Virus Bagle ? Enfin je pense...

Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

AIDE : Tuto en images sur MBAM

Merci bien, voilà le rapport :


Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1398
Windows 5.1.2600 Service Pack 2

14/11/2008 19:15:48
mbam-log-2008-11-14 (19-15-48).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 71609
Temps écoulé: 31 minute(s), 47 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\cmdow.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.

Refais un scan Combofix.

Re,

Voilà, désolé pour le temps d'attente mais je n'avais pas accès au PC, bon maintenant je ne peux plus ouvrir de page internet (avec iexplorer....)

Voici le rapport  

ComboFix 08-11-19.08 - rv 2008-11-20 18:35:02.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.47 [GMT 1:00]
Lancé depuis: G:\killbaggle.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\srosa2.sys

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s


((((((((((((((((((((((((((((( Fichiers créés du 2008-10-20 au 2008-11-20 ))))))))))))))))))))))))))))))))))))
.

2008-11-19 20:27 . 2008-11-19 20:27 69 --a------ c:\windows\NeroDigital.ini
2008-11-19 20:23 . 2008-11-19 20:23 <REP> d--h----- c:\windows\msdownld.tmp
2008-11-19 20:23 . 2008-11-19 20:23 759 --a------ c:\windows\system32\spupdsvc.inf
2008-11-19 20:10 . 2008-09-19 22:57 120,056 --------- c:\windows\system32\pxcpyi64.exe
2008-11-19 20:10 . 2008-09-19 22:57 118,520 --------- c:\windows\system32\pxinsi64.exe
2008-11-19 20:09 . 2008-11-19 20:11 <REP> d-------- c:\program files\DivX
2008-11-19 19:45 . 2008-11-19 19:45 <REP> d-------- c:\windows\E31C348B63A94CBF8D7FD932ABB63244.TMP
2008-11-19 19:45 . 2008-11-19 19:45 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-19 14:52 . 2008-11-19 14:52 <REP> d-------- c:\windows\system32\fr-fr
2008-11-19 14:41 . 2008-11-19 20:09 <REP> d-------- c:\documents and settings\rv\Application Data\DivX
2008-11-19 12:59 . 2008-11-19 12:59 <REP> d-------- c:\documents and settings\rv\Application Data\Ahead
2008-11-18 14:53 . 2008-11-18 14:53 <REP> d-------- c:\program files\SlySoft
2008-11-18 14:47 . 2008-11-18 14:47 223,128 --a------ c:\windows\system32\drivers\vaxscsi.sys
2008-11-18 14:46 . 2008-11-18 14:48 <REP> d-------- c:\program files\Alcohol Soft
2008-11-18 14:43 . 2008-11-18 14:43 642,560 --a------ c:\windows\system32\drivers\sptd.sys
2008-11-18 14:43 . 2008-11-18 14:43 96,384 --a------ c:\windows\system32\drivers\sptd1389.sys
2008-11-17 17:56 . 2008-11-17 17:56 <REP> d-------- c:\program files\MSXML 4.0
2008-11-16 14:15 . 2008-11-17 16:08 <REP> d-------- c:\program files\adslTV
2008-11-16 14:00 . 2008-11-16 14:00 <REP> d-------- c:\documents and settings\rv\Application Data\Todae
2008-11-16 13:52 . 2008-11-16 13:52 <REP> d-------- c:\program files\Winamp Toolbar
2008-11-16 13:52 . 2008-11-16 13:52 <REP> d-------- c:\program files\Winamp Remote
2008-11-16 13:52 . 2008-11-16 13:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Winamp Toolbar
2008-11-16 13:52 . 2008-11-17 10:58 <REP> d-------- c:\documents and settings\All Users\Application Data\OrbNetworks
2008-11-16 13:50 . 2008-11-16 13:53 <REP> d-------- c:\program files\Winamp
2008-11-16 13:50 . 2008-11-16 13:56 <REP> d-------- c:\documents and settings\rv\Application Data\Winamp
2008-11-16 10:03 . 2008-11-16 10:11 <REP> d-------- c:\documents and settings\rv\Application Data\dvdcss
2008-11-15 20:14 . 2008-11-15 20:14 <REP> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
2008-11-15 20:14 . 2008-11-15 20:16 4,212 ---h----- c:\windows\system32\zllictbl.dat
2008-11-15 20:13 . 2008-11-15 20:13 75,932 --a------ c:\windows\system32\drivers\klick.dat
2008-11-15 20:13 . 2008-11-15 20:13 74,396 --a------ c:\windows\system32\drivers\klin.dat
2008-11-15 20:13 . 2008-11-15 20:45 67,616 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-15 20:13 . 2007-06-21 21:55 54,672 --a------ c:\windows\system32\vsutil_loc040c.dll
2008-11-15 20:13 . 2007-06-21 21:55 42,384 --a------ c:\windows\zllsputility_loc040c.dll
2008-11-15 20:13 . 2007-06-21 21:55 21,904 --a------ c:\windows\system32\imsinstall_loc040c.dll
2008-11-15 20:13 . 2007-06-21 21:55 17,808 --a------ c:\windows\system32\imslsp_install_loc040c.dll
2008-11-15 20:13 . 2004-04-27 04:40 11,264 --a------ c:\windows\system32\SpOrder.dll
2008-11-15 20:13 . 2008-11-15 20:45 1,868 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-15 20:12 . 2008-11-15 20:50 <REP> d-------- c:\windows\system32\ZoneLabs
2008-11-15 20:12 . 2008-11-15 20:12 <REP> d-------- c:\program files\Zone Labs
2008-11-15 20:12 . 2007-05-31 00:03 110,360 --a------ c:\windows\system32\drivers\kl1.sys
2008-11-15 20:11 . 2008-11-15 20:51 <REP> d-------- c:\windows\Internet Logs
2008-11-15 16:47 . 2008-11-19 19:45 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-15 16:00 . 2008-11-15 16:04 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-11-15 16:00 . 2008-11-15 18:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-15 13:48 . 2008-11-15 13:48 <REP> d-------- c:\program files\splus
2008-11-15 13:48 . 2005-10-17 18:13 447,488 --a------ c:\windows\system32\splus.cpl
2008-11-15 11:51 . 2008-11-15 11:51 <REP> d-------- C:\fsaua.data
2008-11-15 10:53 . 2008-11-15 15:30 <REP> d-------- c:\windows\system32\CatRoot_bak
2008-11-14 18:27 . 2008-11-14 18:27 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-14 18:27 . 2008-11-14 18:27 <REP> d-------- c:\documents and settings\rv\Application Data\Malwarebytes
2008-11-14 18:27 . 2008-11-14 18:27 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-14 18:27 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-14 18:27 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-14 13:09 . 2008-11-14 13:09 <REP> d-------- c:\windows\report
2008-11-14 13:09 . 2008-11-14 13:09 <REP> d-------- c:\windows\AU_Backup
2008-11-14 13:09 . 2008-11-14 13:09 20,938,757 --a------ c:\windows\VPTNFILE.653
2008-11-14 13:09 . 2008-11-14 13:09 20,938,757 --a------ c:\windows\LPT$VPN.653
2008-11-14 13:09 . 2008-11-14 13:09 1,961,645 --a------ c:\windows\tsc.ptn
2008-11-14 13:09 . 2008-11-14 13:09 1,213,784 --a------ c:\windows\vsapi32.dll
2008-11-14 13:09 . 2008-11-14 13:09 348,229 --a------ c:\windows\tsc.exe
2008-11-14 13:09 . 2008-11-14 13:09 91,744 --a------ c:\windows\BPMNT.dll
2008-11-14 13:09 . 2008-11-14 13:09 71,749 --a------ c:\windows\hcextoutput.dll
2008-11-14 13:09 . 2008-11-14 17:15 803 --a------ c:\windows\tsc.ini
2008-11-14 13:08 . 2008-11-14 13:09 <REP> d-------- c:\windows\AU_Temp
2008-11-14 13:08 . 2008-11-14 13:08 <REP> d-------- c:\windows\AU_Log
2008-11-14 13:08 . 2008-11-14 13:08 507,904 --a------ c:\windows\TMUPDATE.DLL
2008-11-14 13:08 . 2008-11-14 13:08 286,720 --a------ c:\windows\PATCH.EXE
2008-11-14 13:08 . 2008-11-14 13:08 69,689 --a------ c:\windows\UNZIP.DLL
2008-11-14 13:08 . 2008-11-14 13:08 170 --a------ c:\windows\GetServer.ini
2008-11-14 12:47 . 2008-11-14 12:54 <REP> d-------- c:\windows\avxoscan
2008-11-14 11:49 . 1996-08-20 20:37 15,840 --a------ c:\windows\system32\Machnm1.exe
2008-11-14 11:49 . 2005-09-25 16:37 5,632 --a------ c:\windows\system32\Machnm64.sys
2008-11-14 11:49 . 2008-11-14 11:49 3,120 --a------ c:\windows\system32\118290.54
2008-11-14 11:49 . 2008-11-14 11:49 3,120 --a------ c:\windows\118294.78
2008-11-14 11:49 . 2003-08-13 00:27 2,304 --a------ c:\windows\system32\Machnm32.sys
2008-11-14 10:47 . 2008-11-14 10:47 <REP> d-------- c:\windows\Sun
2008-11-13 21:36 . 2008-11-13 21:35 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-13 21:36 . 2008-11-13 21:35 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-13 21:28 . 2008-11-14 10:47 <REP> d-------- c:\program files\Java
2008-11-13 21:27 . 2008-11-13 21:27 <REP> d-------- c:\program files\Fichiers communs\Java
2008-11-13 21:07 . 2008-11-14 10:47 <REP> d-------- c:\windows\BDOSCAN8
2008-11-13 19:15 . 2008-11-20 12:46 <REP> d-------- c:\program files\eMule
2008-11-13 19:05 . 2008-11-13 19:57 <REP> d-------- c:\documents and settings\rv\Contacts
2008-11-13 19:03 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-11-13 19:01 . 2008-11-13 19:01 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-11-13 19:00 . 2008-11-13 19:00 <REP> d-------- c:\program files\Windows Live Favorites
2008-11-13 18:59 . 2008-11-13 19:00 <REP> d-------- c:\program files\Windows Live Toolbar
2008-11-13 18:56 . 2008-11-13 18:56 <REP> d----c--- c:\windows\system32\DRVSTORE
2008-11-13 18:48 . 2008-11-13 19:02 <REP> d-------- c:\program files\Windows Live
2008-11-13 18:48 . 2008-11-13 18:57 <REP> d--hsc--- c:\program files\Fichiers communs\WindowsLiveInstaller
2008-11-13 18:48 . 2008-11-13 18:48 <REP> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-13 18:18 . 2008-11-13 18:18 <REP> d-------- c:\documents and settings\rv\Application Data\Yahoo!
2008-11-13 18:18 . 2008-11-13 19:04 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-11-13 18:14 . 2008-11-13 18:43 <REP> d-------- c:\program files\Yahoo!
2008-11-13 18:14 . 2008-11-13 18:43 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-13 18:11 . 2008-11-13 18:21 <REP> d-------- c:\program files\Google
2008-11-13 18:11 . 2008-11-19 20:01 <REP> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2008-11-13 13:39 . 2008-07-18 22:07 270,880 --a------ c:\windows\system32\mucltui.dll
2008-11-13 13:39 . 2008-07-18 22:07 29,728 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-13 13:33 . 2008-11-13 13:33 <REP> d-------- c:\program files\MSBuild
2008-11-13 13:33 . 2008-11-13 13:33 <REP> d-------- c:\program files\Microsoft Works
2008-11-13 13:32 . 2008-11-13 13:32 <REP> d-------- c:\program files\Microsoft.NET
2008-11-13 13:29 . 2008-11-13 13:33 <REP> d-------- c:\windows\SHELLNEW
2008-11-13 13:29 . 2008-11-13 13:29 <REP> d-------- c:\program files\Microsoft Visual Studio 8
2008-11-13 13:28 . 2008-11-14 20:11 <REP> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-13 13:27 . 2008-11-13 13:27 <REP> dr-h----- C:\MSOCache
2008-11-13 13:18 . 2008-11-13 13:18 <REP> d-------- c:\program files\ArcSoft
2008-11-13 13:18 . 2008-11-13 13:18 <REP> d-------- C:\My Documents
2008-11-13 13:18 . 1999-05-26 09:46 212,480 --a------ c:\windows\system32\pcdlib32.dll
2008-11-13 13:18 . 1996-07-01 00:00 77,312 --a------ c:\windows\system32\TWAIN_32.DLL
2008-11-13 13:18 . 2008-11-13 13:18 1,325 --a------ c:\windows\photoimpression.ini
2008-11-13 13:13 . 2008-11-13 13:17 <REP> d-------- c:\program files\EPSON
2008-11-13 13:13 . 1998-11-13 13:16 308,224 --a------ c:\windows\IsUn040c.exe
2008-11-13 13:13 . 1999-06-15 11:31 96,768 --a------ c:\windows\SlantAdj.dll
2008-11-13 13:13 . 1999-12-07 02:03 73,216 --a------ c:\windows\ADE.DLL
2008-11-13 13:13 . 1999-04-27 00:17 3,136 --a------ c:\windows\Ade001.bin
2008-11-13 13:13 . 2001-03-18 15:16 1,571 --a------ c:\windows\Faxcpp1.ini
2008-11-13 13:13 . 2001-03-18 15:16 422 --a------ c:\windows\Faxcpp.ini
2008-11-13 13:13 . 1999-08-09 23:50 72 --a------ c:\windows\system32\epDPE.ini
2008-11-13 13:12 . 2008-11-14 11:48 <REP> d--h----- c:\program files\InstallShield Installation Information
2008-11-13 13:12 . 2008-11-14 12:39 <REP> d-------- c:\program files\Fichiers communs\InstallShield
2008-11-13 13:09 . 2008-11-13 13:09 <REP> d-------- c:\program files\Canon
2008-11-13 13:07 . 2004-08-03 22:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-11-13 13:06 . 2008-11-13 13:06 <REP> d--h----- c:\documents and settings\All Users\Application Data\CanonBJ
2008-11-13 13:06 . 2006-07-10 19:00 139,776 --a------ c:\windows\system32\CNMLM74.DLL

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-14 16:23 --------- d-----w c:\program files\UberIcon
2008-11-12 21:50 --------- d-----w c:\program files\JDoe Tools
2008-11-12 20:47 --------- d-----w c:\program files\microsoft frontpage
2008-11-12 20:45 --------- d-----w c:\program files\Real Alternative
2008-11-12 20:45 --------- d-----w c:\program files\Fichiers communs\Ahead
2008-11-12 20:45 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-12 20:44 --------- d-----w c:\program files\QuickTime Alternative
2008-11-12 20:44 --------- d-----w c:\program files\Media Player Classic
2008-11-12 20:42 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-12 20:40 --------- d-----w c:\program files\Services en ligne
2008-10-24 11:25 455,936 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2007-09-26 17:31 2,532,922 ----a-w c:\windows\inf\SET6B.tmp
.

((((((((((((((((((((((((((((( snapshot@2008-11-14_17.25.20.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-13 12:32:55 248,632 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2008-11-14 19:08:10 250,928 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2008-02-27 14:59:28 290,816 ----a-w c:\windows\Downloaded Program Files\auc_lib.dll
+ 2008-02-27 14:59:28 495,616 ----a-w c:\windows\Downloaded Program Files\daas_s.dll
+ 2008-02-27 15:00:12 262,144 ----a-w c:\windows\Downloaded Program Files\fscax.dll
+ 2008-02-27 14:59:16 588,392 ----a-w c:\windows\Downloaded Program Files\gatelauncher.exe
+ 2008-11-18 13:54:12 37,376 ----a-w c:\windows\E31C348B63A94CBF8D7FD932ABB63244.TMP\WiseCustCall64.dll
+ 2008-11-18 13:54:12 22,195 ----a-w c:\windows\E31C348B63A94CBF8D7FD932ABB63244.TMP\WiseCustomCall.dll
+ 2008-11-18 13:54:12 73,728 ----a-w c:\windows\E31C348B63A94CBF8D7FD932ABB63244.TMP\WiseCustomCalla.dll
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2004-08-03 23:54:22 61,440 -c----w c:\windows\ie7\admparse.dll
+ 2004-08-03 23:54:22 101,888 -c----w c:\windows\ie7\advpack.dll
+ 2004-08-03 23:54:24 35,328 -c----w c:\windows\ie7\corpol.dll
+ 2008-08-20 05:33:45 357,888 -c----w c:\windows\ie7\dxtmsft.dll
+ 2008-08-20 05:33:45 205,312 -c----w c:\windows\ie7\dxtrans.dll
+ 2008-08-20 05:33:45 55,808 -c----w c:\windows\ie7\extmgr.dll
+ 2004-08-03 23:54:28 38,912 -c----w c:\windows\ie7\hmmapi.dll
+ 2004-08-03 23:54:52 34,304 -c----w c:\windows\ie7\ie4uinit.exe
+ 2004-08-03 23:54:28 139,264 -c----w c:\windows\ie7\ieakeng.dll
+ 2005-11-11 22:17:47 1,345,536 -c----w c:\windows\ie7\ieaksie.dll
+ 2001-08-28 12:00:00 245,760 -c----w c:\windows\ie7\ieakui.dll
+ 2004-08-03 23:54:28 323,584 -c----w c:\windows\ie7\iedkcs32.dll
+ 2008-08-19 09:38:57 18,432 -c----w c:\windows\ie7\iedw.exe
+ 2004-08-03 23:54:28 81,920 -c----w c:\windows\ie7\ieencode.dll
+ 2008-08-20 05:33:45 251,904 -c----w c:\windows\ie7\iepeers.dll
+ 2004-08-03 23:54:28 49,152 -c----w c:\windows\ie7\iernonce.dll
+ 2004-08-03 23:54:28 63,488 -c----w c:\windows\ie7\iesetup.dll
+ 2006-05-23 10:09:46 2,981,888 -c----w c:\windows\ie7\iexplore.exe
+ 2004-08-03 23:54:30 35,840 -c----w c:\windows\ie7\imgutil.dll
+ 2008-08-20 05:33:45 96,768 -c----w c:\windows\ie7\inseng.dll
+ 2007-12-18 14:41:58 450,560 -c----w c:\windows\ie7\jscript.dll
+ 2008-08-20 05:33:46 16,384 -c----w c:\windows\ie7\jsproxy.dll
+ 2004-08-03 23:54:30 22,528 -c----w c:\windows\ie7\licmgr10.dll
+ 2004-08-03 23:54:58 29,184 -c----w c:\windows\ie7\mshta.exe
+ 2008-08-20 05:33:48 3,088,384 -c----w c:\windows\ie7\mshtml.dll
+ 2008-08-20 05:33:46 449,024 -c----w c:\windows\ie7\mshtmled.dll
+ 2004-08-03 23:53:16 57,344 -c----w c:\windows\ie7\mshtmler.dll
+ 2001-08-28 12:00:00 146,432 -c----w c:\windows\ie7\msls31.dll
+ 2008-08-20 05:33:45 146,432 -c----w c:\windows\ie7\msrating.dll
+ 2008-08-20 05:33:45 532,480 -c----w c:\windows\ie7\mstime.dll
+ 2005-11-12 21:02:04 377,344 -c----w c:\windows\ie7\occache.dll
+ 2008-08-20 05:33:45 39,424 -c----w c:\windows\ie7\pngfilt.dll
+ 2007-09-26 17:34:42 33,472 -c----w c:\windows\ie7\spuninst\iecustom.dll
+ 2007-09-26 17:32:30 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 16:43:28 216,800 -c----w c:\windows\ie7\spuninst\spuninst.exe
+ 2006-09-06 16:43:30 394,976 -c----w c:\windows\ie7\spuninst\updspapi.dll
+ 2005-11-13 14:53:42 663,040 -c----w c:\windows\ie7\url.dll
+ 2008-08-20 05:33:47 621,056 -c----w c:\windows\ie7\urlmon.dll
+ 2007-12-18 14:41:59 417,792 -c----w c:\windows\ie7\vbscript.dll
+ 2006-04-09 12:35:50 848,896 -c----w c:\windows\ie7\vgx.dll
+ 2006-03-16 19:44:09 1,295,360 -c----w c:\windows\ie7\webcheck.dll
+ 2008-08-20 05:33:46 671,744 -c----w c:\windows\ie7\wininet.dll
+ 2006-10-27 14:16:36 133,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\CONTAB32.DLL
+ 2006-10-26 19:55:32 87,344 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\DLGSETP.DLL
+ 2006-10-27 14:07:36 17,891,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2006-10-26 19:55:48 340,248 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
+ 2006-10-27 14:04:08 497,504 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MORPH9.DLL
+ 2006-10-27 14:26:40 16,870,712 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSO.DLL
+ 2006-10-27 14:04:10 9,581,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2006-10-26 19:42:36 8,423,224 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-27 14:18:36 1,658,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-27 14:16:46 2,939,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
+ 2006-10-26 19:34:12 660,792 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
+ 2006-10-26 19:34:10 192,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OMSXP32.DLL
+ 2006-09-15 15:25:18 3,611,416 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2006-10-27 14:16:44 594,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
+ 2006-10-27 14:16:48 12,813,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
+ 2006-10-27 14:16:40 176,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLPH.DLL
+ 2006-10-27 14:04:06 465,200 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-27 14:04:06 7,980,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2008-11-13 12:32:55 248,632 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PPTPIA.DLL
+ 2006-10-26 19:09:36 136,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PRTF9.DLL
+ 2006-10-26 19:55:54 413,472 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
+ 2006-10-27 14:04:06 624,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PTXT9.DLL
+ 2006-10-26 19:09:44 590,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2006-10-26 19:55:44 263,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\SCNPST32.DLL
+ 2006-10-26 19:55:44 272,744 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\SCNPST64.DLL
+ 2006-10-27 14:23:04 347,432 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2006-10-27 14:11:38 4,235,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 14:11:36 21,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2006-10-27 14:23:08 17,483,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-26 20:13:08 14,674,216 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-26 20:17:08 11,072 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\XLCALL32.DLL
+ 2008-11-17 16:56:05 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-11-13 12:34:34 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-11-14 19:11:23 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2008-11-13 12:34:35 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-11-14 19:11:24 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-11-13 12:34:35 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-11-14 19:11:23 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2008-11-13 12:34:35 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2008-11-14 19:11:24 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2008-11-13 12:34:35 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-11-14 19:11:24 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-11-13 12:34:35 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-11-14 19:11:24 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-11-13 12:34:35 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-11-14 19:11:23 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2008-11-13 12:34:35 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-11-14 19:11:24 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2008-11-13 12:34:35 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-11-14 19:11:24 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2008-11-13 12:34:35 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-11-14 19:11:24 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-11-13 12:34:35 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-11-14 19:11:23 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-11-12 20:41:11 8,738 ----a-w c:\windows\pchealth\helpctr\Config\Cntstore.bin
+ 2008-11-14 17:31:16 8,972 ----a-w c:\windows\pchealth\helpctr\Config\Cntstore.bin
- 2008-11-12 20:41:08 86,331 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
+ 2008-11-14 17:39:20 86,331 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
- 2008-11-12 20:41:11 2,116 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2008-11-14 17:39:20 2,430 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
- 2004-08-03 23:54:22 61,440 ----a-w c:\windows\system32\admparse.dll
+ 2007-08-13 17:39:20 71,680 ----a-w c:\windows\system32\admparse.dll
- 2004-08-03 23:54:22 101,888 ----a-w c:\windows\system32\advpack.dll
+ 2007-08-13 17:39:00 123,904 ----a-w c:\windows\system32\advpack.dll
+ 2008-11-18 13:50:49 34,308 ----a-w c:\windows\system32\BASSMOD.dll
- 2007-07-30 18:19:20 92,504 ----a-w c:\windows\system32\cdm.dll
+ 2008-10-16 13:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
+ 1998-07-12 22:00:00 32,768 ----a-w c:\windows\system32\CMDLGFR.DLL
+ 2008-11-18 14:13:59 16,384 ----atw c:\windows\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_2cc.dat
+ 2008-11-20 17:40:15 16,384 ----atw c:\windows\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_564.dat
+ 2008-11-20 17:17:29 16,384 ----atw c:\windows\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_690.dat
- 2004-08-03 23:54:24 35,328 ----a-w c:\windows\system32\corpol.dll
+ 2007-08-13 17:42:54 17,408 ----a-w c:\windows\system32\corpol.dll
+ 2008-10-28 22:35:56 684,032 ----a-w c:\windows\system32\DivX.dll
+ 2008-10-28 22:36:00 823,296 ----a-w c:\windows\system32\divx_xx07.dll
+ 2008-10-28 22:35:58 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
+ 2008-10-28 22:36:00 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
+ 2008-10-28 22:35:58 802,816 ----a-w c:\windows\system32\divx_xx11.dll
+ 2008-09-25 08:03:18 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
+ 2008-09-25 08:03:44 524,288 ----a-w c:\windows\system32\DivXsm.exe
+ 2008-09-19 21:54:18 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
+ 2007-08-13 17:39:20 71,680 -c----w c:\windows\system32\dllcache\admparse.dll
+ 2007-08-13 17:39:00 123,904 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2007-08-13 17:42:54 17,408 -c----w c:\windows\system32\dllcache\corpol.dll
+ 2007-08-13 17:54:10 33,792 -c----w c:\windows\system32\dllcache\custsat.dll
- 2008-08-20 05:33:45 357,888 -c----w c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-08-13 17:35:46 346,624 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-20 05:33:45 205,312 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2007-08-13 17:35:38 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-20 05:33:45 55,808 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2007-08-13 17:54:10 131,584 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2007-08-13 17:18:02 60,416 -c----w c:\windows\system32\dllcache\hmmapi.dll
+ 2007-08-13 17:39:06 54,784 -c----w c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-13 17:39:26 152,064 -c----w c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-13 17:39:54 229,376 -c----w c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-13 16:56:54 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-13 17:39:50 382,976 -c----w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-08-19 09:38:57 18,432 -c----w c:\windows\system32\dllcache\iedw.exe
+ 2007-08-13 17:44:02 69,120 -c--a-w c:\windows\system32\dllcache\iedw.exe
+ 2007-08-13 17:45:18 78,336 -c----w c:\windows\system32\dllcache\ieencode.dll
- 2008-08-20 05:33:45 251,904 -c----w c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 17:54:10 191,488 -c--a-w c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 17:39:10 43,008 -c----w c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-13 17:39:12 55,296 -c----w c:\windows\system32\dllcache\iesetup.dll
+ 2007-08-13 17:43:56 622,080 -c----w c:\windows\system32\dllcache\iexplore.exe
+ 2007-08-13 17:36:06 36,352 -c----w c:\windows\system32\dllcache\imgutil.dll
- 2008-08-20 05:33:45 96,768 -c----w c:\windows\system32\dllcache\inseng.dll
+ 2007-08-13 17:39:02 92,672 -c--a-w c:\windows\system32\dllcache\inseng.dll
- 2007-12-18 14:41:58 450,560 -c----w c:\windows\system32\dllcache\jscript.dll
+ 2007-08-13 17:38:04 491,520 -c--a-w c:\windows\system32\dllcache\jscript.dll
- 2008-08-20 05:33:46 16,384 -c----w c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-13 17:54:10 27,136 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-13 17:44:18 40,960 -c----w c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-13 17:32:30 45,568 -c----w c:\windows\system32\dllcache\mshta.exe
- 2008-08-20 05:33:48 3,088,384 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2007-08-13 17:54:12 3,578,368 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-20 05:33:46 449,024 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2007-08-13 17:54:10 475,648 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2007-08-13 17:01:12 48,128 -c----w c:\windows\system32\dllcache\mshtmler.dll
+ 2007-08-13 17:54:10 156,160 -c----w c:\windows\system32\dllcache\msls31.dll
- 2008-08-20 05:33:45 146,432 -c----w c:\windows\system32\dllcache\msrating.dll
+ 2007-08-13 17:44:26 192,000 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2008-08-20 05:33:45 532,480 -c----w c:\windows\system32\dllcache\mstime.dll
+ 2007-08-13 17:54:10 670,720 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2007-08-13 17:44:06 101,376 -c----w c:\windows\system32\dllcache\occache.dll
- 2008-08-20 05:33:45 39,424 -c----w c:\windows\system32\dllcache\pngfilt.dll
+ 2007-08-13 17:36:12 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2007-08-13 17:44:30 105,984 -c----w c:\windows\system32\dllcache\url.dll
- 2008-08-20 05:33:47 621,056 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2007-08-13 17:54:10 1,162,240 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2007-12-18 14:41:59 417,792 -c----w c:\windows\system32\dllcache\vbscript.dll
+ 2007-08-13 17:54:10 413,696 -c--a-w c:\windows\system32\dllcache\vbscript.dll
+ 2007-08-13 17:54:10 765,952 -c----w c:\windows\system32\dllcache\VGX.dll
+ 2007-08-13 17:54:10 231,424 -c----w c:\windows\system32\dllcache\webcheck.dll
- 2008-08-20 05:33:46 671,744 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2007-08-13 17:54:10 818,688 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-09-25 08:03:38 81,920 ----a-w c:\windows\system32\dpl100.dll
+ 2008-09-25 08:03:30 294,912 ----a-w c:\windows\system32\dpu10.dll
+ 2008-09-25 08:03:30 294,912 ----a-w c:\windows\system32\dpu11.dll
+ 2008-09-25 08:03:34 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
+ 2008-09-25 08:03:32 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
+ 2008-09-25 08:03:32 344,064 ----a-w c:\windows\system32\dpus11.dll
+ 2008-09-25 08:03:32 57,344 ----a-w c:\windows\system32\dpv11.dll
+ 2008-11-12 16:51:35 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
+ 2008-11-12 16:53:27 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
+ 2008-11-12 16:54:19 94,032 ----a-w c:\windows\system32\drivers\aswmon2.sys
+ 2008-11-12 16:52:28 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
+ 2008-11-12 16:53:38 110,160 ----a-w c:\windows\system32\drivers\aswSP.sys
+ 2008-11-12 16:52:37 50,656 ----a-w c:\windows\system32\drivers\aswTdi.sys
+ 2007-03-07 23:51:00 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys
+ 2007-03-07 23:51:00 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys
+ 2005-05-03 15:34:02 27,392 ----a-w c:\windows\system32\drivers\ElbyCDFL.sys
+ 2005-04-21 11:40:36 10,624 ----a-w c:\windows\system32\drivers\ElbyCDIO.sys
+ 2007-05-30 23:03:50 119,576 ----a-w c:\windows\system32\drivers\klif.sys
+ 2007-03-07 23:51:00 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys
+ 2008-09-25 08:03:38 196,608 ----a-w c:\windows\system32\dtu100.dll
- 2008-08-20 05:33:45 357,888 ----a-w c:\windows\system32\dxtmsft.dll
+ 2007-08-13 17:35:46 346,624 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-20 05:33:45 205,312 ----a-w c:\windows\system32\dxtrans.dll
+ 2007-08-13 17:35:38 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2006-01-17 21:36:56 69,632 ----a-w c:\windows\system32\ElbyCDIO.dll
- 2008-08-20 05:33:45 55,808 ----a-w c:\windows\system32\extmgr.dll
+ 2007-08-13 17:54:10 131,584 ----a-w c:\windows\system32\extmgr.dll
+ 2007-08-13 17:36:26 61,952 ------w c:\windows\system32\icardie.dll
+ 2006-06-29 07:05:44 26,112 ------w c:\windows\system32\idndl.dll
- 2004-08-03 23:54:52 34,304 ----a-w c:\windows\system32\ie4uinit.exe
+ 2007-08-13 17:39:06 54,784 ----a-w c:\windows\system32\ie4uinit.exe
- 2004-08-03 23:54:28 139,264 ----a-w c:\windows\system32\ieakeng.dll
+ 2007-08-13 17:39:26 152,064 ----a-w c:\windows\system32\ieakeng.dll
- 2005-11-11 22:17:47 1,345,536 ----a-w c:\windows\system32\ieaksie.dll
+ 2007-08-13 17:39:54 229,376 ----a-w c:\windows\system32\ieaksie.dll
- 2001-08-28 12:00:00 245,760 ----a-w c:\windows\system32\ieakui.dll
+ 2007-08-13 16:56:54 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2007-02-12 15:10:12 2,451,312 ------w c:\windows\system32\ieapfltr.dat
+ 2007-07-11 11:27:48 383,488 ------w c:\windows\system32\ieapfltr.dll
- 2004-08-03 23:54:28 323,584 ----a-w c:\windows\system32\iedkcs32.dll
+ 2007-08-13 17:39:50 382,976 ----a-w c:\windows\system32\iedkcs32.dll
- 2004-08-03 23:54:28 81,920 ----a-w c:\windows\system32\ieencode.dll
+ 2007-08-13 17:45:18 78,336 ----a-w c:\windows\system32\ieencode.dll
+ 2007-08-13 17:54:10 6,049,280 ------w c:\windows\system32\ieframe.dll
- 2008-08-20 05:33:45 251,904 ----a-w c:\windows\system32\iepeers.dll
+ 2007-08-13 17:54:10 191,488 ----a-w c:\windows\system32\iepeers.dll
- 2004-08-03 23:54:28 49,152 ----a-w c:\windows\system32\iernonce.dll
+ 2007-08-13 17:39:10 43,008 ----a-w c:\windows\system32\iernonce.dll
+ 2007-08-13 17:34:04 266,752 ------w c:\windows\system32\iertutil.dll
- 2004-08-03 23:54:28 63,488 ----a-w c:\windows\system32\iesetup.dll
+ 2007-08-13 17:39:12 55,296 ----a-w c:\windows\system32\iesetup.dll
+ 2007-08-13 17:39:10 13,312 ----a-w c:\windows\system32\ieudinit.exe
+ 2007-08-13 17:54:10 180,736 ------w c:\windows\system32\ieui.dll
- 2004-08-03 23:54:30 35,840 ----a-w c:\windows\system32\imgutil.dll
+ 2007-08-13 17:36:06 36,352 ----a-w c:\windows\system32\imgutil.dll
+ 1998-07-12 22:00:00 15,360 ----a-w c:\windows\system32\INETFR.DLL
- 2008-08-20 05:33:45 96,768 ----a-w c:\windows\system32\inseng.dll
+ 2007-08-13 17:39:02 92,672 ----a-w c:\windows\system32\inseng.dll
- 2007-12-18 14:41:58 450,560 ----a-w c:\windows\system32\jscript.dll
+ 2007-08-13 17:38:04 491,520 ----a-w c:\windows\system32\jscript.dll
- 2008-08-20 05:33:46 16,384 ----a-w c:\windows\system32\jsproxy.dll
+ 2007-08-13 17:54:10 27,136 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-09-19 21:55:58 1,044,480 ----a-w c:\windows\system32\libdivx.dll
- 2004-08-03 23:54:30 22,528 ----a-w c:\windows\system32\licmgr10.dll
+ 2007-08-13 17:44:18 40,960 ----a-w c:\windows\system32\licmgr10.dll
+ 1998-07-12 22:00:00 59,904 ----a-w c:\windows\system32\MSCC2FR.DLL
+ 2007-08-13 17:54:10 458,752 ------w c:\windows\system32\msfeeds.dll
+ 2007-08-13 17:54:10 50,688 ------w c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 17:36:40 12,288 ------w c:\windows\system32\msfeedssync.exe
- 2004-08-03 23:54:58 29,184 ----a-w c:\windows\system32\mshta.exe
+ 2007-08-13 17:32:30 45,568 ----a-w c:\windows\system32\mshta.exe
- 2008-08-20 05:33:48 3,088,384 ----a-w c:\windows\system32\mshtml.dll
+ 2007-08-13 17:54:12 3,578,368 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-20 05:33:46 449,024 ----a-w c:\windows\system32\mshtmled.dll
+ 2007-08-13 17:54:10 475,648 ----a-w c:\windows\system32\mshtmled.dll
- 2004-08-03 23:53:16 57,344 ----a-w c:\windows\system32\mshtmler.dll
+ 2007-08-13 17:01:12 48,128 ----a-w c:\windows\system32\mshtmler.dll
- 2001-08-28 12:00:00 146,432 ----a-w c:\windows\system32\msls31.dll
+ 2007-08-13 17:54:10 156,160 ----a-w c:\windows\system32\msls31.dll
- 2008-08-20 05:33:45 146,432 ----a-w c:\windows\system32\msrating.dll
+ 2007-08-13 17:44:26 192,000 ----a-w c:\windows\system32\msrating.dll
- 2006-07-24 09:50:38 125,744 ----a-w c:\windows\system32\MSSTDFMT.DLL
+ 2004-02-22 22:00:00 119,808 ----a-w c:\windows\system32\MSSTDFMT.DLL
- 2008-08-20 05:33:45 532,480 ----a-w c:\windows\system32\mstime.dll
+ 2007-08-13 17:54:10 670,720 ----a-w c:\windows\system32\mstime.dll
- 2004-02-23 19:42:40 1,386,496 ----a-w c:\windows\system32\MSVBVM60.DLL
+ 2004-02-23 18:42:40 1,386,496 ----a-w c:\windows\system32\msvbvm60.dll
+ 2008-09-30 15:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll
+ 2003-04-18 15:29:26 82,432 ----a-w c:\windows\system32\msxml4r.dll
- 2007-07-30 18:19:04 207,736 ----a-w c:\windows\system32\muweb.dll
+ 2008-07-18 21:07:32 210,976 ----a-w c:\windows\system32\muweb.dll
+ 2006-06-28 16:59:26 24,576 ------w c:\windows\system32\nlsdl.dll
+ 2006-06-29 07:05:44 23,552 ------w c:\windows\system32\normaliz.dll
- 2005-11-12 21:02:04 377,344 ----a-w c:\windows\system32\occache.dll
+ 2007-08-13 17:44:06 101,376 ----a-w c:\windows\system32\occache.dll
+ 1998-07-12 22:00:00 9,728 ----a-w c:\windows\system32\PCCLPFR.DLL
- 2008-08-20 05:33:45 39,424 ----a-w c:\windows\system32\pngfilt.dll
+ 2007-08-13 17:36:12 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-09-19 21:57:30 551,672 ------w c:\windows\system32\px.dll
+ 2008-09-19 21:57:30 129,784 ------w c:\windows\system32\pxafs.dll
+ 2008-09-19 21:57:30 66,296 ------w c:\windows\system32\pxcpya64.exe
+ 2008-09-19 21:57:32 518,904 ------w c:\windows\system32\pxdrv.dll
+ 2008-09-19 21:57:32 72,440 ------w c:\windows\system32\pxhpinst.exe
+ 2008-09-19 21:57:30 64,760 ------w c:\windows\system32\pxinsa64.exe
+ 2008-09-19 21:57:32 187,128 ------w c:\windows\system32\pxmas.dll
+ 2008-09-19 21:57:32 1,628,920 ------w c:\windows\system32\pxsfs.dll
+ 2008-09-19 21:57:32 379,640 ------w c:\windows\system32\pxwave.dll
+ 2008-09-19 21:57:34 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
- 2008-11-14 09:47:32 490,048 ----a-w c:\windows\system32\Restore\rstrlog.dat
+ 2008-11-19 18:46:21 651,028 ----a-w c:\windows\system32\Restore\rstrlog.dat
+ 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 13:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2008-09-19 21:55:58 200,704 ----a-w c:\windows\system32\ssldivx.dll
+ 1998-07-12 22:00:00 6,656 ----a-w c:\windows\system32\STDFTFR.DLL
- 2005-11-13 14:53:42 663,040 ----a-w c:\windows\system32\url.dll
+ 2007-08-13 17:44:30 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-20 05:33:47 621,056 ----a-w c:\windows\system32\urlmon.dll
+ 2007-08-13 17:54:10 1,162,240 ----a-w c:\windows\system32\urlmon.dll
+ 2000-10-02 07:40:18 119,568 ----a-w c:\windows\system32\VB6FR.DLL
+ 2000-07-14 22:00:00 101,888 ----a-w c:\windows\system32\VB6STKIT.DLL
- 2007-12-18 14:41:59 417,792 ----a-w c:\windows\system32\vbscript.dll
+ 2007-08-13 17:54:10 413,696 ----a-w c:\windows\system32\vbscript.dll
+ 2008-09-19 21:57:30 88,824 ------w c:\windows\system32\vxblock.dll
- 2006-03-16 19:44:09 1,295,360 ----a-w c:\windows\system32\webcheck.dll
+ 2007-08-13 17:54:10 231,424 ----a-w c:\windows\system32\webcheck.dll
+ 2007-08-13 17:45:16 206,336 ------w c:\windows\system32\WinFXDocObj.exe
- 2008-08-20 05:33:46 671,744 ----a-w c:\windows\system32\wininet.dll
+ 2007-08-13 17:54:10 818,688 ----a-w c:\windows\system32\wininet.dll
- 2007-07-30 18:19:36 549,720 ----a-w c:\windows\system32\wuapi.dll
+ 2008-10-16 13:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
- 2007-07-30 18:19:16 53,080 ----a-w c:\windows\system32\wuauclt.exe
+ 2008-10-16 13:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
- 2007-07-30 18:19:42 1,712,984 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-10-16 13:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
- 2007-07-30 18:19:32 325,976 ----a-w c:\windows\system32\wucltui.dll
+ 2008-10-16 13:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
- 2007-07-30 18:18:40 33,624 ----a-w c:\windows\system32\wups.dll
+ 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\wups.dll
- 2007-07-30 18:19:12 43,352 ----a-w c:\windows\system32\wups2.dll
+ 2008-10-16 13:09:44 43,544 ----a-w c:\windows\system32\wups2.dll
- 2007-07-30 18:19:28 203,096 ----a-w c:\windows\system32\wuweb.dll
+ 2008-10-16 13:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
+ 2006-07-14 15:51:51 121,856 ------w c:\windows\system32\xmllite.dll
+ 2007-06-21 20:55:26 26,000 ----a-w c:\windows\system32\ZoneLabs\av_loc040c.dll
+ 2007-05-30 23:03:30 65,248 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\aphish.dat
+ 2006-06-30 13:47:36 21,568 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2007-05-30 23:03:30 1,628 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\pdmkl.dat
+ 2007-05-30 23:03:16 77,824 ----a-w c:\windows\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2007-05-30 23:03:16 110,592 ----a-w c:\windows\system32\ZoneLabs\avsys\CKAHrule.dll
+ 2007-05-30 23:03:16 331,776 ----a-w c:\windows\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2007-05-30 23:03:16 38,400 ----a-w c:\windows\system32\ZoneLabs\avsys\FSSync.dll
+ 2006-09-19 22:12:14 208,960 ----a-w c:\windows\system32\ZoneLabs\avsys\inv.dll
+ 2007-05-30 23:03:16 258,048 ----a-w c:\windows\system32\ZoneLabs\avsys\kave.dll
+ 2006-12-19 17:13:52 1,093,632 ----a-w c:\windows\system32\ZoneLabs\avsys\libeay32.dll
+ 2007-05-30 23:03:20 548,864 ----a-w c:\windows\system32\ZoneLabs\avsys\msvcp80.dll
+ 2007-05-30 23:03:20 626,688 ----a-w c:\windows\system32\ZoneLabs\avsys\msvcr80.dll
+ 2007-05-30 23:03:18 184,320 ----a-w c:\windows\system32\ZoneLabs\avsys\prloader.dll
+ 2007-05-30 23:03:22 90,112 ----a-w c:\windows\system32\ZoneLabs\avsys\prremote.dll
+ 2007-05-30 23:03:18 118,784 ----a-w c:\windows\system32\ZoneLabs\avsys\ScanningProcess.exe
+ 2006-12-19 17:13:52 200,704 ----a-w c:\windows\system32\ZoneLabs\avsys\ssleay32.dll
+ 2007-06-21 20:55:26 17,808 ----a-w c:\windows\system32\ZoneLabs\camupd_loc040c.dll
+ 2007-06-21 20:55:28 26,000 ----a-w c:\windows\system32\ZoneLabs\imsecure_loc040c.dll
+ 2007-06-21 20:55:30 17,808 ----a-w c:\windows\system32\ZoneLabs\scheduler_loc040c.dll
+ 2007-06-21 20:55:30 17,808 ----a-w c:\windows\system32\ZoneLabs\vsdb_loc040c.dll
+ 2007-06-21 20:55:30 46,480 ----a-w c:\windows\system32\ZoneLabs\vsmon_loc040c.dll
+ 2007-06-21 20:55:30 198,032 ----a-w c:\windows\system32\ZoneLabs\vsruledb_loc040c.dll
+ 2007-06-21 20:55:30 17,808 ----a-w c:\windows\system32\ZoneLabs\vsvault_loc040c.dll
+ 2007-06-21 20:55:32 17,808 ----a-w c:\windows\system32\ZoneLabs\zlquarantine_loc040c.dll
+ 2007-06-21 20:55:32 21,904 ----a-w c:\windows\system32\ZoneLabs\zlsre_loc040c.dll
+ 2008-11-16 17:14:42 1,233,920 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2008-09-30 15:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-11-16 17:14:41 82,432 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2008-09-30 15:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2008-07-28 11:46 160496 --a------ c:\program files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-22 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-05-22 86016]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-07-11 223984]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-13 136600]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2008-11-05 21:59 4347120 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
--a------ 2008-07-11 18:06 223984 c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-15 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-15 20560]
.
Contenu du dossier 'Tâches planifiées'

2008-11-19 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.sfr.fr/kit/adsl/
uSearchMigratedDefaultURL = hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms}
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

c:\windows\bdoscandellang.ini - c:\windows\bdoscandel.exe
c:\windows\Downloaded Program Files\live.ini
c:\windows\Downloaded Program Files\scanoptions.tsi
c:\windows\Downloaded Program Files\lang.ini
c:\windows\Downloaded Program Files\ipsupd.dll
c:\windows\Downloaded Program Files\bdupd.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\oscan8.ocx
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
c:\windows\Downloaded Program Files\oscan8.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-20 18:40:40
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\fxssvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Heure de fin: 2008-11-20 18:47:08 - La machine a redémarré [rv]
ComboFix-quarantined-files.txt 2008-11-20 17:46:48
ComboFix2.txt 2008-11-14 16:26:01

Avant-CF: 58 057 711 616 octets libres
Après-CF: 59,718,864,896 octets libres

621 --- E O F --- 2008-11-20 13:28:50

Tu peux poster un rapport Hijackthis ?

Pas de soucis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26, on 20/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
C:\Documents and Settings\rv\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sfr.fr/kit/adsl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - C:\PROGRA~1\ALCOHO~1\ALCOHO~2\a120_tb.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8700 bytes

Re,

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic

Re,



Avira AntiVir Personal
Report file date: samedi 22 novembre 2008 20:09

Scanning for 1045520 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: HERVE

Version information:
BUILD.DAT : 8.2.0.336 16933 Bytes 30/10/2008 11:40:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 18:42:54
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 18:42:56
ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 16/11/2008 18:42:58
ANTIVIR3.VDF : 7.1.0.122 154112 Bytes 21/11/2008 18:43:00
Engineversion : 8.2.0.35
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 22/11/2008 18:43:16
AESCN.DLL : 8.1.1.5 123251 Bytes 22/11/2008 18:43:14
AERDL.DLL : 8.1.1.3 438645 Bytes 22/11/2008 18:43:13
AEPACK.DLL : 8.1.3.4 393591 Bytes 22/11/2008 18:43:11
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 22/11/2008 18:43:10
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 22/11/2008 18:43:08
AEHELP.DLL : 8.1.2.0 119159 Bytes 22/11/2008 18:43:04
AEGEN.DLL : 8.1.1.5 323956 Bytes 22/11/2008 18:43:03
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56
AECORE.DLL : 8.1.5.1 172406 Bytes 22/11/2008 18:43:02
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 22/11/2008 18:43:01
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 22 novembre 2008 20:09

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'emule.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'AnyDVD.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtection.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindService.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
31 processes with 31 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '52' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\rv\Bureau\QUAD_RegistryCleaner_v.1.5.43.exe
[0] Archive type: NSIS
--> Settings/QUAD Registry Cleaner.exe
[DETECTION] Is the TR/Fraud.RegClean Trojan
--> Settings/QUAD Scheduler.exe
[DETECTION] Is the TR/Fraud.RegClean.A Trojan
--> Settings/vista.exe
[DETECTION] Is the TR/Fraud.RegClean.B Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\rv\Local Settings\Application Data\Mozilla\Firefox\Profiles\y1v54d92.default\Cache\3CFA01BDd01
[0] Archive type: NSIS
--> Settings/QUAD Registry Cleaner.exe
[DETECTION] Is the TR/Fraud.RegClean Trojan
--> Settings/QUAD Scheduler.exe
[DETECTION] Is the TR/Fraud.RegClean.A Trojan
--> Settings/vista.exe
[DETECTION] Is the TR/Fraud.RegClean.B Trojan
[NOTE] The file was moved to '496e6a2b.qua'!
C:\Program Files\eMule\Incoming\Avast Antivirus Pro v4.8.1282 Fr Incl-Keygen Rar.rar
[0] Archive type: RAR
--> Keygen\keygen.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Bot.14549 back-door program
[NOTE] The file was moved to '49896fa3.qua'!
C:\Program Files\EPSON\Smart Panel\File.exe
[DETECTION] Is the TR/Agent.agi.13 Trojan
[NOTE] The file was moved to '49946fe3.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\112312.exe.vir
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '495a712b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\112406.exe.vir
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was moved to '495a712d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\118046.exe.vir
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '4960712e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\14654656.exe.vir
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was moved to '495e7132.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\47531.exe.vir
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was moved to '495d7138.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\49484.exe.vir
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was moved to '495c713a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\50671.exe.vir
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was moved to '4829ad1b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\51921.exe.vir
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was moved to '49617133.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\60484.exe.vir
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was moved to '495c7133.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\97390.exe.vir
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was moved to '495b713b.qua'!
C:\System Volume Information\_restore{1AD96F14-6E30-4B81-9D62-6E67B2ED9BC0}\RP11\A0003248.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '49587169.qua'!
C:\System Volume Information\_restore{1AD96F14-6E30-4B81-9D62-6E67B2ED9BC0}\RP12\A0003287.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4958716a.qua'!
C:\System Volume Information\_restore{1AD96F14-6E30-4B81-9D62-6E67B2ED9BC0}\RP12\A0003625.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was moved to '49587173.qua'!
C:\System Volume Information\_restore{1AD96F14-6E30-4B81-9D62-6E67B2ED9BC0}\RP12\A0003651.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '49587174.qua'!
C:\System Volume Information\_restore{1AD96F14-6E30-4B81-9D62-6E67B2ED9BC0}\RP12\A0003767.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '49587179.qua'!
C:\System Volume Information\_restore{1AD96F14-6E30-4B81-9D62-6E67B2ED9BC0}\RP12\A0003784.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4958717a.qua'!
C:\System Volume Information\_restore{1AD96F14-6E30-4B81-9D62-6E67B2ED9BC0}\RP12\A0003891.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4958717c.qua'!
C:\System Volume Information\_restore{1AD96F14-6E30-4B81-9D62-6E67B2ED9BC0}\RP16\A0004079.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49587184.qua'!
C:\System Volume Information\_restore{1AD96F14-6E30-4B81-9D62-6E67B2ED9BC0}\RP16\A0004080.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was moved to '49587185.qua'!
C:\System Volume Information\_restore{1AD96F14-6E30-4B81-9D62-6E67B2ED9BC0}\RP16\A0004083.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '482bcc2e.qua'!
C:\System Volume Information\_restore{1AD96F14-6E30-4B81-9D62-6E67B2ED9BC0}\RP16\A0004096.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was moved to '49587186.qua'!
C:\System Volume Information\_restore{1AD96F14-6E30-4B81-9D62-6E67B2ED9BC0}\RP16\A0004135.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was moved to '49587188.qua'!
C:\System Volume Information\_restore{1AD96F14-6E30-4B81-9D62-6E67B2ED9BC0}\RP16\A0004136.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was moved to '482bcc21.qua'!
C:\System Volume Information\_restore{1AD96F14-6E30-4B81-9D62-6E67B2ED9BC0}\RP16\A0004137.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was moved to '49587189.qua'!
C:\System Volume Information\_restore{1AD96F14-6E30-4B81-9D62-6E67B2ED9BC0}\RP16\A0004138.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was moved to '482bcc22.qua'!
C:\System Volume Information\_restore{1AD96F14-6E30-4B81-9D62-6E67B2ED9BC0}\RP16\A0004143.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was moved to '4958718a.qua'!
C:\System Volume Information\_restore{1AD96F14-6E30-4B81-9D62-6E67B2ED9BC0}\RP16\A0004165.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was moved to '482bcc23.qua'!
C:\System Volume Information\_restore{1AD96F14-6E30-4B81-9D62-6E67B2ED9BC0}\RP36\A0008297.exe
[DETECTION] Is the TR/Fraud.RegClean Trojan
[NOTE] The file was moved to '4958722a.qua'!
C:\System Volume Information\_restore{1AD96F14-6E30-4B81-9D62-6E67B2ED9BC0}\RP36\A0008298.exe
[DETECTION] Is the TR/Fraud.RegClean.A Trojan
[NOTE] The file was moved to '4958722c.qua'!
C:\System Volume Information\_restore{1AD96F14-6E30-4B81-9D62-6E67B2ED9BC0}\RP36\A0008300.exe
[DETECTION] Is the TR/Fraud.RegClean.B Trojan
[NOTE] The file was moved to '4958722d.qua'!
C:\System Volume Information\_restore{1AD96F14-6E30-4B81-9D62-6E67B2ED9BC0}\RP40\A0008566.exe
[0] Archive type: NSIS
--> Settings/QUAD Registry Cleaner.exe
[DETECTION] Is the TR/Fraud.RegClean Trojan
--> Settings/QUAD Scheduler.exe
[DETECTION] Is the TR/Fraud.RegClean.A Trojan
--> Settings/vista.exe
[DETECTION] Is the TR/Fraud.RegClean.B Trojan
[NOTE] The file was moved to '49587238.qua'!
C:\System Volume Information\_restore{1AD96F14-6E30-4B81-9D62-6E67B2ED9BC0}\RP40\A0008567.exe
[DETECTION] Is the TR/Vaklik.cnd Trojan
[NOTE] The file was moved to '49587239.qua'!
C:\System Volume Information\_restore{1AD96F14-6E30-4B81-9D62-6E67B2ED9BC0}\RP40\A0008568.exe
[DETECTION] Is the TR/Agent.agi.13 Trojan
[NOTE] The file was moved to '482bcf92.qua'!
C:\System Volume Information\_restore{1AD96F14-6E30-4B81-9D62-6E67B2ED9BC0}\RP9\A0002990.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4958724c.qua'!
C:\System Volume Information\_restore{1AD96F14-6E30-4B81-9D62-6E67B2ED9BC0}\RP9\A0003118.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '49587254.qua'!
C:\System Volume Information\_restore{1AD96F14-6E30-4B81-9D62-6E67B2ED9BC0}\RP9\A0003134.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '482bcffd.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd1389.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\vaxscsi.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'


End of the scan: samedi 22 novembre 2008 22:08
Used time: 1:58:32 Hour(s)

The scan has been done completely.

4523 Scanning directories
266220 Files were scanned
46 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
39 files were moved to quarantine
0 files were renamed
5 Files cannot be scanned
266169 Files not concerned
3598 Archives were scanned
5 Warnings
40 Notes

Reposte un rapport Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47, on 23/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hamachi\hamachi.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\rv\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sfr.fr/kit/adsl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - C:\PROGRA~1\ALCOHO~1\ALCOHO~2\a120_tb.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7877 bytes

D'autres soucis ?

Je n'en vois pas d'autre, je vais y jeter un œil cette semaine, et si jamais j'ai d'autre soucis, je te redis quoi !

Un gros merci !

Ok