErrLog.txt
16/04/2008 18:28:22 (DIR) 0 byte 0 days old -- Cookies
16/04/2008 18:28:22 (DIR) 0 byte 0 days old -- History
16/04/2008 18:28:22 (DIR) 0 byte 0 days old -- Fichiers Internet temporaires

----- recent files in C:\Program Files\
24/03/2008 15:13:16 (DIR) 0 byte 23 days old -- eMule
29/03/2008 17:46:22 (DIR) 0 byte 18 days old -- Fichiers communs
29/03/2008 17:49:10 (DIR) 0 byte 18 days old -- Symantec
31/03/2008 19:12:48 (DIR) 0 byte 16 days old -- RegistryFix
04/04/2008 15:59:02 (DIR) 0 byte 12 days old -- Adobe
06/04/2008 10:33:02 (DIR) 0 byte 10 days old -- Alwil Software
11/04/2008 20:10:45 (DIR) 0 byte 5 days old -- Avira
11/04/2008 23:12:42 (DIR) 0 byte 5 days old -- Internet Explorer
12/04/2008 09:15:15 (DIR) 0 byte 4 days old -- Common Files
12/04/2008 09:16:05 (DIR) 0 byte 4 days old -- Malwarebytes' Anti-Malware
16/04/2008 10:02:33 (DIR) 0 byte 0 days old -- Mozilla Firefox

----- recent files in C:\Program Files\Fichiers communs\
29/03/2008 17:49:59 (DIR) 0 byte 18 days old -- Symantec Shared

----- recent files in C:\Documents and Settings\Admin\Application Data\
24/03/2008 20:40:11 (DIR) 0 byte 23 days old -- Apple Computer
24/03/2008 21:46:21 (DIR) 0 byte 23 days old -- Mozilla
26/03/2008 19:56:23 (DIR) 0 byte 21 days old -- DonationCoder
28/03/2008 22:50:14 (DIR) 0 byte 19 days old -- Real
29/03/2008 15:27:48 (DIR) 0 byte 18 days old -- Google
29/03/2008 18:59:17 (DIR) 0 byte 18 days old -- Lavasoft
02/04/2008 19:05:06 (DIR) 0 byte 14 days old -- AdobeUM
04/04/2008 16:09:01 (DIR) 0 byte 12 days old -- Microsoft
05/04/2008 15:05:10 (DIR) 0 byte 11 days old -- Ulead Systems
05/04/2008 15:05:14 (DIR) 0 byte 11 days old -- DivX
05/04/2008 18:28:57 284 byte 11 days old -- ViewerApp.dat
11/04/2008 20:54:08 (DIR) 0 byte 5 days old -- Adobe
12/04/2008 09:16:14 (DIR) 0 byte 4 days old -- Malwarebytes
12/04/2008 14:11:48 125016 byte 4 days old -- GDIPFONTCACHEV1.DAT

----- recent files in C:\DOCUME~1\Admin\LOCALS~1\Temp\
14/04/2008 20:46:43 (DIR) 0 byte 2 days old -- VBE
14/04/2008 20:46:44 (DIR) 0 byte 2 days old -- Excel8.0
16/04/2008 07:03:56 (DIR) 0 byte 0 days old -- WPDNSE
16/04/2008 07:04:11 147456 byte 0 days old -- ~DF449A.tmp
16/04/2008 07:04:35 359 byte 0 days old -- UpdateVersion.xml
16/04/2008 07:08:57 341 byte 0 days old -- jusched.log
16/04/2008 18:26:20 360448 byte 0 days old -- ~DF460F.tmp
16/04/2008 18:28:04 16384 byte 0 days old -- ~DF1CCD.tmp
16/04/2008 18:28:04 51 byte 0 days old -- systemscan.ini
16/04/2008 18:28:32 (DIR) 0 byte 0 days old -- nsa8.tmp

==========================================
Scan completed in 0,1 minutes
End of report


~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~
SystemScan uses some freeware tools that remain property of their authors:

* SteelWerX Registry Console Tool, Who Am I (Bobby Flekman: www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts "
* dumphive (Markus Stephany)--> "Registry scan"
* Listdlls (M.Russinovich, B.Cogswell: www.sysinternals.com) --> "Loaded modules"
* Catchme & MBR Rootkit detector (gmer: www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record"
---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log

Thanks to all of them for their hard work
---------------

Re,

Cela dit que c'est presque bon

Télécharge BTFix (Bibi26).
Dézippe l'archive sur ton Bureau.

• Ouvre le dossier BTFix.
• Double clique sur BTFix.exe.
• Clique sur Rechercher.
• Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.

Re,

• Ouvre à nouveau BTFix.
• Clique sur Nettoyer.
• Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
• Poste un nouveau rapport hijackthis.

Re,

Télécharge R-Hosts :
http://siri.urz.free.fr/Softs/RHosts.exe

Lance-le.
Clique sur Restaurer

*********************************************************

C’est OK, tu n’es plus infecté(e)

1) Télécharge ToolsCleaner sur ton bureau.
http://www.commentcamarche.net/tel [...] nions.php3

Ce programme va te faire désinstaller tous les outils que je t’ai faits utiliser.

• Clique sur Recherche et laisse le scan agir ...
• Clique sur Suppression pour finaliser.
• Tu peux, si tu le souhaites, te servir des Options facultatives.
• Clique sur Quitter pour obtenir le rapport.
• Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

2) Télécharge et installe Ccleaner :
http://www.01net.com/telecharger/w [...] 32599.html

• Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Clique sur l'onglet "Nettoyeur" puis sur "Lancer le Nettoyage".
• Ensuite clique sur l'onglet Registre, clique sur "Chercher des erreurs" puis sur "Réparer les erreurs sélectionnées". Il est inutile de faire des sauvegardes des clés. Répète l'opération autant de fois qu'il le faut jusqu'à qu'il ne trouve plus d'erreurs.
• Tutorial ici : http://www.infos-du-net.com/forum/ [...] nstruction

3)

• Désactive ta restauration systeme

• Réactive ta restauration systeme

• Tutorial ici : http://www.infos-du-net.com/forum/ [...] on-systeme

********************************************************************************

Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer"
* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"

Ce serait sympa de rapporter ton infection sur > Malware-Complaints < pour faire condamner ses auteurs

- Règles du forum <- ici
- Poster un message <- ici ( par Malekal )

Pour t'enregistrer clique sur le bouton register ( en haut )
Si tu as plus de 13 ans choisis " I Agree to these terms and am over or exactly 13 years of age "
Si tu as moins de 13 ans choisis " I Agree to these terms and am under 13 years of age "

Tu auras une liste par type d'infection
Si ton infection n'est pas dans la liste crée un message dans Autres infections

a+ et bon surf


Quelques liens intéressants :

http://mickael.barroux.free.fr/securite/
http://www.malekal.com/
http://www.infos-du-net.com/forum/ [...] protection

Re,

[Warning] = rien à signaler

Pour ton histoire de restauration c'est normal vu que je te les ai faits nettoyer.

Tu n'as qu'à me poster un scan hijackthis de chaque session, pour dernière vérification.