jaromil

Mon PC ventile énormément depuis le virus, et cela fait plus de trois jours que je ne peux plus travailler dessus. Or j'ai un besoin urgent de travailler avec le PC : je choisis donc de réinstaller le système. Beagle, pour cette fois, est le plus fort ! Je vous remercie de l'aide apportée et j'espère que mon cas, bien que non résolu, vous sera utile pour aider d'autres utilisateurs. Dernière question, que je réitère : manips particulières à faire avant/après réinstall classique du système ? Merci

ComboFix 08-10-17.01 - DISCOBABEL 2008-10-18 18:06:36.1 - NTFSx86 Lancé depuis: C:\Documents and Settings\DISCOBABEL\Bureau\Combo-Fix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\autorun.inf C:\WINDOWS\pack.epk C:\WINDOWS\system32\drivers\downld C:\WINDOWS\system32\drivers\downld\3617312.exe C:\WINDOWS\system32\drivers\downld\3618984.exe C:\WINDOWS\system32\drivers\downld\3653453.exe C:\WINDOWS\system32\drivers\downld\3658765.exe C:\WINDOWS\system32\drivers\downld\3662046.exe C:\WINDOWS\system32\drivers\downld\3716515.exe C:\WINDOWS\system32\drivers\downld\3724625.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-18 au 2008-10-18 )))))))))))))))))))))))))))))))))))) . 2008-10-18 18:11 . 2008-10-18 18:11 <REP> d-------- C:\WINDOWS\system32\drivers\downld 2008-10-18 16:39 . 2006-05-22 05:08 839,688 --------- C:\WINDOWS\system32\drivers\winfilse.exe 2008-10-15 10:31 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys 2008-10-15 10:29 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-15 10:29 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-15 10:29 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-15 10:29 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-10-15 10:29 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys 2008-10-14 11:01 . 2008-10-14 11:01 <REP> d-------- C:\Documents and Settings\DISCOBABEL\Application Data\IndexEducation 2008-10-14 10:59 . 2008-10-14 10:59 <REP> d-------- C:\Documents and Settings\DISCOBABEL\Application Data\InstallShield 2008-10-13 18:57 . 2008-10-13 18:57 <REP> d-------- C:\Program Files\Real Alternative 2008-10-05 18:17 . 2008-10-18 16:28 <REP> d-------- C:\Program Files\Tennis Elbow 2006 2008-09-26 08:55 . 2008-09-26 08:55 <REP> d-------- C:\Program Files\pdfsam . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-18 14:50 --------- d-----w C:\Program Files\Mozilla Firefox_3 2008-10-18 14:42 --------- d-----w C:\Documents and Settings\DISCOBABEL\Application Data\VMNTOOLBAR 2008-10-18 14:39 --------- d-----w C:\Program Files\eMule 2008-10-18 13:44 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-10-15 20:11 --------- d-----w C:\Documents and Settings\DISCOBABEL\Application Data\OpenOffice.org2 2008-10-15 14:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-10-15 13:18 --------- d-----w C:\Documents and Settings\DISCOBABEL\Application Data\SolidDocuments 2008-10-15 10:09 --------- d-----w C:\Program Files\Apple Software Update 2008-10-15 09:59 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-15 09:59 --------- d-----w C:\Program Files\EPSON 2008-10-15 08:20 --------- d-----w C:\Program Files\EasyBox 2008-10-01 10:43 --------- d-----w C:\Documents and Settings\DISCOBABEL\Application Data\FileZilla 2008-09-26 06:50 --------- d-----w C:\Program Files\GUIPDFTK 2008-09-13 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Soulseek 2008-09-13 17:31 --------- d-----w C:\Program Files\Soulseek-Test 2008-09-11 18:11 --------- d-----w C:\Program Files\Ziepod 2008-09-10 11:45 --------- d-----w C:\Program Files\WinUAE_1.5.1_FR_Windows 2008-09-08 21:11 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-09-07 09:58 --------- d-----w C:\Program Files\Microsoft Works 2008-09-07 09:55 --------- d-----w C:\Program Files\Microsoft.NET 2008-08-20 12:50 --------- d-----w C:\Documents and Settings\DISCOBABEL\Application Data\Mick@ël 2008-08-20 12:47 --------- d-----w C:\Program Files\QuickUpload 2008-08-11 10:46 79,080 ----a-w C:\Documents and Settings\DISCOBABEL\Application Data\GDIPFONTCACHEV1.DAT 2008-04-04 13:06 13,682,792 ----a-w C:\Program Files\win_easybox_4.0.exe 2007-12-08 10:46 6,113,439 ----a-w C:\Program Files\pc-inspector_pc_inspector_4.0_francais_11048.exe 2007-08-21 10:22 712,360 ----a-w C:\Program Files\Room_Arranger_3.26.exe 2007-07-26 08:49 55,068,209 ----a-w C:\Program Files\Bcdi3 Le Logiciel(Capes Documentation Cdi Bcdi Motbis Module Formation Iufm).rar 2007-07-10 09:06 1,308,216 ----a-w C:\Program Files\HiJackThis_v2.exe 2007-03-20 09:47 1,010,688 ----a-w C:\Program Files\SnapKey_v2.0.2.1.exe 2007-02-28 12:21 126 ----a-w C:\Documents and Settings\DISCOBABEL\Application Data\wklnhst.dat 2005-07-01 12:49 352,320 ----a-w C:\Program Files\Memento.exe 2008-05-10 11:58 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 2008-05-10 11:58 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat 2008-05-10 11:58 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008051020080511\index.dat 2008-05-10 11:58 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "drvsyskit"="C:\WINDOWS\system32\drivers\winfilse.exe" [2006-05-22 839688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-22 839688] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 35328] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "CheckMedi8or"="C:\Program Files\Mediator6\CheckNewUser.exe" [2000-10-25 36864] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) Les clés de Registre SafeBoot doivent être réparées. Cette machine ne peut pas utiliser le Mode Sans Échec. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\EasyBox\\vlc\\vlc.exe"= "C:\\Program Files\\EasyBox\\apache\\apache.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "C:\\Program Files\\Real Alternative\\Media Player Classic\\mplayerc.exe"= "C:\\Program Files\\Mozilla Firefox_3\\firefox.exe"= "C:\\Program Files\\Soulseek-Test\\slsk.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-03-22 200192] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a33c83e-b163-11db-8acb-0014a524962d}] \Shell\AutoRun\command - F:\LaunchU3.exe . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe HKLM-Run-EoEngine - (no file) HKLM-Run-EoWeather - (no file) MSConfigStartUp-Load - C:\WINDOWS\svchost.exe . ------- Examen supplémentaire ------- . FireFox -: Profile - C:\Documents and Settings\DISCOBABEL\Application Data\Mozilla\Firefox\Profiles\18lprl72.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.netvibes.com/#Accueil FF -: plugin - C:\Program Files\Mozilla Firefox_3\plugins\npnul32.dll FF -: plugin - C:\Program Files\Mozilla Firefox_3\plugins\NPOFF12.DLL FF -: plugin - C:\Program Files\Mozilla Firefox_3\plugins\nppl3260.dll FF -: plugin - C:\Program Files\Mozilla Firefox_3\plugins\npqtplugin.dll FF -: plugin - C:\Program Files\Mozilla Firefox_3\plugins\npqtplugin2.dll FF -: plugin - C:\Program Files\Mozilla Firefox_3\plugins\npqtplugin3.dll FF -: plugin - C:\Program Files\Mozilla Firefox_3\plugins\npqtplugin4.dll FF -: plugin - C:\Program Files\Mozilla Firefox_3\plugins\npqtplugin5.dll FF -: plugin - C:\Program Files\Mozilla Firefox_3\plugins\nprpjplug.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-18 18:11:25 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????7?5?2?3??????? ???B?????????????hLC? ?????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe . ************************************************************************** . Heure de fin: 2008-10-18 18:25:20 - La machine a redémarré ComboFix-quarantined-files.txt 2008-10-18 16:24:59 Avant-CF: 32 910 123 008 octets libres Après-CF: 33,039,314,944 octets libres 179 --- E O F --- 2008-10-15 14:30:33 le quarantined-files ne s'affiche pas sur le forum quand je le poste !!!

ravi d'essuyer les plâtres ! je vais regarder ça

Combofix s'est interrompu après redémarrage : donc pas de rapport De plus, ensuite j'ai carrément perdu ma connexion wifi Ce soir je vais essayer de la reparamétrer, mais si je n'y arrive pas je laisse tomber (pas envie de mettre des rapports sur clé usb pour les poster à partir de mon autre Pc sain) Je vous tiens au courant. Mais une question par avance (déjà posée plus haut) - remarques utiles en vue d'une réinstall classique ? - sans antivirus pour l'instant, comment puis-je faire pour scanner le dvd de données que j'ai gravé (kaspersky en ligne ?) Je vous tiens au courant ce soir Merci beaucoup

ok je vais faire ça je poste le rapport puis j'arrête jusqu'à ce soir vaut-il mieux que j'éteigne le Pc ou en veille prolongée ? les redémarrages "regonflent"-ils le virus ?

merci pour ta patience et non, désolé, il se ferme aussitôt lancé

déjà essayé je renomme bien le fichier zippé mais impossible ensuite de renommer ou de démarrer l'exécutable il faudrait pour cela que je télécharge le fichier non zippé pour le renommer depuis la fenêtre de téléchargement

Ca ne s'est pas passé comme prévu. avenger ne démarre pas, bourre les ressources système. j'ai dû redémarrer, et là elibagla s'est relancé tout seul et a généré un rapport que voici. question annexe : j'ai sauvé quelques docs importants sur un dvd. comment m'assurer qu'il n'est pas infecté ? le scan en ligne de kaspersky par exemple ? Tue Oct 21 10:29:01 2008 EliBagle v11.86 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 20 de Octubre del 2008) ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\DOCUMENTS AND SETTINGS\DISCOBABEL\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado. C:\DOCUMENTS AND SETTINGS\DISCOBABEL\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle Tue Oct 21 10:29:19 2008 EliBagle v11.86 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 20 de Octubre del 2008) ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\DOCUMENTS AND SETTINGS\DISCOBABEL\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado. Restaurada Clave: "SafeBoot\Minimal y Network" Reinicie para Completar la Limpieza. Tue Oct 21 10:29:51 2008 EliBagle v11.86 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 20 de Octubre del 2008) ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\DOCUMENTS AND SETTINGS\DISCOBABEL\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado. Restaurada Clave: "SafeBoot\Minimal y Network" Reinicie para Completar la Limpieza. Tue Oct 21 10:29:56 2008 EliBagle v11.86 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 20 de Octubre del 2008) ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\DOCUMENTS AND SETTINGS\DISCOBABEL\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado. Restaurada Clave: "SafeBoot\Minimal y Network" Reinicie para Completar la Limpieza. Tue Oct 21 10:30:02 2008 EliBagle v11.86 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 20 de Octubre del 2008) ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\DOCUMENTS AND SETTINGS\DISCOBABEL\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado. Restaurada Clave: "SafeBoot\Minimal y Network" Reinicie para Completar la Limpieza. Tue Oct 21 10:30:07 2008 EliBagle v11.86 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 20 de Octubre del 2008) ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\DOCUMENTS AND SETTINGS\DISCOBABEL\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado. Restaurada Clave: "SafeBoot\Minimal y Network" Reinicie para Completar la Limpieza. Tue Oct 21 10:32:52 2008 EliBagle v11.86 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 20 de Octubre del 2008) ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\DOCUMENTS AND SETTINGS\DISCOBABEL\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado. Restaurada Clave: "SafeBoot\Minimal y Network" Reinicie para Completar la Limpieza. Tue Oct 21 10:33:48 2008 EliBagle v11.86 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 20 de Octubre del 2008) ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ C:\Qoobox\Quarantine\C\Documents and Settings\DISCOBABEL\Application Data\m\FLEC006.EXE.VIR --> Eliminado Bagle C:\Qoobox\Quarantine\C\WINDOWS\system32\MDELK.EXE.VIR --> Eliminado Bagle C:\Qoobox\Quarantine\C\WINDOWS\system32\WINTEMS.EXE.VIR --> Eliminado Bagle Nº Total de Directorios: 11357 Nº Total de Ficheros: 117015 Nº de Ficheros Analizados: 14258 Nº de Ficheros Infectados: 3 Nº de Ficheros Limpiados: 3 Tue Oct 21 11:42:40 2008 EliBagle v11.86 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 20 de Octubre del 2008) ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\DOCUMENTS AND SETTINGS\DISCOBABEL\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado. C:\DOCUMENTS AND SETTINGS\DISCOBABEL\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle Restaurada Clave: "SafeBoot\Minimal y Network" Reinicie para Completar la Limpieza. Tue Oct 21 11:42:52 2008 EliBagle v11.86 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 20 de Octubre del 2008) ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Nº Total de Directorios: 11358 Nº Total de Ficheros: 117052 Nº de Ficheros Analizados: 14260 Nº de Ficheros Infectados: 0 Nº de Ficheros Limpiados: 0

Antivir ininstallable Un peu eu du mal à lancer le soft. une fenêtre apparaissait et disparaissait aussitôt. heureusement, j'ai quelques notions d'epagnol et je lis vite ça me demandait de redémarrer à cause d'une infection bagle. ensuite le scan a démarré. et pour clore une partie de la discussion, je pense qu'une confiance mutuelle est indispensable sur ce type d'aide et de forum. le rapport : Tue Oct 21 10:29:01 2008 EliBagle v11.86 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 20 de Octubre del 2008) ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\DOCUMENTS AND SETTINGS\DISCOBABEL\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado. C:\DOCUMENTS AND SETTINGS\DISCOBABEL\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle Tue Oct 21 10:29:19 2008 EliBagle v11.86 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 20 de Octubre del 2008) ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\DOCUMENTS AND SETTINGS\DISCOBABEL\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado. Restaurada Clave: "SafeBoot\Minimal y Network" Reinicie para Completar la Limpieza. Tue Oct 21 10:29:51 2008 EliBagle v11.86 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 20 de Octubre del 2008) ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\DOCUMENTS AND SETTINGS\DISCOBABEL\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado. Restaurada Clave: "SafeBoot\Minimal y Network" Reinicie para Completar la Limpieza. Tue Oct 21 10:29:56 2008 EliBagle v11.86 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 20 de Octubre del 2008) ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\DOCUMENTS AND SETTINGS\DISCOBABEL\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado. Restaurada Clave: "SafeBoot\Minimal y Network" Reinicie para Completar la Limpieza. Tue Oct 21 10:30:02 2008 EliBagle v11.86 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 20 de Octubre del 2008) ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\DOCUMENTS AND SETTINGS\DISCOBABEL\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado. Restaurada Clave: "SafeBoot\Minimal y Network" Reinicie para Completar la Limpieza. Tue Oct 21 10:30:07 2008 EliBagle v11.86 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 20 de Octubre del 2008) ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\DOCUMENTS AND SETTINGS\DISCOBABEL\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado. Restaurada Clave: "SafeBoot\Minimal y Network" Reinicie para Completar la Limpieza. Tue Oct 21 10:32:52 2008 EliBagle v11.86 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 20 de Octubre del 2008) ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\DOCUMENTS AND SETTINGS\DISCOBABEL\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado. Restaurada Clave: "SafeBoot\Minimal y Network" Reinicie para Completar la Limpieza. Tue Oct 21 10:33:48 2008 EliBagle v11.86 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 20 de Octubre del 2008) ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ C:\Qoobox\Quarantine\C\Documents and Settings\DISCOBABEL\Application Data\m\FLEC006.EXE.VIR --> Eliminado Bagle C:\Qoobox\Quarantine\C\WINDOWS\system32\MDELK.EXE.VIR --> Eliminado Bagle C:\Qoobox\Quarantine\C\WINDOWS\system32\WINTEMS.EXE.VIR --> Eliminado Bagle Nº Total de Directorios: 11357 Nº Total de Ficheros: 117015 Nº de Ficheros Analizados: 14258 Nº de Ficheros Infectados: 3 Nº de Ficheros Limpiados: 3

après lecture rapide du rapport de ma part (auquel je ne comprends bien sûr pas grand-chose !), je ne sais pas si tu fais référence à tout ce qui apparaît dans Application Data/m/shared ? si oui, je peux t'assurer que je ne connaissais pas ces fichiers, je ne partage absolument rien sur les réseaux P2P. ils sont apparus entre le premier et le présent rapport, sans doute à cause du virus. le premier rapport n'a certainement pas été expurgé (si j'interprète correctement ta remarque), je l'ai posté tel quel. merci de bien vouloir considérer que je suis de bonne foi.

Le rapport : ComboFix 08-10-19.04 - DISCOBABEL 2008-10-20 19:40:27.4 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.148 [GMT 2:00] Commutateurs utilisés :: C:\Documents and Settings\DISCOBABEL\Bureau\CFScript.txt AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\WINDOWS\system32\drivers\winfilse.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\DISCOBABEL\Application Data\m C:\Documents and Settings\DISCOBABEL\Application Data\m\data.oct C:\Documents and Settings\DISCOBABEL\Application Data\m\flec006.exe C:\Documents and Settings\DISCOBABEL\Application Data\m\list.oct C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\1Z0-023 - Architecture and Administration Practice Test Questions 1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Ad_Notifier_1.2.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Advanced RSS2Web Professional 3.1.58.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\All-in-One_DVD_Player_2.4.8.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Arpoon Checksum 1.6.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\AutoSoft_Online_Standard_1.0.17.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Barbus-PNB Printable Notebook 2.6.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\BCArchive 1.08.8.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Bestel DVD to iPod Converter 1.2.2.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\BFG Chat Client 1.17.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\BizTime_2.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Boot-US_2.1.5_(Key+Serial).zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Budget Tool Business Excel 2.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\CADpatterns for Adobe Illustrator CS 1.0b.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\CalcTime 1.8.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\CalculatorX 1.2 Build 0418 [serial].zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\CamSplitter_1.7.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Carmageddon_demo.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Carmen_Electra_Screensaver_Set_2_1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\ClockWatch_Sentry_3.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\CodeX Apps Personal Edition 1.6.0312.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\CommView_5.3_build_523.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Cool Free All Video to MOV Converter 5.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Coupons_Box_1.00.08.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Credit Cards - Sources for over 200 credit cards and more 2.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Dewqs'_SpamProx_2.5.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\DigiMode GoldMine 1.50.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\dToolz 1.02.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Duke - The Portfolio Watchdog 1.50.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Easiestutils Video to iPod Converter 2.9.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\EasyLabel_1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\EAuthentix Outlook Plug-in 1.2.4.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Endorphinum_1.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Enterprise_Staff_Indicator_5.0.36.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Evening Meditation 3D Screensaver 1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Fix_Accesskeys_0.4.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Flash To Video Encoder 4.6.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Float_Planes_1_1.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\FMDrop_Patch.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\FolderViewer 4.6.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\FormAI_1.2_With_Crack.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\FreeBusy 1.20.0049 [With Crack].zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\GameOS 1.9.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\GPS_Time_and_Test_1.5.0.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Hosts Editor 1.3.0 Build 581.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Hot Crypt 1.2.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\HT_Cam_to_DVD_2.0_(Serial).zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\htmlEditor_2.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\iUnformat_2.0_(KeyGen).zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\JOGGLE_1.0_(Cracked).zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\JPGReader_4.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\JSyntaxColor_1.2.9.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Kaspersky_Anti-Virus_6.0.1.411.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Key_Control_2006.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\LingvoSoft_Talking_Picture_Dictionary_2007_Spanish_-_Portuguese_1.1.18_KeyGen.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Loan Amortization Add-in Component 1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Lucky_13_Card_Solitaire_1.01.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Mafia_BMW_Z8_Skin.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Microbian_1.3.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\MoNooN_Newsbar_1.71.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\MyAssist 1.3.1 (Key+Serial).zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Naevius_Hidden_File_System_1.0_[KeyGen].zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\NOD32.Antivirus.System.v2.51.20.Standard.Edition.Win2K.NT.2K3.XP.Retail.[eM ulek.com.pl].zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\NotesLogExp_2006.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\nqDoc 0.9.41 Beta.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\orangeClip_2005_1.39_(Cracked).zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Outlook_Connector_for_MDaemon_2.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Outlook_Express_Backup_Pro_5.5.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Outlook_Express_Backup_Restore_2.12.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Paparazzi_Trailer.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Paraben's_Diet_Tracker_2.3.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Parkleitsystem Basel 1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\PatchMate_3.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\PC Electronic Keyboard Gold 3.38.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\PC Pranks 1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\PDF_Image_Extractor_1.2.2.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\PhibianIRC_1.2.5218.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\PhotoPerfect DigiCam 1.2.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\PinkMusicSearcher_3.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Power Backup 3.3.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Presto Transfer IncrediMail 2.2.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Productive Clip 1.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\PrpT_Control_1.02.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Range Slider 1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Registry_Finder_1.1_[Patch].zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Secure Browser 1.8.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Seo_Friendly_Directory_List_2.4.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\ServiceCapture_1.2.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Several_MSN_Messenger_Sessions.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\ShaPlus Bandwidth Meter 1.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\SharkPost 1.0 Build 20030724.3 Experimental.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Sheep Clock 1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Skeleton_Calendar_2.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Smart_Image_Server_3.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\SnipeMonkey_0.9.9.135_(KeyGen).zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Snipshot_1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Snootch_2.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\SoftAmbulance Partition Doctor 1.55 [Key+Serial].zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Softlock.USB 1.2.1 [serial].zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\SoundGraffiti 1.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Spy Emergency Analyzer Tool SA 1.2.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\SQLite_Maestro_7.7.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Squinch_1.0_Serial.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\StAaS_1.1_(Cracked).zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Swift To-Do List 6.80 [Crack].zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\TextMessagePLUS 1.0.1.39390.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\TFM_Audio_Filter_1.0_beta_8.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\The Razor Blade 5.1.2200.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\The WeatherEye Vista Gadget 1.0.3.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\The_Da_Vinci_Code_1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\The_Outforce_1.01_European_patch.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Tiff to PDF Converter 1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\TimeTraces_1.1.11.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Total_Movie_Converter_1.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\TrayService 2.1 Patch.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\TweakMarketing Advanced Email Parser 1.27.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\uCertify_-_MCSD.NET_Practice_Test_for_Exam_70-316_-_305+_Questions_8.04.05_[KeyGen].zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Video_Caster_3.44_[Key].zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Visual Graph Beta 5.0.1 Build 1239.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Visual_Data_2.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\ViVi DVD to PSP Converter 3.1.5 [With Crack].zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Voxengo Deconvolver 1.9.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\WBJB_Windows_Media_Streamer_1.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\What_Colour_3.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Windows System Optimizer 2.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\WMI Query 2.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\WW2_Warbirds_1.1_[KeyGen].zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\yGen_1.0.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\ZG Words 1.7.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\srvlist.oct C:\WINDOWS\system32\ban_list.txt C:\WINDOWS\system32\drivers\downld C:\WINDOWS\system32\drivers\downld\258140.exe C:\WINDOWS\system32\drivers\downld\268078.exe C:\WINDOWS\system32\drivers\downld\269171.exe C:\WINDOWS\system32\drivers\downld\280843.exe C:\WINDOWS\system32\drivers\downld\284000.exe C:\WINDOWS\system32\drivers\downld\287328.exe C:\WINDOWS\system32\drivers\downld\291781.exe C:\WINDOWS\system32\drivers\downld\297500.exe C:\WINDOWS\system32\drivers\downld\300953.exe C:\WINDOWS\system32\drivers\downld\381359.exe C:\WINDOWS\system32\drivers\downld\392515.exe C:\WINDOWS\system32\drivers\downld\402109.exe C:\WINDOWS\system32\drivers\winfilse.exe C:\WINDOWS\system32\mdelk.exe C:\WINDOWS\system32\wintems.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-20 au 2008-10-20 )))))))))))))))))))))))))))))))))))) . 2008-10-20 17:53 . 2008-10-20 17:53 <REP> d-------- C:\rsit 2008-10-19 22:17 . 2008-10-19 22:17 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-10-19 20:04 . 2008-10-20 19:15 <REP> d-------- C:\karcher_bis 2008-10-19 19:44 . 2008-10-19 19:44 1,774 --a------ C:\WINDOWS\system32\tmp.reg 2008-10-19 12:39 . 2008-10-20 19:12 <REP> d-------- C:\karcher 2008-10-19 10:51 . 2008-10-19 10:51 <REP> d-------- C:\Program Files\CCleaner2.12 2008-10-15 10:31 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys 2008-10-15 10:29 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-15 10:29 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-15 10:29 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-15 10:29 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-10-15 10:29 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys 2008-10-14 11:01 . 2008-10-14 11:01 <REP> d-------- C:\Documents and Settings\DISCOBABEL\Application Data\IndexEducation 2008-10-14 10:59 . 2008-10-14 10:59 <REP> d-------- C:\Documents and Settings\DISCOBABEL\Application Data\InstallShield 2008-10-13 18:57 . 2008-10-13 18:57 <REP> d-------- C:\Program Files\Real Alternative 2008-09-26 08:55 . 2008-09-26 08:55 <REP> d-------- C:\Program Files\pdfsam . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-20 17:13 --------- d-----w C:\Program Files\Mozilla Firefox_3 2008-10-20 04:27 --------- d-----w C:\Documents and Settings\DISCOBABEL\Application Data\VMNTOOLBAR 2008-10-20 00:19 1,308,216 ----a-w C:\Program Files\HiJackThis_v2.exe 2008-10-18 14:39 --------- d-----w C:\Program Files\eMule 2008-10-18 13:44 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-10-17 09:26 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\SolidDocuments 2008-10-15 20:11 --------- d-----w C:\Documents and Settings\DISCOBABEL\Application Data\OpenOffice.org2 2008-10-15 14:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-10-15 13:18 --------- d-----w C:\Documents and Settings\DISCOBABEL\Application Data\SolidDocuments 2008-10-15 10:09 --------- d-----w C:\Program Files\Apple Software Update 2008-10-15 09:59 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-15 09:59 --------- d-----w C:\Program Files\EPSON 2008-10-15 08:20 --------- d-----w C:\Program Files\EasyBox 2008-10-10 06:58 82,944 ----a-w C:\WINDOWS\system32\o4Patch.exe 2008-10-10 06:58 82,944 ----a-w C:\WINDOWS\system32\IEDFix.C.exe 2008-10-03 17:12 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2008-10-01 13:51 87,552 ----a-w C:\WINDOWS\system32\VACFix.exe 2008-10-01 10:43 --------- d-----w C:\Documents and Settings\DISCOBABEL\Application Data\FileZilla 2008-09-26 06:50 --------- d-----w C:\Program Files\GUIPDFTK 2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-13 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Soulseek 2008-09-13 17:31 --------- d-----w C:\Program Files\Soulseek-Test 2008-09-11 18:11 --------- d-----w C:\Program Files\Ziepod 2008-09-10 11:45 --------- d-----w C:\Program Files\WinUAE_1.5.1_FR_Windows 2008-09-08 21:38 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe 2008-09-08 21:11 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-09-07 09:58 --------- d-----w C:\Program Files\Microsoft Works 2008-09-07 09:55 --------- d-----w C:\Program Files\Microsoft.NET 2008-08-27 09:11 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-08-25 08:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-08-23 05:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-08-23 05:54 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-08-20 12:50 --------- d-----w C:\Documents and Settings\DISCOBABEL\Application Data\Mick@ël 2008-08-20 12:47 --------- d-----w C:\Program Files\QuickUpload 2008-08-18 10:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe 2008-08-14 13:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 13:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-08-11 10:46 79,080 ----a-w C:\Documents and Settings\DISCOBABEL\Application Data\GDIPFONTCACHEV1.DAT 2008-04-04 13:06 13,682,792 ----a-w C:\Program Files\win_easybox_4.0.exe 2007-12-08 10:46 6,113,439 ----a-w C:\Program Files\pc-inspector_pc_inspector_4.0_francais_11048.exe 2007-08-21 10:22 712,360 ----a-w C:\Program Files\Room_Arranger_3.26.exe 2007-07-26 08:49 55,068,209 ----a-w C:\Program Files\Bcdi3 Le Logiciel(Capes Documentation Cdi Bcdi Motbis Module Formation Iufm).rar 2007-03-20 09:47 1,010,688 ----a-w C:\Program Files\SnapKey_v2.0.2.1.exe 2007-02-28 12:21 126 ----a-w C:\Documents and Settings\DISCOBABEL\Application Data\wklnhst.dat 2005-07-01 12:49 352,320 ----a-w C:\Program Files\Memento.exe 2008-05-10 11:58 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 2008-05-10 11:58 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat 2008-05-10 11:58 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008051020080511\index.dat 2008-05-10 11:58 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-22 839688] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 35328] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "CheckMedi8or"="C:\Program Files\Mediator6\CheckNewUser.exe" [2000-10-25 36864] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\EasyBox\\vlc\\vlc.exe"= "C:\\Program Files\\EasyBox\\apache\\apache.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "C:\\Program Files\\Real Alternative\\Media Player Classic\\mplayerc.exe"= "C:\\Program Files\\Mozilla Firefox_3\\firefox.exe"= "C:\\Program Files\\Soulseek-Test\\slsk.exe"= R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-03-22 200192] S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [ ] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a33c83e-b163-11db-8acb-0014a524962d}] \Shell\AutoRun\command - F:\LaunchU3.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-20 19:43:58 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????7?5?2?3??p???? ???B?????????????hLC? ?????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srosa] . Heure de fin: 2008-10-20 19:47:55 ComboFix-quarantined-files.txt 2008-10-20 17:47:52 ComboFix2.txt 2008-10-20 16:36:27 ComboFix3.txt 2008-10-19 11:22:31 ComboFix4.txt 2008-10-18 16:25:30 Avant-CF: 32,449,376,256 octets libres Après-CF: 32,440,451,072 octets libres 294 --- E O F --- 2008-10-15 14:30:33

Combofix le retour (je poste ce rapport après redémarrage PC cause perte connexion...): ComboFix 08-10-19.04 - DISCOBABEL 2008-10-20 18:28:00.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.157 [GMT 2:00] AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\DISCOBABEL\Application Data\m C:\Documents and Settings\DISCOBABEL\Application Data\m\data.oct C:\Documents and Settings\DISCOBABEL\Application Data\m\flec006.exe C:\Documents and Settings\DISCOBABEL\Application Data\m\list.oct C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\2_of_5_Interleaved_Barcode_Fonts_3.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\3GP Player 1.95.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\602LAN_SUITE_2004.0.07.0305_With_Crack.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\ABC_Amber_CHM_Converter_7.04_KeyGen.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\ACCESS Dictionary German French 1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Acronis_Disk_Director_Suite_10.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Active_Directory_Collector_1.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Active_Jellyfish_Screensaver_1.0_(Serial).zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Actual Drawing 7.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Add Copyright Notice Plugin.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\AdmWin 8 (Serial).zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Aigo Video to iPhone Converter 2.0.10.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\AKVIS_Noise_Buster_4.0_KeyGen.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Altova_SchemaAgent_2007.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Aqua_Slider_3D_1.4.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Arlington_Kiosk_Browser_9.2.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\AutoPrice for QuarXPress 2.90.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Avast.Pro.v4.7.871.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Babya_Jam_Pack_1-Studio_Tools_1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Battle_Realms_demo.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Belltech ScreenSmart 2.2.6.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\BestPlay Internet Radio Tuner 1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Britney_Spears_2_1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Business Card Manager 2.3.2.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\CallButler Professional for Skype 1.1.2.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Chevrolet SSR Screensaver 2.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Chicago Attractions 1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Classic Mustang Analyzer 6.1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Clean System Directory 1.7.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\ClockWatch Client 3.1.2.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\CodeLifter 5.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\ComCap_4.2_beta_Crack.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Command_&_Conquer_Yuri's_Revenge_Skirmish_Pack_Final.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Computer Flashcards of the anatomy of the human heart 1.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Crack.e.Instrucciones.para.Panda.Titanium.Antivirus.2004.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Daniusoft_Video_Converter_1.1.10.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Data_Destroyer_1.5.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\DBxq_3.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\DC_Dynamic_Report_1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\DecryptSQL_2.9.2.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Default_Folder_3.1.5.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\DigiGenius_Video_to_Zune_Converter_3.6.7.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\DisplaySwitch_Platinum_1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\DNS_Flusher_1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\DrugDoses_for_Palm_2.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\DXF_Export_for_SolidWorks_1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\E-Mage_Server_0.6_beta_[Patch].zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\e-Scoreboard 1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Ease123 Video Watermarker 1.0.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Easy-Copy_1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Easy-FTP_1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Easy_Cash_Manager_2.4.2.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Easy_Search_1.5_Key+Serial.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\eBay_3.5.1k.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\eCatalog 5.0 Serial.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\eTrack_2.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\EventSentry_Light_2.6.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Firefly Data Transfer Tool 2.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Fk_Desktop_2.5_[KeyGen].zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Flash Video MX 4.3.1.101.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\FotoKiss 3.4.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Free_Xmas_Screensaver_1.0_[KeyGen].zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\freeCommander_2005.09a.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Fresh_HTML_1.00.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\GetByMail_2.0.1.18.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Goal_Aware_2007_1.0_Key.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\HAL 7.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Header scroll extension 0.3.3.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Home Video Converter 4.2.9.0 Cracked.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Html Code Convert 3.3.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\HTML Password Lock 4.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\iURL_1.7.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\J2SPrint 1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\JCreator LE 4.00.028.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\JOC Press Release 2.12 build 1.00 [Crack].zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Just Butterflies Screensaver 1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Kazi_Sound_Recorder_3.10.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Knowbody_Cool_Tracking_4.0.1_Serial.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\LanChat2 TBX 1.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\LargeEdit 2.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\LingvoSoft Learning PhraseBook 2007 German - Russian 2.2.76.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Magnifier_1.14.042.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Mail_Access_Monitor_for_CommuniGate_Pro_3.2.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\MailStore Home 2.5.0.3202.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\MAMMALS 1.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\MB_Free_I_Ching_Software_1.75.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Memory Module 0.0.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\MenuBox_4.0.1.0_[With_Crack].zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Moyea DVD to Zune Converter 1.6.1.2.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\MSN_Search.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Open_Long_Url_0.2.3.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Outlook Recovery 2007 build 702.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\PacketMon 1.00.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\PDF DocuReader 4.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\PDF_Junction_1.10b_KeyGen.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Ping-Probe_1.1.3.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Portable Executor 0.96.6 Beta.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Raffle_Ticket_2.2.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Recolored_1.0.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Report4ME 4.54.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\ResizeXtra 1.4.9.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Retail_Performer_8.1_Patch.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\RuneSword II Rats map.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Safe Chat Standard Edition with Parental Controls 1.8.7 [serial].zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Secure Dial 1.0 (Patch).zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\SendLater_2.04.0636_(Key).zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Sensible Sudoku (Symbian UIQ) 1.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Shareaza Turbo Booster 2.3.8.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Silicon Slate Software 1.302.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\SimpleCast 2.5.1.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Snapper 3.0.21.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Sothink_iPod_Video_Converter_3.1_build_70315.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Sports News.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\SQL_Balance_for_SQLBase_1.2.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\StarBook_2.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\SyncUs 1.11.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Terraformers_v1.02_patch.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Text_Monkey_PRO_1.0.1_Patch.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\The Sleuthhound PDF 4.5.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\the_MacBar_1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\TouchCursor_1.2.2.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Ultra Cleaner 1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Visual Importer Enterprise 7.4.5.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Visual_Job_Manager_1.0.0.1_(Crack).zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Voice2Mail 1.01.0102.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Web_Builder_Deluxe_2.8.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\Whatis_1.0.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\WPClipart 5.3.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\shared\X2Net Smart Address Build 5.6.0.625.zip C:\Documents and Settings\DISCOBABEL\Application Data\m\srvlist.oct C:\WINDOWS\system32\ban_list.txt C:\WINDOWS\system32\drivers\downld C:\WINDOWS\system32\drivers\downld\14695984.exe C:\WINDOWS\system32\drivers\downld\14718125.exe C:\WINDOWS\system32\drivers\downld\14720328.exe C:\WINDOWS\system32\drivers\downld\14761171.exe C:\WINDOWS\system32\drivers\downld\14768468.exe C:\WINDOWS\system32\drivers\downld\15107984.exe C:\WINDOWS\system32\drivers\downld\15114468.exe C:\WINDOWS\system32\drivers\downld\15122328.exe C:\WINDOWS\system32\drivers\downld\15127484.exe C:\WINDOWS\system32\drivers\downld\15196984.exe C:\WINDOWS\system32\drivers\downld\15213359.exe C:\WINDOWS\system32\drivers\downld\157375.exe C:\WINDOWS\system32\drivers\downld\157656.exe C:\WINDOWS\system32\drivers\downld\159968.exe C:\WINDOWS\system32\drivers\downld\164828.exe C:\WINDOWS\system32\drivers\downld\165625.exe C:\WINDOWS\system32\drivers\downld\166984.exe C:\WINDOWS\system32\drivers\downld\167125.exe C:\WINDOWS\system32\drivers\downld\173640.exe C:\WINDOWS\system32\drivers\downld\174125.exe C:\WINDOWS\system32\drivers\downld\175531.exe C:\WINDOWS\system32\drivers\downld\176109.exe C:\WINDOWS\system32\drivers\downld\178765.exe C:\WINDOWS\system32\drivers\downld\180265.exe C:\WINDOWS\system32\drivers\downld\180328.exe C:\WINDOWS\system32\drivers\downld\181062.exe C:\WINDOWS\system32\drivers\downld\181562.exe C:\WINDOWS\system32\drivers\downld\184312.exe C:\WINDOWS\system32\drivers\downld\186687.exe C:\WINDOWS\system32\drivers\downld\193953.exe C:\WINDOWS\system32\drivers\downld\194359.exe C:\WINDOWS\system32\drivers\downld\198312.exe C:\WINDOWS\system32\drivers\downld\199406.exe C:\WINDOWS\system32\drivers\downld\199562.exe C:\WINDOWS\system32\drivers\downld\202078.exe C:\WINDOWS\system32\drivers\downld\202343.exe C:\WINDOWS\system32\drivers\downld\203953.exe C:\WINDOWS\system32\drivers\downld\204375.exe C:\WINDOWS\system32\drivers\downld\204546.exe C:\WINDOWS\system32\drivers\downld\205781.exe C:\WINDOWS\system32\drivers\downld\206578.exe C:\WINDOWS\system32\drivers\downld\206906.exe C:\WINDOWS\system32\drivers\downld\208609.exe C:\WINDOWS\system32\drivers\downld\208921.exe C:\WINDOWS\system32\drivers\downld\209796.exe C:\WINDOWS\system32\drivers\downld\212203.exe C:\WINDOWS\system32\drivers\downld\213921.exe C:\WINDOWS\system32\drivers\downld\214062.exe C:\WINDOWS\system32\drivers\downld\214906.exe C:\WINDOWS\system32\drivers\downld\215078.exe C:\WINDOWS\system32\drivers\downld\215593.exe C:\WINDOWS\system32\drivers\downld\217656.exe C:\WINDOWS\system32\drivers\downld\217781.exe C:\WINDOWS\system32\drivers\downld\217828.exe C:\WINDOWS\system32\drivers\downld\219703.exe C:\WINDOWS\system32\drivers\downld\220765.exe C:\WINDOWS\system32\drivers\downld\222796.exe C:\WINDOWS\system32\drivers\downld\224390.exe C:\WINDOWS\system32\drivers\downld\225687.exe C:\WINDOWS\system32\drivers\downld\228625.exe C:\WINDOWS\system32\drivers\downld\231500.exe C:\WINDOWS\system32\drivers\downld\234765.exe C:\WINDOWS\system32\drivers\downld\235156.exe C:\WINDOWS\system32\drivers\downld\240609.exe C:\WINDOWS\system32\drivers\downld\242343.exe C:\WINDOWS\system32\drivers\downld\247671.exe C:\WINDOWS\system32\drivers\downld\256062.exe C:\WINDOWS\system32\drivers\downld\257468.exe C:\WINDOWS\system32\drivers\downld\262312.exe C:\WINDOWS\system32\drivers\downld\263265.exe C:\WINDOWS\system32\drivers\downld\266500.exe C:\WINDOWS\system32\drivers\downld\267296.exe C:\WINDOWS\system32\drivers\downld\268671.exe C:\WINDOWS\system32\drivers\downld\269687.exe C:\WINDOWS\system32\drivers\downld\272015.exe C:\WINDOWS\system32\drivers\downld\276546.exe C:\WINDOWS\system32\drivers\downld\278203.exe C:\WINDOWS\system32\drivers\downld\278656.exe C:\WINDOWS\system32\drivers\downld\280250.exe C:\WINDOWS\system32\drivers\downld\281125.exe C:\WINDOWS\system32\drivers\downld\283140.exe C:\WINDOWS\system32\drivers\downld\284625.exe C:\WINDOWS\system32\drivers\downld\286843.exe C:\WINDOWS\system32\drivers\downld\288750.exe C:\WINDOWS\system32\drivers\downld\290718.exe C:\WINDOWS\system32\drivers\downld\293953.exe C:\WINDOWS\system32\drivers\downld\29637531.exe C:\WINDOWS\system32\drivers\downld\29639156.exe C:\WINDOWS\system32\drivers\downld\29650265.exe C:\WINDOWS\system32\drivers\downld\29652359.exe C:\WINDOWS\system32\drivers\downld\29663250.exe C:\WINDOWS\system32\drivers\downld\29681187.exe C:\WINDOWS\system32\drivers\downld\29686265.exe C:\WINDOWS\system32\drivers\downld\29691078.exe C:\WINDOWS\system32\drivers\downld\29752859.exe C:\WINDOWS\system32\drivers\downld\29761671.exe C:\WINDOWS\system32\drivers\downld\298625.exe C:\WINDOWS\system32\drivers\downld\310625.exe C:\WINDOWS\system32\drivers\downld\310875.exe C:\WINDOWS\system32\drivers\downld\320015.exe C:\WINDOWS\system32\drivers\downld\323953.exe C:\WINDOWS\system32\drivers\downld\329765.exe C:\WINDOWS\system32\drivers\downld\331953.exe C:\WINDOWS\system32\drivers\downld\334921.exe C:\WINDOWS\system32\drivers\downld\336859.exe C:\WINDOWS\system32\mdelk.exe C:\WINDOWS\system32\wintems.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-20 au 2008-10-20 )))))))))))))))))))))))))))))))))))) . 2008-10-20 17:53 . 2008-10-20 17:53 <REP> d-------- C:\rsit 2008-10-19 22:17 . 2008-10-19 22:17 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-10-19 20:04 . 2008-10-20 18:08 <REP> d-------- C:\karcher_bis 2008-10-19 19:44 . 2008-10-19 19:44 1,774 --a------ C:\WINDOWS\system32\tmp.reg 2008-10-19 19:08 . 2006-05-22 05:08 839,688 --------- C:\WINDOWS\system32\drivers\winfilse.exe 2008-10-19 12:39 . 2008-10-20 17:58 <REP> d-------- C:\karcher 2008-10-19 10:51 . 2008-10-19 10:51 <REP> d-------- C:\Program Files\CCleaner2.12 2008-10-15 10:31 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys 2008-10-15 10:29 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-15 10:29 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-15 10:29 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-15 10:29 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-10-15 10:29 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys 2008-10-14 11:01 . 2008-10-14 11:01 <REP> d-------- C:\Documents and Settings\DISCOBABEL\Application Data\IndexEducation 2008-10-14 10:59 . 2008-10-14 10:59 <REP> d-------- C:\Documents and Settings\DISCOBABEL\Application Data\InstallShield 2008-10-13 18:57 . 2008-10-13 18:57 <REP> d-------- C:\Program Files\Real Alternative 2008-09-26 08:55 . 2008-09-26 08:55 <REP> d-------- C:\Program Files\pdfsam . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-20 16:12 --------- d-----w C:\Program Files\Mozilla Firefox_3 2008-10-20 04:27 --------- d-----w C:\Documents and Settings\DISCOBABEL\Application Data\VMNTOOLBAR 2008-10-20 00:19 1,308,216 ----a-w C:\Program Files\HiJackThis_v2.exe 2008-10-18 14:39 --------- d-----w C:\Program Files\eMule 2008-10-18 13:44 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-10-17 09:26 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\SolidDocuments 2008-10-15 20:11 --------- d-----w C:\Documents and Settings\DISCOBABEL\Application Data\OpenOffice.org2 2008-10-15 14:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-10-15 13:18 --------- d-----w C:\Documents and Settings\DISCOBABEL\Application Data\SolidDocuments 2008-10-15 10:09 --------- d-----w C:\Program Files\Apple Software Update 2008-10-15 09:59 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-15 09:59 --------- d-----w C:\Program Files\EPSON 2008-10-15 08:20 --------- d-----w C:\Program Files\EasyBox 2008-10-10 06:58 82,944 ----a-w C:\WINDOWS\system32\o4Patch.exe 2008-10-10 06:58 82,944 ----a-w C:\WINDOWS\system32\IEDFix.C.exe 2008-10-03 17:12 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2008-10-01 13:51 87,552 ----a-w C:\WINDOWS\system32\VACFix.exe 2008-10-01 10:43 --------- d-----w C:\Documents and Settings\DISCOBABEL\Application Data\FileZilla 2008-09-26 06:50 --------- d-----w C:\Program Files\GUIPDFTK 2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-13 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Soulseek 2008-09-13 17:31 --------- d-----w C:\Program Files\Soulseek-Test 2008-09-11 18:11 --------- d-----w C:\Program Files\Ziepod 2008-09-10 11:45 --------- d-----w C:\Program Files\WinUAE_1.5.1_FR_Windows 2008-09-08 21:38 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe 2008-09-08 21:11 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-09-07 09:58 --------- d-----w C:\Program Files\Microsoft Works 2008-09-07 09:55 --------- d-----w C:\Program Files\Microsoft.NET 2008-08-27 09:11 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-08-25 08:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-08-23 05:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-08-23 05:54 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-08-20 12:50 --------- d-----w C:\Documents and Settings\DISCOBABEL\Application Data\Mick@ël 2008-08-20 12:47 --------- d-----w C:\Program Files\QuickUpload 2008-08-18 10:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe 2008-08-14 13:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 13:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-08-11 10:46 79,080 ----a-w C:\Documents and Settings\DISCOBABEL\Application Data\GDIPFONTCACHEV1.DAT 2008-04-04 13:06 13,682,792 ----a-w C:\Program Files\win_easybox_4.0.exe 2007-12-08 10:46 6,113,439 ----a-w C:\Program Files\pc-inspector_pc_inspector_4.0_francais_11048.exe 2007-08-21 10:22 712,360 ----a-w C:\Program Files\Room_Arranger_3.26.exe 2007-07-26 08:49 55,068,209 ----a-w C:\Program Files\Bcdi3 Le Logiciel(Capes Documentation Cdi Bcdi Motbis Module Formation Iufm).rar 2007-03-20 09:47 1,010,688 ----a-w C:\Program Files\SnapKey_v2.0.2.1.exe 2007-02-28 12:21 126 ----a-w C:\Documents and Settings\DISCOBABEL\Application Data\wklnhst.dat 2005-07-01 12:49 352,320 ----a-w C:\Program Files\Memento.exe 2008-05-10 11:58 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 2008-05-10 11:58 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat 2008-05-10 11:58 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008051020080511\index.dat 2008-05-10 11:58 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-10-18_18.20.57.95 ))))))))))))))))))))))))))))))))))))))))) . - 2004-11-30 22:46:51 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB873333\update\update.exe + 2008-10-20 02:32:25 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB873333\update\update.exe - 2004-10-14 18:22:11 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB873339\update\update.exe + 2008-10-20 02:32:26 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB873339\update\update.exe - 2004-11-30 22:29:59 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB885250\update\update.exe + 2008-10-20 02:32:27 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB885250\update\update.exe - 2004-10-14 18:35:11 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB885835\update\update.exe + 2008-10-20 02:32:29 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB885835\update\update.exe - 2004-10-14 18:35:00 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB885836\update\update.exe + 2008-10-20 02:32:30 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB885836\update\update.exe - 2004-10-14 18:35:11 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB886185\update\update.exe + 2008-10-20 02:32:31 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB886185\update\update.exe - 2004-10-14 18:35:11 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB887472\update\update.exe + 2008-10-20 02:32:33 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB887472\update\update.exe - 2004-10-14 08:35:12 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB887742\update\update.exe + 2008-10-20 02:32:34 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB887742\update\update.exe - 2004-10-14 18:35:00 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB888113\update\update.exe + 2008-10-20 02:32:35 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB888113\update\update.exe - 2004-10-14 18:35:00 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB888302\update\update.exe + 2008-10-20 02:32:37 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB888302\update\update.exe - 2005-02-24 18:35:26 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB890046\update\update.exe + 2008-10-20 02:32:38 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB890046\update\update.exe - 2004-11-30 22:46:51 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB890047\update\update.exe + 2008-10-20 02:32:43 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB890047\update\update.exe - 2004-10-14 18:22:11 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB890175\update\update.exe + 2008-10-20 02:32:44 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB890175\update\update.exe - 2005-02-24 17:35:26 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\update.exe + 2008-10-20 02:32:51 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\update.exe - 2004-10-14 18:22:11 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB891781\update\update.exe + 2008-10-20 02:32:52 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB891781\update\update.exe - 2005-02-24 18:35:26 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\update.exe + 2008-10-20 02:32:54 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\update.exe - 2005-02-24 18:35:26 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\update.exe + 2008-10-20 02:32:57 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\update.exe - 2005-02-24 18:35:26 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\update.exe + 2008-10-20 02:32:59 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\update.exe - 2005-02-24 18:35:26 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB896422\update\update.exe + 2008-10-20 02:33:01 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB896422\update\update.exe - 2005-02-24 18:35:26 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\update.exe + 2008-10-20 02:33:03 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\update.exe - 2005-02-24 18:35:26 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB896424\update\update.exe + 2008-10-20 02:33:05 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB896424\update\update.exe - 2005-02-24 18:35:26 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB896428\update\update.exe + 2008-10-20 02:33:07 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB896428\update\update.exe - 2005-02-25 03:35:24 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB898461\update\update.exe + 2008-10-20 02:33:09 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB898461\update\update.exe - 2005-02-24 18:35:26 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\update.exe + 2008-10-20 02:33:11 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\update.exe - 2005-02-24 18:35:26 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\update.exe + 2008-10-20 02:33:13 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB900485\update\update.exe + 2008-10-20 02:33:15 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB900485\update\update.exe - 2005-02-24 18:35:26 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\update.exe + 2008-10-20 02:33:21 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\update.exe - 2005-02-24 18:35:26 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\update.exe + 2008-10-20 02:33:23 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\update.exe - 2005-02-24 18:35:26 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB901214\update\update.exe + 2008-10-20 02:33:25 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB901214\update\update.exe - 2005-02-24 18:35:26 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\update.exe + 2008-10-20 02:33:30 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB904706\update\update.exe + 2008-10-20 02:33:32 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB904706\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB904942\update\update.exe + 2008-10-20 02:33:34 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB904942\update\update.exe - 2005-02-25 03:35:24 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB905414\update\update.exe + 2008-10-20 02:33:36 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB905414\update\update.exe - 2005-02-24 18:35:26 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\update.exe + 2008-10-20 02:33:38 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB908519\update\update.exe + 2008-10-20 02:33:40 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB908519\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB908531\update\update.exe + 2008-10-20 02:33:46 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB908531\update\update.exe - 2005-10-12 23:15:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB910437\update\update.exe + 2008-10-20 02:33:48 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB910437\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\update.exe + 2008-10-20 02:33:50 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB911562\update\update.exe + 2008-10-20 02:33:52 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB911562\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB911567\update\update.exe + 2008-10-20 02:33:55 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB911567\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\update.exe + 2008-10-20 02:33:57 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\update.exe - 2005-10-12 23:18:46 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB912812\update\update.exe + 2008-10-20 02:34:02 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB912812\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB912919\update\update.exe + 2008-10-20 02:34:05 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB912919\update\update.exe - 2005-10-12 23:15:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB913446\update\update.exe + 2008-10-20 02:34:07 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB913446\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB913580\update\update.exe + 2008-10-20 02:34:09 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB913580\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB914388\update\update.exe + 2008-10-20 02:34:12 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB914388\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB914389\update\update.exe + 2008-10-20 02:34:14 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB914389\update\update.exe - 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB915865\update\update.exe + 2008-10-20 02:34:16 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB915865\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB916281\update\update.exe + 2008-10-20 02:34:22 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB916281\update\update.exe - 2005-10-12 23:18:46 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB916595\update\update.exe + 2008-10-20 02:34:24 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB916595\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB917159\update\update.exe + 2008-10-20 02:34:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB917159\update\update.exe - 2005-10-12 23:18:46 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB917344\update\update.exe + 2008-10-20 02:34:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB917344\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB917422\update\update.exe + 2008-10-20 02:34:33 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB917422\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB917953\update\update.exe + 2008-10-20 02:34:35 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB917953\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB918118\update\update.exe + 2008-10-20 02:34:37 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB918118\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB918439\update\update.exe + 2008-10-20 02:34:39 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB918439\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB918899\update\update.exe + 2008-10-20 02:34:45 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB918899\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB919007\update\update.exe + 2008-10-20 02:34:47 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB919007\update\update.exe - 2005-10-12 23:18:46 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB920213\update\update.exe + 2008-10-20 02:34:49 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB920213\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB920214\update\update.exe + 2008-10-20 02:34:51 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB920214\update\update.exe - 2005-10-12 23:18:46 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB920670\update\update.exe + 2008-10-20 02:34:53 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB920670\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB920683\update\update.exe + 2008-10-20 02:34:55 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB920683\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB920685\update\update.exe + 2008-10-20 02:34:58 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB920685\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB920872\update\update.exe + 2008-10-20 02:35:00 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB920872\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB921398\update\update.exe + 2008-10-20 02:35:06 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB921398\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB921503\update\update.exe + 2008-10-20 02:35:08 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB921503\update\update.exe - 2005-10-12 23:18:46 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB921883\update\update.exe + 2008-10-20 02:35:10 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB921883\update\update.exe - 2005-10-12 23:15:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB922582\update\update.exe + 2008-10-20 02:35:13 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB922582\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB922616\update\update.exe + 2008-10-20 02:35:15 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB922616\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB922760\update\update.exe + 2008-10-20 02:35:21 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB922760\update\update.exe - 2005-10-12 23:18:46 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB922819\update\update.exe + 2008-10-20 02:35:23 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB922819\update\update.exe - 2005-10-12 23:18:46 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB923414\update\update.exe + 2008-10-20 02:35:25 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB923414\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB923694\update\update.exe + 2008-10-20 02:35:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB923694\update\update.exe - 2005-10-12 23:18:46 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\update.exe + 2008-10-20 02:35:31 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB924191\update\update.exe + 2008-10-20 02:35:33 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB924191\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB924270\update\update.exe + 2008-10-20 02:35:35 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB924270\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB924496\update\update.exe + 2008-10-20 02:35:37 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB924496\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB925454\update\update.exe + 2008-10-20 02:35:43 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB925454\update\update.exe - 2005-10-12 23:18:46 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB925486\update\update.exe + 2008-10-20 02:35:45 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB925486\update\update.exe - 2005-10-12 23:18:46 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB925720\update\update.exe + 2008-10-20 02:35:48 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB925720\update\update.exe - 2006-01-19 19:29:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB925902\update\update.exe + 2008-10-20 02:35:51 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB925902\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB926255\update\update.exe + 2008-10-20 02:35:53 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB926255\update\update.exe - 2005-10-12 23:18:46 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB926436\update\update.exe + 2008-10-20 02:35:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB926436\update\update.exe - 2006-01-19 19:29:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB927779\update\update.exe + 2008-10-20 02:35:58 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB927779\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB927802\update\update.exe + 2008-10-20 02:36:00 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB927802\update\update.exe - 2006-12-14 08:53:58 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB927891\update\update.exe + 2008-10-20 02:36:03 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB927891\update\update.exe - 2006-01-19 19:29:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB928255\update\update.exe + 2008-10-20 02:36:09 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB928255\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB928843\update\update.exe + 2008-10-20 02:36:11 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB928843\update\update.exe - 2006-01-19 19:29:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\update.exe + 2008-10-20 02:36:14 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB929338\update\update.exe + 2008-10-20 02:36:19 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB929338\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB930178\update\update.exe + 2008-10-20 02:36:21 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB930178\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB930916\update\update.exe + 2008-10-20 02:36:23 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB930916\update\update.exe - 2006-01-19 19:29:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB931261\update\update.exe + 2008-10-20 02:36:25 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB931261\update\update.exe - 2006-01-19 19:29:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB931768-IE7\update\update.exe + 2008-10-20 02:36:35 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB931768-IE7\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB931784\update\update.exe + 2008-10-20 02:36:40 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB931784\update\update.exe - 2006-01-19 19:29:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB931836\update\update.exe + 2008-10-20 02:36:42 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB931836\update\update.exe - 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB933360\update\update.exe + 2008-10-20 02:36:44 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB933360\update\update.exe - 2006-01-19 19:29:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB933566-IE7\update\update.exe + 2008-10-20 02:36:54 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB933566-IE7\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\update.exe + 2008-10-20 02:36:58 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\update.exe - 2006-01-19 19:29:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\update.exe + 2008-10-20 02:37:00 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\update.exe + 2008-10-20 02:37:02 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\update.exe - 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB937143-IE7\update\update.exe + 2008-10-20 02:37:12 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB937143-IE7\update\update.exe - 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe + 2008-10-20 02:37:14 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\update.exe + 2008-10-20 02:37:16 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\update.exe - 2006-01-19 19:29:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB938829\update\update.exe + 2008-10-20 02:37:20 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB938829\update\update.exe - 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe + 2008-10-20 02:37:30 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe - 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe + 2008-10-20 02:37:32 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe - 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe + 2008-10-20 02:37:34 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe - 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe + 2008-10-20 02:37:36 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe - 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe + 2008-10-20 02:37:38 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe - 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe + 2008-10-20 02:37:48 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe - 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe + 2008-10-20 02:37:50 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe - 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe + 2008-10-20 02:37:53 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe - 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe + 2008-10-20 02:37:55 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe - 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe + 2008-10-20 02:38:05 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe - 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe + 2008-10-20 02:38:07 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe - 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe + 2008-10-20 02:38:09 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe - 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe + 2008-10-20 02:38:12 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe - 2007-11-30 11:19:06 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\update.exe + 2008-10-20 02:38:13 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\update.exe - 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe + 2008-10-20 02:38:23 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe - 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe + 2008-10-20 02:38:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe - 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\update.exe + 2008-10-20 02:38:27 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\update.exe - 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe + 2008-10-20 02:38:37 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe - 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\update.exe + 2008-10-20 02:38:39 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\update.exe - 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\update.exe + 2008-10-20 02:38:41 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\update.exe - 2007-11-30 12:39:26 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe + 2008-10-20 02:38:42 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe - 2007-12-03 15:25:43 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\update.exe + 2008-10-20 02:38:44 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\update.exe - 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe + 2008-10-20 02:38:46 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe - 2007-11-30 11:19:06 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe + 2008-10-20 02:38:49 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe - 2007-11-30 11:19:06 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\update.exe + 2008-10-20 02:38:48 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\update.exe - 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe + 2008-10-20 02:38:51 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe - 2007-11-30 12:39:26 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe + 2008-10-20 02:38:53 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe - 2007-11-30 12:39:26 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\update.exe + 2008-10-20 02:38:56 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\update.exe - 2007-11-30 11:19:06 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\update.exe + 2008-10-20 02:38:58 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\update.exe - 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe + 2008-10-20 02:39:00 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe - 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe + 2008-10-20 02:39:10 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe - 2007-11-30 11:19:06 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\update.exe + 2008-10-20 02:39:12 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\update.exe - 2008-07-09 07:40:26 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB954211\update\update.exe - 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe - 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB956391\update\update.exe - 2007-11-30 11:19:06 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB956803\update\update.exe - 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB956841\update\update.exe - 2007-11-30 11:19:06 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB957095\update\update.exe - 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\SoftwareDistribution\Download\011cdeb527c0ded3735dde8070aaf659\update\update.exe - 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1f0ff9cd77277bbfa312e709c95b4b39\update\update.exe - 2008-07-09 07:40:26 767,352 ----a-w C:\WINDOWS\SoftwareDistribution\Download\3a1d8e64bc90f94be334f8504a133e13\update\update.exe - 2007-11-30 11:19:06 767,352 ----a-w C:\WINDOWS\SoftwareDistribution\Download\3f33a96dfd9bd3fe31871bf8d0cf4c8a\update\update.exe - 2005-10-12 23:15:26 727,776 ----a-w C:\WINDOWS\SoftwareDistribution\Download\550530d3b934e720deb3ca1851e75ba0\update\update.exe - 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\SoftwareDistribution\Download\57358f9e879e0fe843b63dd3c8074512\update\update.exe - 2005-10-12 23:18:46 727,776 ----a-w C:\WINDOWS\SoftwareDistribution\Download\9c6177049c725a878782a25a1b820fa3\update\update.exe - 2007-11-30 11:19:06 767,352 ----a-w C:\WINDOWS\SoftwareDistribution\Download\b1ef3ed8a687c06f0c1cdd838fe9a61a\update\update.exe - 2006-06-01 20:18:34 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\b43eb622e2ac40492d25973db3a96c87\update\update.exe - 2006-04-03 09:40:12 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\c268348752498f57ff1128ae6a23c4f1\update\update.exe - 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\SoftwareDistribution\Download\ce3fdd705c204e10a3af0769e281cace\update\update.exe + 2004-07-31 16:50:36 51,200 ----a-w C:\WINDOWS\system32\dumphive.exe + 2008-05-18 19:40:35 82,944 ----a-w C:\WINDOWS\system32\IEDFix.exe + 2005-05-16 17:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2008-08-13 13:03:26 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2008-08-13 13:03:26 798,720 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll + 2003-06-05 19:13:00 53,248 ----a-w C:\WINDOWS\system32\Process.exe + 2006-04-27 15:49:30 288,417 ----a-w C:\WINDOWS\system32\SrchSTS.exe + 2006-01-09 08:36:06 40,960 ----a-w C:\WINDOWS\system32\swsc.exe + 2007-09-05 22:22:23 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe + 2007-10-03 22:36:46 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe . -- Instantané actualisé -- . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-22 839688] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 35328] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "CheckMedi8or"="C:\Program Files\Mediator6\CheckNewUser.exe" [2000-10-25 36864] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\EasyBox\\vlc\\vlc.exe"= "C:\\Program Files\\EasyBox\\apache\\apache.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "C:\\Program Files\\Real Alternative\\Media Player Classic\\mplayerc.exe"= "C:\\Program Files\\Mozilla Firefox_3\\firefox.exe"= "C:\\Program Files\\Soulseek-Test\\slsk.exe"= R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-03-22 200192] S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [ ] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a33c83e-b163-11db-8acb-0014a524962d}] \Shell\AutoRun\command - F:\LaunchU3.exe . . ------- Examen supplémentaire ------- . FireFox -: Profile - C:\Documents and Settings\DISCOBABEL\Application Data\Mozilla\Firefox\Profiles\18lprl72.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://forum.zebulon.fr/gros-souci-infection-win32beagle-aaw-t153275.html&gopid=1298984#entry1298984 FF -: plugin - C:\Program Files\Mozilla Firefox_3\plugins\npnul32.dll FF -: plugin - C:\Program Files\Mozilla Firefox_3\plugins\NPOFF12.DLL FF -: plugin - C:\Program Files\Mozilla Firefox_3\plugins\nppl3260.dll FF -: plugin - C:\Program Files\Mozilla Firefox_3\plugins\npqtplugin.dll FF -: plugin - C:\Program Files\Mozilla Firefox_3\plugins\npqtplugin2.dll FF -: plugin - C:\Program Files\Mozilla Firefox_3\plugins\npqtplugin3.dll FF -: plugin - C:\Program Files\Mozilla Firefox_3\plugins\npqtplugin4.dll FF -: plugin - C:\Program Files\Mozilla Firefox_3\plugins\npqtplugin5.dll FF -: plugin - C:\Program Files\Mozilla Firefox_3\plugins\nprpjplug.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-20 18:32:28 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????7?5?2?3??p???? ???B?????????????hLC? ?????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srosa] . Heure de fin: 2008-10-20 18:36:25 ComboFix-quarantined-files.txt 2008-10-20 16:36:21 ComboFix2.txt 2008-10-19 11:22:31 ComboFix3.txt 2008-10-18 16:25:30 Avant-CF: 32,618,651,648 octets libres Après-CF: 32,619,798,528 octets libres 705 --- E O F --- 2008-10-15 14:30:33