Se connecter / S'enregistrer
Votre question

Infection Analyse fichier Hijack

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
14 Mars 2009 22:20:39

Bonjour.

Je suis infecté par plusieurs virus dont un entre autre qui m'empêche d'activer mon logiciel antivirus de Symantec.

J'ai roulé CCleaner avant de rouler HiJack This. Vous trouverez ci-dessous mon fichier. Pouvez-vous l'analyser et me faire part de vos recommandations pour le nettoyage des virus qui m'ont infecté.

Merci de votre aide.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:46, on 2009-03-13
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mnmsrvc.exe
C:\Program Files\Maxtor\Utils\SyncServices.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\rs32net.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\System32\rs32net.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SpamPal\spampal.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\arkema\Mes documents\Downloads\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: HP7932C7 HP0017A47932C7
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3732EDF4-F591-4ABF-A3D3-43D17D205544} - c:\windows\system32\omvlqnf.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {84483594-190C-48A1-8C9D-6AE24DC988D3} - C:\WINDOWS\system32\btpanu.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Stahiseriyovuzik] rundll32.exe "C:\WINDOWS\Ukamogiceyiqama.dll",e
O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKLM\..\Run: [Bqosuy] rundll32.exe "C:\WINDOWS\ovowagurinazob.dll",e
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://www.freeworldgroup.com/games6/chocolatier/build/...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab566...
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.freeworldgroup.com/games6/dinerdash3/ddfotg....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://incredigamesfr.oberon-media.com/online/online2/d...
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://www.freeworldgroup.com/games6/weddingdashweb/Wed...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_d...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: ogplwipo - C:\WINDOWS\SYSTEM32\omvlqnf.dll
O20 - Winlogon Notify: __c0053836 - C:\WINDOWS\
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

Autres pages sur : infection analyse fichier hijack

15 Mars 2009 09:22:45

Bonjour piermor

Je te propose de t'aider à te débarrasser de ces soucis.

Il y aura peut-être un certain délai entre mes réponses.
Je suis en formation et ces réponses doivent être validées avant d'être postées.

Merci pour ta patience.
15 Mars 2009 11:05:47

Re-Bonjour,

Ta machine est effectivement infectée.

Voici les manipulations que je te propose :


i - Lancement SDFix

Télécharge SDFix (d’Andy Manchesta)
* Enregistre le sur ton le bureau.
* Lance le.
* Fais install afin qu’il puisse s’extraire.

Fais redémarrer ton ordinateur en mode sans échec
- Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.
* Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
* Double clique sur RunThis.bat (L’extension bat peut ne pas apparaître)
* Appuie sur Y pour le lancer.
* Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
* Il est probable que le redémarrage soit un peu plus long que d’habitude.
* Une fois l’apparition de ton Bureau, il affichera Finished
* Appuie sur une touche.
* Un rapport est généré , poste le dans ta réponse.

Il se trouve également. dans le dossier SDFix >Report.txt<

Note : Si SDFix ne se lance pas (ça arrive!)
* Démarrer->Exécuter
* Copie/colle ceci:
%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

* Clique sur ok, et valide.
* Redémarre et essaye de nouveau de lancer SDFix.
Aide : Comment faire démarrer son ordinateur en mode sans échec.

ii - Fix avec MalwareByte's Anti-Malware

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
* Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
* Une fois l'installation et la mise à jour effectuées :
* Fais redémarrer ton ordinateur en mode sans échec
- Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.

* Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
* Afin de lancer la recherche, clic sur"Rechercher".
* Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

- Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
- Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
- Fais redémarrer ton ordinateur normalement et poste le rapport dans ta prochaine réponse.

REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
Note : Si tu ne parviens à télécharger MBAM à part de MajorGeeks, tu peux le télécharger ici!
[#FF0000]Aide
: * Comment utiliser MBAM.
* Comment faire démarrer son ordinateur en mode sans échec.


iii - Lancement de DDS pour analyse

Télécharge DDS de sUBs sur ton bureau.
- L'outil ne nécessite pas d'installation.
* Lance-le en cliquant sur l'icône dds.scr

* Cette fenêtre DOS va apparaitre


* Le scan ne doit pas dépasser trois minutes.
* Un premier rapport va s'ouvrir que tu enregistreras sous DDS.txt par défaut sur le bureau.
* Il te sera demandé si tu veux faire le scan optionnel.
- Accepte par Oui
* Un nouveau rapport s'ouvre que tu enregistres sous Attach.txt sur le bureau.
- Tu ne le fourniras que si nécessaire.
* Poste le rapport DDS.txt
Contenus similaires
15 Mars 2009 16:42:59

Bonjour Caliméro.

Voici le rapport de SDFix.

Je suis encore infecté. Je vais maintenant exécuter MalwareByte's Anti-Malware.


SDFix: Version 1.240
Run by arkema on 2009-03-14 at 09:19

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Rootkit Found :
C:\WINDOWS\system32\drivers\ATI7CBXX.sys - Rootkit Pandex/Cutwail - Protect.sys

Name :
ICF
tcpsr
ATI7CBXX

Path :
C:\WINDOWS\system32\svchost.exe:ext.exe
\??\C:\WINDOWS\System32\drivers\tcpsr.sys
System32\Drivers\ati7cbxx.sys

ICF - Deleted
tcpsr - Deleted
ATI7CBXX - Deleted



Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Service ATI7CBXX - Deleted after Reboot

Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\uzhwpktynwegkx.exe - Deleted
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\av2008xp.exe - Deleted
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080807215109037.log - Deleted
C:\WINDOWS\system32\rs32net.exe - Deleted
C:\WINDOWS\SYSTEM32\TDSSWEAT.dat - Deleted
C:\WINDOWS\SYSTEM32\TDSSQRWN.log - Deleted
C:\WINDOWS\system32\drivers\ATI7CBXX.sys - Deleted



Folder C:\Documents and Settings\All Users\Application Data\SoftLand Ltd - Removed
Folder C:\Program Files\AV9 - Removed


Removing Temp Files

ADS Check :


C:\WINDOWS\system32\svchost.exe
: ADS Found!
svchost.exe: deleted 32768 bytes in 1 streams.

Checking for remaining Streams

C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-14 10:12:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:47,31,1d,36,80,92,72,ce,4d,d0,68,94,bd,71,ce,55,81,cd,43,3c,16,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,c0,78,10,9e,f1,90,8e,96,b0,70,91,52,54,5f,40,a8,16,..
"khjeh"=hex:32,51,61,26,b8,9b,d1,15,b5,7a,fa,ce,cd,87,b4,30,e8,ad,e2,eb,74,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:18,0e,d3,0d,bf,c1,98,c7,c0,c4,53,c4,0c,e9,38,b6,c4,60,f0,be,c7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ec,f8,22,64,4b,49,af,9a,d8,4d,c1,0f,b0,19,90,2f,03,9e,6b,50,b0,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:f0,9d,7b,cb,3e,27,9d,3f,04,4a,dd,41,9b,2c,9b,88,b7,7f,03,57,40,..
"a0"=hex:20,01,00,00,29,33,eb,59,27,c8,ff,2d,81,de,6e,a0,97,93,db,10,1f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e2,27,f3,10,60,2d,2b,b7,18,e5,c7,a7,ca,61,17,24,60,97,df,1e,8e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:47,31,1d,36,80,92,72,ce,4d,d0,68,94,bd,71,ce,55,81,cd,43,3c,16,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,c0,78,10,9e,f1,90,8e,96,b0,70,91,52,54,5f,40,a8,16,..
"khjeh"=hex:32,51,61,26,b8,9b,d1,15,b5,7a,fa,ce,cd,87,b4,30,e8,ad,e2,eb,74,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:18,0e,d3,0d,bf,c1,98,c7,c0,c4,53,c4,0c,e9,38,b6,c4,60,f0,be,c7,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Electronic Arts\\Sports Car GT\\Spcar.exe"="C:\\Program Files\\Electronic Arts\\Sports Car GT\\Spcar.exe:*:Enabled:Sports Car GT"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\EA SPORTS\\NASCAR Thunder TM 2004\\NASCAR_Thunder_2004.exe"="C:\\Program Files\\EA SPORTS\\NASCAR Thunder TM 2004\\NASCAR_Thunder_2004.exe:*:D isabled:NASCAR Thunder TM 2004"
"C:\\Program Files\\NASCAR Racing 2005 Season\\NR2005.exe"="C:\\Program Files\\NASCAR Racing 2005 Season\\NR2005.exe:*:D isabled:NASCAR Racing 2005 Season"
"C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"="C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe:*:Enabled:winvnc4"
"C:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"="C:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe:*:Enabled:VNC Viewer Free Edition for Win32"
"C:\\Program Files\\IBM\\Lotus\\Notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.j2se.win32.x86_1.5.0.SR4-200707311521\\jre\\bin\\notes2w.exe"="C:\\Program Files\\IBM\\Lotus\\Notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.j2se.win32.x86_1.5.0.SR4-200707311521\\jre\\bin\\notes2w.exe:*:Enabled:Lotus Notes"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Microsoft Games\\Motocross Madness 2\\MCM2.ICD"="C:\\Program Files\\Microsoft Games\\Motocross Madness 2\\MCM2.ICD:*:Enabled:Microsoft® Motocross Madness 2"
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"="C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\\Nexon\\Combat Arms\\NMService.exe"="C:\\Nexon\\Combat Arms\\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:p nkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:p nkBstrB"
"C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"="C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"="C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"C:\\Program Files\\EA SPORTS\\NBA Live 2003\\nba2003.exe"="C:\\Program Files\\EA SPORTS\\NBA Live 2003\\nba2003.exe:*:Enabled:NBA Live 2003"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SH. --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 23 Oct 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 9 Dec 1999 1,112,576 A..H. --- "C:\Program Files\eGames\Mini Golf Special Edition\WCSUP.DLL"
Wed 12 Jan 2000 69,632 A..H. --- "C:\Program Files\eGames\Superball Challenge Special Edition\WCSUP.DLL"
Mon 8 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 27 Sep 2008 3,290,112 ...H. --- "C:\Documents and Settings\arkema\Mes documents\Xavier\secondaire\~WRL0386.tmp"
Thu 25 Sep 2008 357,376 ...H. --- "C:\Documents and Settings\arkema\Mes documents\Xavier\secondaire\~WRL0737.tmp"
Mon 2 Feb 2009 3,272,192 ...H. --- "C:\Documents and Settings\arkema\Mes documents\Xavier\secondaire\~WRL1571.tmp"
Tue 17 Feb 2009 4,536,320 ...H. --- "C:\Documents and Settings\arkema\Mes documents\Xavier\secondaire\~WRL1649.tmp"
Thu 25 Sep 2008 2,217,984 ...H. --- "C:\Documents and Settings\arkema\Mes documents\Xavier\secondaire\~WRL1959.tmp"
Tue 17 Feb 2009 3,601,408 ...H. --- "C:\Documents and Settings\arkema\Mes documents\Xavier\secondaire\~WRL2557.tmp"
Thu 25 Sep 2008 2,221,568 ...H. --- "C:\Documents and Settings\arkema\Mes documents\Xavier\secondaire\~WRL2702.tmp"
Tue 17 Feb 2009 3,602,944 ...H. --- "C:\Documents and Settings\arkema\Mes documents\Xavier\secondaire\~WRL2848.tmp"
Tue 17 Feb 2009 3,604,992 ...H. --- "C:\Documents and Settings\arkema\Mes documents\Xavier\secondaire\~WRL3115.tmp"
Tue 23 Sep 2008 189,440 ...H. --- "C:\Documents and Settings\arkema\Mes documents\Xavier\secondaire\~WRL3670.tmp"

Finished!
15 Mars 2009 19:09:25

Bonsoir,

J'ai constaté sur votre PC la présence d'un Trojan Backdoor susceptible de voler des informations confidentielles ( mots de passe, numéro de cartes bancaire etc. ).
Je vous conseille fortement de plus faire aucune transaction bancaire, ou toute chose de ce genre, tant que votre machine n'est pas désinfectée.
Une fois la désinfection finie, il faudra changer tous vos mots de passe.
C'est une mesure de précaution.
Si vous préférez formater le PC afin d'être sûr d'éradiquer ce keyloger ( on ne peut jamais être certain à 100% que la machine est désinfectée ), merci de me le faire savoir.
15 Mars 2009 20:27:54

Merci Caliméro.

COmme il s'agit du PC de mes enfants je n'ai pas de problème avec le keylogger.

Vous trouverez ci-joint le fichier d'analyse de MalwareByte's Anti-Malware.
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1851
Windows 5.1.2600 Service Pack 3

2009-03-14 13:08:23
mbam-log-2009-03-14 (13-08-23).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 268825
Temps écoulé: 1 hour(s), 21 minute(s), 0 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 17

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\omvlqnf.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3732edf4-f591-4abf-a3d3-43d17d205544} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ogplwipo (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3732edf4-f591-4abf-a3d3-43d17d205544} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84483594-190c-48a1-8c9d-6ae24dc988d3} (Trojan.Downloader) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{84483594-190c-48a1-8c9d-6ae24dc988d3} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84483594-190c-48a1-8c9d-6ae24dc988d3} (Trojan.Downloader) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rkbylatr (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\rkbylatr (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rkbylatr (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3732edf4-f591-4abf-a3d3-43d17d205544} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0053836 (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\stahiseriyovuzik (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bqosuy (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digeste.dll -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\WINDOWS\system32\omvlqnf.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ILJNOEWE\nyfa32[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WLAJS9AV\nyfa32[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\btpanu.dll (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\jsnyim32.dll (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpv901236700842.cpx (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wtgdqpb.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090202224951953.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\Ukamogiceyiqama.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\ovowagurinazob.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpv461235998315.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\digeste.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0071EFA.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00A8989.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSxekj.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSpcuu.sys (Rootkit.Agent) -> Quarantined and deleted successf
15 Mars 2009 20:32:39

Voici le rapport DDS.txt.

J'ai aussi le fichier Attach si requis.


DDS (Ver_09-02-01.01) - NTFSx86
Run by arkema at 15:25:16.56 on 2009-03-14
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.2047.1399 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SpamPal\spampal.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Documents and Settings\arkema\Bureau\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Aide pour le lien d'Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelper.dll
BHO: : {3732edf4-f591-4abf-a3d3-43d17d205544} - c:\windows\system32\omvlqnf.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {84483594-190c-48a1-8c9d-6ae24dc988d3} - c:\windows\system32\btpanu.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Copernic Desktop Search 2: {968631b6-4729-440d-9bf4-251f5593ec9a} - c:\program files\copernic desktop search 2\DesktopSearchBand2526.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Copernic Desktop Search 2: {968631b6-4729-440d-9bf4-251f5593ec9a} - c:\program files\copernic desktop search 2\DesktopSearchBand2526.dll
EB: Copernic Desktop Search 2: {9c3fca1f-99e3-48f2-a7f4-dd3931b2f99a} - c:\program files\copernic desktop search 2\DesktopSearchBand2526.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\fichiers communs\ahead\lib\NMBgMonitor.exe"
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MULTIMEDIA KEYBOARD] c:\program files\netropa\multimedia keyboard\MMKeybd.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [JMB36X Configure] c:\windows\system32\JMRaidTool.exe boot
mRun: [ccApp] -
mRun: [ISUSPM Startup] c:\progra~1\fichie~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\fichiers communs\installshield\updateservice\issch.exe" -start
mRun: [NeroFilterCheck] c:\program files\fichiers communs\ahead\lib\NeroCheck.exe
mRun: [MaxtorOneTouch] c:\program files\maxtor\managerapp\Onetouch.exe
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
StartupFolder: c:\documents and settings\arkema\menu démarrer\programmes\démarrage\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\arkema\menudm~1\progra~1\dmarra~1\spampal.lnk - c:\program files\spampal\spampal.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\autost~1.lnk - c:\program files\wintv\Ir.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://webscanner.kaspersky.fr/kavwebscan_unicode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://www.freeworldgroup.com/games6/chocolatier/build/Chocola...
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1009866926125
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://www.freeworldgroup.com/games6/dinerdash3/ddfotg.1.0.0.3...
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://incredigamesfr.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab
DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} - hxxp://www.freeworldgroup.com/games6/weddingdashweb/WeddingDas...
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: LBTWlgn - c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: ogplwipo - omvlqnf.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\arkema\applic~1\mozilla\firefox\profiles\7k6ivu6s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - HiddenExtension: XUL Cache: {A71570B3-FDE4-4003-9859-783C8B1567BC} - c:\documents and settings\arkema\local settings\application data\{A71570B3-FDE4-4003-9859-783C8B1567BC}

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R0 xydxeuuo;xydxeuuo;c:\windows\system32\drivers\xydxeuuo.sys [2006-3-2 23424]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2006-9-28 11000]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2008-3-2 3968]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2007-3-4 3968]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2007-1-8 6656]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2006-9-28 312880]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\fichiers communs\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-1-8 3712]
R2 nhksrv;Netropa NHK Server;c:\program files\netropa\multimedia keyboard\nhksrv.exe [2007-1-8 28672]
R2 rkbylatr;SetPoint PS/2 Mouse Filter Monitor;c:\windows\system32\svchost.exe -k netsvcs [2006-3-2 14336]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\fichiers communs\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-27 101936]
S0 ati1ksxx;ati1ksxx;c:\windows\system32\drivers\ati1ksxx.sys --> c:\windows\system32\drivers\ati1ksxx.sys [?]
S3 CEBDADTV;C&E DVB-T device;c:\windows\system32\drivers\cebda150.sys --> c:\windows\system32\drivers\CEBDA150.sys [?]
S3 iComp;Hauppauge WinTV PVR2 USB2 Encoder;c:\windows\system32\drivers\HCWUSB2.sys [2007-1-16 1458688]
S3 NAVENG;NAVENG;c:\progra~1\fichie~1\symant~1\virusd~1\20090314.003\naveng.sys [2009-3-13 89104]
S3 NAVEX15;NAVEX15;c:\progra~1\fichie~1\symant~1\virusd~1\20090314.003\navex15.sys [2009-3-13 876144]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]
S4 ccEvtMgr;Symantec Event Manager;- --> - [?]
S4 SAVRT;SAVRT;- --> - [?]

=============== Created Last 30 ================

2009-03-14 11:40 <DIR> --d----- c:\docume~1\arkema\applic~1\Malwarebytes
2009-03-14 11:40 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-14 11:40 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-14 11:40 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-14 11:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-14 09:18 579,584 ac------ c:\windows\system32\dllcache\user32.dll
2009-03-14 09:13 <DIR> --d----- c:\windows\ERUNT
2009-03-14 08:53 <DIR> --d----- C:\SDFix
2009-03-13 21:38 <DIR> --d----- c:\docume~1\arkema\applic~1\wfvhrssu
2009-03-12 21:30 96,256 a------- c:\windows\system32\btpanu.dll
2009-03-07 16:20 <DIR> --d----- c:\docume~1\arkema\applic~1\yoclient
2009-03-07 15:25 <DIR> --d----- c:\program files\Zylom Games
2009-03-07 15:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Zylom
2009-02-22 20:12 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-22 19:36 <DIR> --d----- c:\program files\Microsoft Visual Studio 8

==================== Find3M ====================

2009-03-14 13:15 477,402 a------- c:\windows\system32\perfh00C.dat
2009-03-14 13:15 78,120 a------- c:\windows\system32\perfc00C.dat
2009-03-14 09:02 14,336 a------- c:\windows\system32\svchost.exe
2009-02-14 17:50 138,464 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-02-14 17:50 111,928 a------- c:\windows\system32\PnkBstrB.exe
2009-02-09 10:05 1,846,912 a------- c:\windows\system32\win32k.sys
2009-01-05 20:54 22,328 a------- c:\docume~1\arkema\applic~1\PnkBstrK.sys
2009-01-05 20:54 682,280 a------- c:\windows\system32\pbsvc.exe
2009-01-05 20:54 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-12-20 18:47 826,368 a------- c:\windows\system32\wininet.dll
2008-10-06 13:01 24 a------- c:\documents and settings\arkema\jagex_runescape_preferences.dat
2007-08-15 18:29 47,360 a------- c:\docume~1\arkema\applic~1\pcouffin.sys
2007-01-07 12:01 32 a----r-- c:\documents and settings\all users\hash.dat
2006-06-23 02:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe

============= FINISH: 15:25:55.10 ===============
15 Mars 2009 20:45:33

Bonjour Caliméro.

J'ai terminé toutes les manoeuvres mais mon ordinateur est encore infecté car je ne suis pas capable d'activer mon logiciel Antivirus Symantec.

Tiens moi au courant des prochaines étapes.

Merci.
16 Mars 2009 12:02:29

:hello:  piermor,

Je vais prendre la suite.

[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.


    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer

    ;) 
    17 Mars 2009 01:40:46

    Bonjour à toi.

    Voici le rapport de Combofix

    ComboFix 09-03-15.01 - arkema 2009-03-15 20:16:44.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1364 [GMT -4:00]
    Lancé depuis: c:\documents and settings\arkema\Bureau\ComboFix.exe
    AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\cup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\customer_cup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\heart.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_down.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_up.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\plates.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\ticket.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\tray.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\music\mainmenumusic.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_bring_check_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_diner.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_food_ready_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_gain_heart_1.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pencil_write_2.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_rollover_1.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_seat_people_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\choosedifficulty.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\credits.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_lose.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_win.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help1.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help2.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\highscores.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro_mask.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover_mask.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\mainmenu.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup_mask.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradegrid.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradetitle.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upsell.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalk.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalkup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancel.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancelup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\close.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\closeup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continueover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplay.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplayover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfo.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfoup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off_on.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on_on.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pause.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pauseover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quit.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgame.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgameover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegame.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegameover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submit.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submitup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagain.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagainover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_up.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobal.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobalup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscore.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscoreon.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocal.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocalup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\comics\webcomic.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\career.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\customer.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\endless.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\global.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\powerups.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\stove.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\arrow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click2.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\grab.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\open.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\arial.mvec
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\komikaaxis.mvec
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt2top.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt4top.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_off.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on1.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on2.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdown.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdownon.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowleft.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowlefton.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowright.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowrighton.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowupon.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\p1icon.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\textedit.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\title.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_a.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_b.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_c.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_a.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_b.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_c.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_d.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_a.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_b.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_c.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_d.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fifth_level_diner.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\first_level_diner.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fourth_level_diner.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\second_level_diner.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\playfirst_logo.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\background.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\frames\upgrade_0001.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\upgrades.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\tableshadow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\choosedifficulty.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooseplayer.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooserestaurant.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\credits.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\game.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\gothighscore.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help2.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscore.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoreinfo.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoresubmit.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelintro.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelover.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\loading.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainloop.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainmenu.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\ok.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\pause.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\style.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\tutorialintro.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upgrade.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upsell.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\webcomic.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\yesno.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\aol_logo.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\gamelabsplash.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\playfirst_logo.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\strings.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\check.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\checkmark.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\clock.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closed.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closingtime.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\dollar.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\coffee.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\tables.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\wallpaper.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expert.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expertscore.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\fork_timer.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\goalcompleted.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level_career.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\score.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\sound.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staroff.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staron.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumber.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumberup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\traynumber.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorial_character.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialarrow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialbox.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\drinks.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\maitred.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\oven.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\select.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\shoes.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\stereo.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\table.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\dinerdash.exe
    c:\windows\system32\ban_list.txt
    c:\windows\system32\tmp.reg
    c:\windows\system32\omvlqnf.dll . . . . impossible à supprimer

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_RKBYLATR
    -------\Service_rkbylatr


    ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-16 au 2009-03-16 ))))))))))))))))))))))))))))))))))))
    .

    2009-03-15 13:38 . 2009-03-15 13:38 <REP> d-------- c:\documents and settings\arkema\Application Data\wfvhrssu
    2009-03-14 11:40 . 2009-03-14 11:40 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-03-14 11:40 . 2009-03-14 11:40 <REP> d-------- c:\documents and settings\arkema\Application Data\Malwarebytes
    2009-03-14 11:40 . 2009-03-14 11:40 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-03-14 11:40 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-03-14 11:40 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-03-14 11:36 . 2009-03-14 11:36 <REP> d-------- c:\documents and settings\NetworkService\Application Data\wfvhrssu
    2009-03-14 09:18 . 2009-03-14 09:18 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
    2009-03-14 09:13 . 2009-03-14 09:14 <REP> d-------- c:\windows\ERUNT
    2009-03-14 08:53 . 2009-03-14 10:16 <REP> d-------- C:\SDFix
    2009-03-12 21:30 . 2008-04-13 22:33 96,256 --a------ c:\windows\system32\btpanu.dll
    2009-03-07 16:20 . 2009-03-07 16:24 <REP> d-------- c:\documents and settings\arkema\Application Data\yoclient
    2009-03-07 15:25 . 2009-03-07 15:25 <REP> d-------- c:\program files\Zylom Games
    2009-03-07 15:25 . 2009-03-07 15:25 <REP> d-------- c:\documents and settings\All Users\Application Data\Zylom
    2009-02-22 20:12 . 2009-02-22 20:12 410,984 --a------ c:\windows\system32\deploytk.dll
    2009-02-22 19:42 . 2009-02-22 19:42 <REP> d-------- c:\program files\MSBuild
    2009-02-22 19:42 . 2009-02-22 19:42 <REP> d-------- c:\program files\Microsoft Works
    2009-02-22 19:41 . 2009-02-22 19:41 <REP> d-------- c:\program files\Microsoft.NET
    2009-02-22 19:36 . 2009-02-22 19:36 <REP> d-------- c:\program files\Microsoft Visual Studio 8
    2009-02-22 19:35 . 2009-03-10 03:00 <REP> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-02-22 19:30 . 2009-02-22 19:30 <REP> dr-h----- C:\MSOCache

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-13 22:00 --------- d-----w c:\program files\Norton Security Scan
    2009-03-13 21:19 --------- d-----w c:\program files\Navilog1
    2009-03-13 21:06 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-13 01:32 --------- d-----w c:\program files\Google
    2009-03-13 01:27 --------- d-----w c:\program files\Symantec AntiVirus
    2009-03-03 21:54 --------- d-----w c:\program files\Warcraft III
    2009-02-27 14:52 --------- d-----w c:\program files\Microsoft Games
    2009-02-23 00:12 --------- d-----w c:\program files\Java
    2009-02-14 21:50 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
    2009-01-06 00:54 22,328 ----a-w c:\documents and settings\arkema\Application Data\PnkBstrK.sys
    2008-10-06 17:01 24 ----a-w c:\documents and settings\arkema\jagex_runescape_preferences.dat
    2007-08-15 22:29 47,360 ----a-w c:\documents and settings\arkema\Application Data\pcouffin.sys
    2007-01-07 16:01 32 ----a-r c:\documents and settings\All Users\hash.dat
    2008-12-19 01:45 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
    2008-12-19 01:45 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2008-12-19 01:45 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
    2008-12-19 01:45 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
    2008-12-19 01:45 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3732EDF4-F591-4ABF-A3D3-43D17D205544}]
    2009-03-15 20:21 104960 --a------ c:\windows\system32\omvlqnf.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84483594-190C-48A1-8C9D-6AE24DC988D3}]
    2008-04-13 22:33 96256 --a------ c:\windows\system32\btpanu.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856]
    "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-31 67128]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
    "msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="-" [X]
    "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
    "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-22 136600]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
    "MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984]
    "JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
    "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
    "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
    "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "MaxtorOneTouch"="c:\program files\Maxtor\ManagerApp\Onetouch.exe" [2006-08-11 712704]
    "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2006-08-11 81920]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
    "nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
    "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

    c:\documents and settings\arkema\Menu D‚marrer\Programmes\D‚marrage\
    PowerReg Scheduler.exe [2007-09-16 256000]
    SpamPal.lnk - c:\program files\SpamPal\spampal.exe [2005-10-24 387616]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-01-08 221247]
    AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2007-01-16 102455]
    D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-31 67128]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-21 784912]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2007-11-15 11:10 72208 c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\vio\dvacm.acm
    "msacm.mpegacm"= mpegacm.acm
    "msacm.ulmp3acm"= ulmp3acm.acm

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1ksxx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\WINDOWS\\system32\\dpnsvr.exe"=
    "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\EA SPORTS\\NASCAR Thunder TM 2004\\NASCAR_Thunder_2004.exe"=
    "c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
    "c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
    "c:\\Program Files\\IBM\\Lotus\\Notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.j2se.win32.x86_1.5.0.SR4-200707311521\\jre\\bin\\notes2w.exe"=
    "c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
    "c:\\Program Files\\Microsoft Games\\Motocross Madness 2\\MCM2.ICD"=
    "c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\\Nexon\\Combat Arms\\NMService.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
    "c:\\Program Files\\EA SPORTS\\NBA Live 2003\\nba2003.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6881:TCP"= 6881:TCP:Azureus
    "8217:TCP"= 8217:TCP:eMule

    R0 xydxeuuo;xydxeuuo;c:\windows\system32\drivers\xydxeuuo.sys [2006-03-02 23424]
    R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2007-01-08 6656]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-01-08 3712]
    R2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [2007-01-08 28672]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-27 101936]
    S0 ati1ksxx;ati1ksxx;c:\windows\system32\Drivers\ati1ksxx.sys --> c:\windows\system32\Drivers\ati1ksxx.sys [?]
    S3 CEBDADTV;C&E DVB-T device;c:\windows\system32\DRIVERS\CEBDA150.sys --> c:\windows\system32\DRIVERS\CEBDA150.sys [?]
    S3 iComp;Hauppauge WinTV PVR2 USB2 Encoder;c:\windows\system32\drivers\HCWUSB2.sys [2007-01-16 1458688]
    S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ddc4b8f-bf7e-11dc-9282-0018e70af722}]
    \Shell\AutoRun\command - g:\setup\rsrc\Autorun.exe
    \Shell\dinstall\command - g:\directx\dxsetup.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2009-03-13 c:\windows\Tasks\Norton Security Scan for arkema.job
    - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 05:18]

    2009-03-15 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
    Notify-__c0053836 - (no file)
    SafeBoot-ati0qyxx.sys
    SafeBoot-ati0yxxx.sys
    SafeBoot-ati2fnxx.sys
    SafeBoot-ati5nvxx.sys
    SafeBoot-ati7rqxx.sys
    SafeBoot-ati8baxx.sys


    .
    ------- Examen supplémentaire -------
    .
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
    DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://www.freeworldgroup.com/games6/chocolatier/build/Chocola...
    DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://incredigamesfr.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab
    FF - ProfilePath - c:\documents and settings\arkema\Application Data\Mozilla\Firefox\Profiles\7k6ivu6s.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-15 20:21:57
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ccEvtMgr]
    "ImagePath"="-"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SAVRT]
    "ImagePath"="-"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SNDSrvc]
    "ImagePath"="-"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SYMTDI]
    "ImagePath"="-"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(808)
    c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
    c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
    c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    c:\windows\system32\bgsvcgen.exe
    c:\program files\Symantec AntiVirus\DefWatch.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
    c:\program files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\mnmsrvc.exe
    c:\program files\Maxtor\Utils\SyncServices.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\Symantec AntiVirus\Rtvscan.exe
    c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files\RealVNC\VNC4\winvnc4.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Netropa\Multimedia Keyboard\Traymon.exe
    c:\program files\Netropa\Onscreen Display\osd.exe
    c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
    c:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe
    c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
    c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
    c:\program files\HP\Digital Imaging\bin\hpqste08.exe
    c:\windows\system32\msiexec.exe
    c:\windows\system32\HPZinw12.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-03-15 20:30:56 - La machine a redémarré [arkema]
    ComboFix-quarantined-files.txt 2009-03-16 00:30:53
    ComboFix2.txt 2008-03-03 17:27:35
    ComboFix3.txt 2008-03-03 17:24:38
    ComboFix4.txt 2008-03-03 16:55:27

    Avant-CF: 215 162 613 760 octets libres
    Après-CF: 215,043,223,552 octets libres

    WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

    Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
    580 --- E O F --- 2009-03-10 07:01:34

    Merci de me donner les instructions suivantes.

    À +.
    17 Mars 2009 16:10:00

    Bonjour Egwene.

    Je ne suis pas sur que mon premier message se soit rendu correctement.

    Voici donc le rapport de ComboFix

    Bonjour à toi.

    Voici le rapport de Combofix

    ComboFix 09-03-15.01 - arkema 2009-03-15 20:16:44.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1364 [GMT -4:00]
    Lancé depuis: c:\documents and settings\arkema\Bureau\ComboFix.exe
    AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\cup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\customer_cup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\heart.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_down.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_up.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\plates.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\ticket.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\tray.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\music\mainmenumusic.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_bring_check_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_diner.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_food_ready_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_gain_heart_1.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pencil_write_2.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_rollover_1.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_seat_people_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\choosedifficulty.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\credits.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_lose.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_win.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help1.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help2.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\highscores.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro_mask.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover_mask.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\mainmenu.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup_mask.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradegrid.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradetitle.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upsell.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalk.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalkup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancel.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancelup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\close.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\closeup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continueover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplay.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplayover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfo.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfoup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off_on.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on_on.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pause.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pauseover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quit.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgame.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgameover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegame.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegameover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submit.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submitup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagain.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagainover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_up.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobal.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobalup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscore.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscoreon.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocal.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocalup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\comics\webcomic.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\career.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\customer.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\endless.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\global.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\powerups.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\stove.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\arrow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click2.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\grab.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\open.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\arial.mvec
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\komikaaxis.mvec
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt2top.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt4top.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_off.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on1.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on2.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdown.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdownon.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowleft.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowlefton.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowright.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowrighton.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowupon.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\p1icon.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\textedit.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\title.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_a.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_b.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_c.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_a.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_b.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_c.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_d.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_a.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_b.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_c.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_d.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fifth_level_diner.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\first_level_diner.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fourth_level_diner.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\second_level_diner.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\playfirst_logo.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\background.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\frames\upgrade_0001.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\upgrades.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\tableshadow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\choosedifficulty.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooseplayer.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooserestaurant.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\credits.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\game.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\gothighscore.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help2.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscore.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoreinfo.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoresubmit.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelintro.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelover.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\loading.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainloop.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainmenu.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\ok.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\pause.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\style.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\tutorialintro.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upgrade.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upsell.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\webcomic.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\yesno.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\aol_logo.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\gamelabsplash.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\playfirst_logo.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\strings.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\check.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\checkmark.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\clock.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closed.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closingtime.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\dollar.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\coffee.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\tables.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\wallpaper.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expert.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expertscore.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\fork_timer.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\goalcompleted.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level_career.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\score.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\sound.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staroff.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staron.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumber.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumberup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\traynumber.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorial_character.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialarrow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialbox.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\drinks.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\maitred.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\oven.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\select.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\shoes.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\stereo.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\table.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\dinerdash.exe
    c:\windows\system32\ban_list.txt
    c:\windows\system32\tmp.reg
    c:\windows\system32\omvlqnf.dll . . . . impossible à supprimer

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_RKBYLATR
    -------\Service_rkbylatr


    ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-16 au 2009-03-16 ))))))))))))))))))))))))))))))))))))
    .

    2009-03-15 13:38 . 2009-03-15 13:38 <REP> d-------- c:\documents and settings\arkema\Application Data\wfvhrssu
    2009-03-14 11:40 . 2009-03-14 11:40 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-03-14 11:40 . 2009-03-14 11:40 <REP> d-------- c:\documents and settings\arkema\Application Data\Malwarebytes
    2009-03-14 11:40 . 2009-03-14 11:40 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-03-14 11:40 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-03-14 11:40 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-03-14 11:36 . 2009-03-14 11:36 <REP> d-------- c:\documents and settings\NetworkService\Application Data\wfvhrssu
    2009-03-14 09:18 . 2009-03-14 09:18 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
    2009-03-14 09:13 . 2009-03-14 09:14 <REP> d-------- c:\windows\ERUNT
    2009-03-14 08:53 . 2009-03-14 10:16 <REP> d-------- C:\SDFix
    2009-03-12 21:30 . 2008-04-13 22:33 96,256 --a------ c:\windows\system32\btpanu.dll
    2009-03-07 16:20 . 2009-03-07 16:24 <REP> d-------- c:\documents and settings\arkema\Application Data\yoclient
    2009-03-07 15:25 . 2009-03-07 15:25 <REP> d-------- c:\program files\Zylom Games
    2009-03-07 15:25 . 2009-03-07 15:25 <REP> d-------- c:\documents and settings\All Users\Application Data\Zylom
    2009-02-22 20:12 . 2009-02-22 20:12 410,984 --a------ c:\windows\system32\deploytk.dll
    2009-02-22 19:42 . 2009-02-22 19:42 <REP> d-------- c:\program files\MSBuild
    2009-02-22 19:42 . 2009-02-22 19:42 <REP> d-------- c:\program files\Microsoft Works
    2009-02-22 19:41 . 2009-02-22 19:41 <REP> d-------- c:\program files\Microsoft.NET
    2009-02-22 19:36 . 2009-02-22 19:36 <REP> d-------- c:\program files\Microsoft Visual Studio 8
    2009-02-22 19:35 . 2009-03-10 03:00 <REP> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-02-22 19:30 . 2009-02-22 19:30 <REP> dr-h----- C:\MSOCache

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-13 22:00 --------- d-----w c:\program files\Norton Security Scan
    2009-03-13 21:19 --------- d-----w c:\program files\Navilog1
    2009-03-13 21:06 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-13 01:32 --------- d-----w c:\program files\Google
    2009-03-13 01:27 --------- d-----w c:\program files\Symantec AntiVirus
    2009-03-03 21:54 --------- d-----w c:\program files\Warcraft III
    2009-02-27 14:52 --------- d-----w c:\program files\Microsoft Games
    2009-02-23 00:12 --------- d-----w c:\program files\Java
    2009-02-14 21:50 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
    2009-01-06 00:54 22,328 ----a-w c:\documents and settings\arkema\Application Data\PnkBstrK.sys
    2008-10-06 17:01 24 ----a-w c:\documents and settings\arkema\jagex_runescape_preferences.dat
    2007-08-15 22:29 47,360 ----a-w c:\documents and settings\arkema\Application Data\pcouffin.sys
    2007-01-07 16:01 32 ----a-r c:\documents and settings\All Users\hash.dat
    2008-12-19 01:45 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
    2008-12-19 01:45 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2008-12-19 01:45 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
    2008-12-19 01:45 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
    2008-12-19 01:45 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3732EDF4-F591-4ABF-A3D3-43D17D205544}]
    2009-03-15 20:21 104960 --a------ c:\windows\system32\omvlqnf.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84483594-190C-48A1-8C9D-6AE24DC988D3}]
    2008-04-13 22:33 96256 --a------ c:\windows\system32\btpanu.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856]
    "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-31 67128]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
    "msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="-" [X]
    "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
    "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-22 136600]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
    "MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984]
    "JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
    "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
    "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
    "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "MaxtorOneTouch"="c:\program files\Maxtor\ManagerApp\Onetouch.exe" [2006-08-11 712704]
    "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2006-08-11 81920]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
    "nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
    "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

    c:\documents and settings\arkema\Menu D‚marrer\Programmes\D‚marrage\
    PowerReg Scheduler.exe [2007-09-16 256000]
    SpamPal.lnk - c:\program files\SpamPal\spampal.exe [2005-10-24 387616]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-01-08 221247]
    AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2007-01-16 102455]
    D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-31 67128]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-21 784912]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2007-11-15 11:10 72208 c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\vio\dvacm.acm
    "msacm.mpegacm"= mpegacm.acm
    "msacm.ulmp3acm"= ulmp3acm.acm

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1ksxx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\WINDOWS\\system32\\dpnsvr.exe"=
    "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\EA SPORTS\\NASCAR Thunder TM 2004\\NASCAR_Thunder_2004.exe"=
    "c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
    "c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
    "c:\\Program Files\\IBM\\Lotus\\Notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.j2se.win32.x86_1.5.0.SR4-200707311521\\jre\\bin\\notes2w.exe"=
    "c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
    "c:\\Program Files\\Microsoft Games\\Motocross Madness 2\\MCM2.ICD"=
    "c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\\Nexon\\Combat Arms\\NMService.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
    "c:\\Program Files\\EA SPORTS\\NBA Live 2003\\nba2003.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6881:TCP"= 6881:TCP:Azureus
    "8217:TCP"= 8217:TCP:eMule

    R0 xydxeuuo;xydxeuuo;c:\windows\system32\drivers\xydxeuuo.sys [2006-03-02 23424]
    R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2007-01-08 6656]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-01-08 3712]
    R2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [2007-01-08 28672]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-27 101936]
    S0 ati1ksxx;ati1ksxx;c:\windows\system32\Drivers\ati1ksxx.sys --> c:\windows\system32\Drivers\ati1ksxx.sys [?]
    S3 CEBDADTV;C&E DVB-T device;c:\windows\system32\DRIVERS\CEBDA150.sys --> c:\windows\system32\DRIVERS\CEBDA150.sys [?]
    S3 iComp;Hauppauge WinTV PVR2 USB2 Encoder;c:\windows\system32\drivers\HCWUSB2.sys [2007-01-16 1458688]
    S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ddc4b8f-bf7e-11dc-9282-0018e70af722}]
    \Shell\AutoRun\command - g:\setup\rsrc\Autorun.exe
    \Shell\dinstall\command - g:\directx\dxsetup.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2009-03-13 c:\windows\Tasks\Norton Security Scan for arkema.job
    - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 05:18]

    2009-03-15 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
    Notify-__c0053836 - (no file)
    SafeBoot-ati0qyxx.sys
    SafeBoot-ati0yxxx.sys
    SafeBoot-ati2fnxx.sys
    SafeBoot-ati5nvxx.sys
    SafeBoot-ati7rqxx.sys
    SafeBoot-ati8baxx.sys


    .
    ------- Examen supplémentaire -------
    .
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
    DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://www.freeworldgroup.com/games6/chocolatier/build/Chocola...
    DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://incredigamesfr.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab
    FF - ProfilePath - c:\documents and settings\arkema\Application Data\Mozilla\Firefox\Profiles\7k6ivu6s.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-15 20:21:57
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ccEvtMgr]
    "ImagePath"="-"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SAVRT]
    "ImagePath"="-"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SNDSrvc]
    "ImagePath"="-"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SYMTDI]
    "ImagePath"="-"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(808)
    c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
    c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
    c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    c:\windows\system32\bgsvcgen.exe
    c:\program files\Symantec AntiVirus\DefWatch.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
    c:\program files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\mnmsrvc.exe
    c:\program files\Maxtor\Utils\SyncServices.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\Symantec AntiVirus\Rtvscan.exe
    c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files\RealVNC\VNC4\winvnc4.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Netropa\Multimedia Keyboard\Traymon.exe
    c:\program files\Netropa\Onscreen Display\osd.exe
    c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
    c:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe
    c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
    c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
    c:\program files\HP\Digital Imaging\bin\hpqste08.exe
    c:\windows\system32\msiexec.exe
    c:\windows\system32\HPZinw12.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-03-15 20:30:56 - La machine a redémarré [arkema]
    ComboFix-quarantined-files.txt 2009-03-16 00:30:53
    ComboFix2.txt 2008-03-03 17:27:35
    ComboFix3.txt 2008-03-03 17:24:38
    ComboFix4.txt 2008-03-03 16:55:27

    Avant-CF: 215 162 613 760 octets libres
    Après-CF: 215,043,223,552 octets libres

    WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

    Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
    580 --- E O F --- 2009-03-10 07:01:34

    Merci de me donner les instructions suivantes.

    18 Mars 2009 11:15:46

    :hello: 

    Désactive toute protection résidente ( antivirus…) ! <------- Pense-y !

    Copie le texte se situant dans le cadre ci-dessous : ( Ctrl + C )

    KillAll::

    Driver::
    ati1ksxx
    xydxeuuo

    DirLook::
    c:\documents and settings\arkema\Application Data\wfvhrssu

    File::
    c:\windows\system32\btpanu.dll
    c:\windows\system32\omvlqnf.dll
    c:\windows\system32\drivers\xydxeuuo.sys
    c:\windows\system32\Drivers\ati1ksxx.sys

    FileLook::
    c:\windows\system32\dllcache\user32.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3732EDF4-F591-4ABF-A3D3-43D17D205544}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84483594-190C-48A1-8C9D-6AE24DC988D3}]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1ksxx.sys]
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6881:TCP"=-
    "8217:TCP"=-


    => Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

    - Colles y le texte (CTRL + V)
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer
    - Quitte le Bloc Notes

    Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



    * Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
    * Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher : Copie/Colle son contenue sur le forum.
    Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
    * Poste un nouveau rapport hijackthis.

    Citation :
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ddc4b8f-bf7e-11dc-9282-0018e70af722}]
    \Shell\AutoRun\command - g:\setup\rsrc\Autorun.exe
    \Shell\dinstall\command - g:\directx\dxsetup.exe

    Les éléments en gras te disent-ils quelque chose ?

    ;) 
    18 Mars 2009 22:49:41

    Bonjour Egwene.

    Je vais chercher à quoi sont associés le AUtorun et le dxsetup.

    Voici mon rapport de COmboFIx

    ComboFix 09-03-15.01 - arkema 2009-03-17 6:54:07.5 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1367 [GMT -4:00]
    Lancé depuis: c:\documents and settings\arkema\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\arkema\Bureau\CFScript.txt
    AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
    * Un nouveau point de restauration a été créé

    FILE ::
    c:\windows\system32\btpanu.dll
    c:\windows\system32\Drivers\ati1ksxx.sys
    c:\windows\system32\drivers\xydxeuuo.sys
    c:\windows\system32\omvlqnf.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\btpanu.dll
    c:\windows\system32\drivers\xydxeuuo.sys
    c:\windows\system32\omvlqnf.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_XYDXEUUO
    -------\Service_ati1ksxx
    -------\Service_xydxeuuo


    ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-17 au 2009-03-17 ))))))))))))))))))))))))))))))))))))
    .

    2009-03-15 13:38 . 2009-03-15 13:38 <REP> d-------- c:\documents and settings\arkema\Application Data\wfvhrssu
    2009-03-14 11:40 . 2009-03-14 11:40 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-03-14 11:40 . 2009-03-14 11:40 <REP> d-------- c:\documents and settings\arkema\Application Data\Malwarebytes
    2009-03-14 11:40 . 2009-03-14 11:40 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-03-14 11:40 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-03-14 11:40 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-03-14 11:36 . 2009-03-14 11:36 <REP> d-------- c:\documents and settings\NetworkService\Application Data\wfvhrssu
    2009-03-14 09:18 . 2009-03-14 09:18 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
    2009-03-14 09:13 . 2009-03-14 09:14 <REP> d-------- c:\windows\ERUNT
    2009-03-14 08:53 . 2009-03-14 10:16 <REP> d-------- C:\SDFix
    2009-03-07 16:20 . 2009-03-07 16:24 <REP> d-------- c:\documents and settings\arkema\Application Data\yoclient
    2009-03-07 15:25 . 2009-03-07 15:25 <REP> d-------- c:\program files\Zylom Games
    2009-03-07 15:25 . 2009-03-07 15:25 <REP> d-------- c:\documents and settings\All Users\Application Data\Zylom
    2009-02-22 20:12 . 2009-02-22 20:12 410,984 --a------ c:\windows\system32\deploytk.dll
    2009-02-22 19:42 . 2009-02-22 19:42 <REP> d-------- c:\program files\MSBuild
    2009-02-22 19:42 . 2009-02-22 19:42 <REP> d-------- c:\program files\Microsoft Works
    2009-02-22 19:41 . 2009-02-22 19:41 <REP> d-------- c:\program files\Microsoft.NET
    2009-02-22 19:36 . 2009-02-22 19:36 <REP> d-------- c:\program files\Microsoft Visual Studio 8
    2009-02-22 19:35 . 2009-03-10 03:00 <REP> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-02-22 19:30 . 2009-02-22 19:30 <REP> dr-h----- C:\MSOCache

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-13 22:00 --------- d-----w c:\program files\Norton Security Scan
    2009-03-13 21:19 --------- d-----w c:\program files\Navilog1
    2009-03-13 21:06 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-13 01:32 --------- d-----w c:\program files\Google
    2009-03-13 01:27 --------- d-----w c:\program files\Symantec AntiVirus
    2009-03-03 21:54 --------- d-----w c:\program files\Warcraft III
    2009-02-27 14:52 --------- d-----w c:\program files\Microsoft Games
    2009-02-23 00:12 --------- d-----w c:\program files\Java
    2009-02-14 21:50 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
    2009-01-06 00:54 22,328 ----a-w c:\documents and settings\arkema\Application Data\PnkBstrK.sys
    2008-10-06 17:01 24 ----a-w c:\documents and settings\arkema\jagex_runescape_preferences.dat
    2007-08-15 22:29 47,360 ----a-w c:\documents and settings\arkema\Application Data\pcouffin.sys
    2007-01-07 16:01 32 ----a-r c:\documents and settings\All Users\hash.dat
    2008-12-19 01:45 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
    2008-12-19 01:45 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2008-12-19 01:45 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
    2008-12-19 01:45 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
    2008-12-19 01:45 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .


    ---- c:\windows\system32\dllcache\user32.dll ----
    Company: Microsoft Corporation
    File Description: DLL client de l'API Utilisateur de Windows XP
    File Version: 5.1.2600.5512 (xpsp.080413-2105)
    Product Name: SystŠme d'exploitation Microsoft© Windows©
    Copyright: ¸ Microsoft Corporation. Tous droits r‚serv‚s.
    Original file name: user32
    MD5: e853f84d3ce2faa2a802e33cf89ac023

    ---- Directory of c:\documents and settings\arkema\Application Data\wfvhrssu ----

    2009-03-15 13:39 65536 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\cert8.db
    2009-03-15 13:39 2048 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\cookies.sqlite
    2009-03-15 13:39 0 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\places.sqlite-journal
    2009-03-15 13:38 96185 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\xpti.dat
    2009-03-15 13:38 8296 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\pluginreg.dat
    2009-03-15 13:38 569 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\localstore.rdf
    2009-03-15 13:38 4096 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\formhistory.sqlite
    2009-03-15 13:38 367 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\prefs.js
    2009-03-15 13:38 215 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\compatibility.ini
    2009-03-15 13:38 2048 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\webappsstore.sqlite
    2009-03-15 13:38 2048 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\permissions.sqlite
    2009-03-15 13:38 16384 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\secmod.db
    2009-03-15 13:38 16384 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\key3.db
    2009-03-15 13:38 131072 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\places.sqlite
    2009-03-15 13:38 127820 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\compreg.dat
    2009-03-15 13:38 111 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\profiles.ini


    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856]
    "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-31 67128]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
    "msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="-" [X]
    "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
    "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-22 136600]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
    "MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984]
    "JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
    "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
    "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
    "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "MaxtorOneTouch"="c:\program files\Maxtor\ManagerApp\Onetouch.exe" [2006-08-11 712704]
    "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2006-08-11 81920]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
    "nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
    "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

    c:\documents and settings\arkema\Menu D‚marrer\Programmes\D‚marrage\
    PowerReg Scheduler.exe [2007-09-16 256000]
    SpamPal.lnk - c:\program files\SpamPal\spampal.exe [2005-10-24 387616]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-01-08 221247]
    AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2007-01-16 102455]
    D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-31 67128]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-21 784912]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2007-11-15 11:10 72208 c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\vio\dvacm.acm
    "msacm.mpegacm"= mpegacm.acm
    "msacm.ulmp3acm"= ulmp3acm.acm

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0qyxx.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0yxxx.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1ksxx.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2fnxx.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5nvxx.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7rqxx.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8baxx.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\WINDOWS\\system32\\dpnsvr.exe"=
    "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\EA SPORTS\\NASCAR Thunder TM 2004\\NASCAR_Thunder_2004.exe"=
    "c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
    "c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
    "c:\\Program Files\\IBM\\Lotus\\Notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.j2se.win32.x86_1.5.0.SR4-200707311521\\jre\\bin\\notes2w.exe"=
    "c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
    "c:\\Program Files\\Microsoft Games\\Motocross Madness 2\\MCM2.ICD"=
    "c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\\Nexon\\Combat Arms\\NMService.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
    "c:\\Program Files\\EA SPORTS\\NBA Live 2003\\nba2003.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2007-01-08 6656]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-01-08 3712]
    R2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [2007-01-08 28672]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-27 101936]
    S3 CEBDADTV;C&E DVB-T device;c:\windows\system32\DRIVERS\CEBDA150.sys --> c:\windows\system32\DRIVERS\CEBDA150.sys [?]
    S3 iComp;Hauppauge WinTV PVR2 USB2 Encoder;c:\windows\system32\drivers\HCWUSB2.sys [2007-01-16 1458688]
    S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]

    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - XYDXEUUO

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ddc4b8f-bf7e-11dc-9282-0018e70af722}]
    \Shell\AutoRun\command - g:\setup\rsrc\Autorun.exe
    \Shell\dinstall\command - g:\directx\dxsetup.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2009-03-13 c:\windows\Tasks\Norton Security Scan for arkema.job
    - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 05:18]

    2009-03-17 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{3732EDF4-F591-4ABF-A3D3-43D17D205544} - (no file)
    BHO-{84483594-190C-48A1-8C9D-6AE24DC988D3} - (no file)


    .
    ------- Examen supplémentaire -------
    .
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
    DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://www.freeworldgroup.com/games6/chocolatier/build/Chocola...
    DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://incredigamesfr.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab
    FF - ProfilePath - c:\documents and settings\arkema\Application Data\Mozilla\Firefox\Profiles\7k6ivu6s.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-17 06:57:30
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ccEvtMgr]
    "ImagePath"="-"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SAVRT]
    "ImagePath"="-"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SNDSrvc]
    "ImagePath"="-"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SYMTDI]
    "ImagePath"="-"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(808)
    c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
    c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll
    c:\windows\system32\ACTIVEDS.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
    c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    c:\windows\system32\bgsvcgen.exe
    c:\program files\Symantec AntiVirus\DefWatch.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
    c:\program files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\mnmsrvc.exe
    c:\program files\Maxtor\Utils\SyncServices.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\Symantec AntiVirus\Rtvscan.exe
    c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files\RealVNC\VNC4\winvnc4.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Netropa\Multimedia Keyboard\Traymon.exe
    c:\program files\Netropa\Onscreen Display\osd.exe
    c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
    c:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe
    c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
    c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
    c:\program files\HP\Digital Imaging\bin\hpqste08.exe
    c:\windows\system32\msiexec.exe
    c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
    .
    **************************************************************************
    .
    Heure de fin: 2009-03-17 7:06:46 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-03-17 11:06:43
    ComboFix2.txt 2009-03-16 00:30:57
    ComboFix3.txt 2008-03-03 17:27:35
    ComboFix4.txt 2008-03-03 17:24:38
    ComboFix5.txt 2009-03-17 10:53:18

    Avant-CF: 214 910 308 352 octets libres
    Après-CF: 214,908,444,672 octets libres

    Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
    319 --- E O F --- 2009-03-16 07:01:56

    J' attends de tes nouvelles. :??: 
    18 Mars 2009 22:56:56

    J'ai trouvé des fichiers Autorun associés à EA Sports, Nasacar 2007 et à ma carte réseau sans fil WG311v2/1.2B6

    J'ai trouvé des fichiers dXsetup associé à directx et Nascar Racing.

    Au besoin je peux tous les enlever si requis.
    19 Mars 2009 09:59:20

    Re,

    C'est quoi ce dossier, c'est ton nom d'utilisateur ?

    c:\documents and settings\arkema\Application Data\wfvhrssu

    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://www.kaspersky.com/kos/eng/partner/default/kavweb...
  • Clique sur Accept
  • Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
  • clique une nouvelle fois sur "Accept"
  • Les bases de mises à jour vont s'installer, patiente un moment
  • Clique sur Next.
  • Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera. Et poste-moi le rapport que tu obtiens.

    Et poste-moi le rapport attach.txt que je t'avais demandé de mettre de côté.

    Pour les autoruns, d'après ce que tu me dis, ils semblent légitimes.

    ;) 
    20 Mars 2009 01:47:02

    Le rapport est sorti en format html.
    Suivra à la fin le contenu du fichier attach.



    Wednesday, March 18, 2009
    Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Thursday, March 19, 2009 12:07:10
    Records in database: 1933727
    Scan settings
    Scan using the following database extended
    Scan archives yes
    Scan mail databases yes
    Scan area My Computer
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    Scan statistics
    Files scanned 189860
    Threat name 42
    Infected objects 664
    Suspicious objects 0
    Duration of the scan 02:06:21

    File name Threat name Threats count
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe/C:\Program Files\RealVNC\VNC4\WinVNC4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300003.VBN Infected: Trojan-Downloader.Win32.Agent.mba 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300004.VBN Infected: Trojan-Downloader.Win32.Bagle.cq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300005.VBN Infected: Trojan-Downloader.Win32.Bagle.cs 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300006.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300007.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300008.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300009.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230000A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230000B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230000C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230000D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230000E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230000F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300010.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300011.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300012.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300013.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300014.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300015.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300016.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300017.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300018.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300019.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230001A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230001B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230001C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230001D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230001E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230001F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300020.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300021.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300022.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300023.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300024.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300025.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300026.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300027.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300028.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300029.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230002A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230002B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230002C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230002D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230002E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230002F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300030.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300031.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300032.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300033.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300034.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300035.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300036.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300037.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300038.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300039.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230003A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230003B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230003C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230003D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230003E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230003F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300040.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300041.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300042.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300043.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300044.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300045.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300046.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300047.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300048.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300049.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230004A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230004B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230004C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230004D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230004E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230004F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300050.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300051.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300052.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300053.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300054.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300055.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300056.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300057.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300058.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300059.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230005A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230005B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230005C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230005D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230005E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230005F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300060.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300061.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300062.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300063.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300064.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300065.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300066.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300067.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300068.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300069.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230006A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230006B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230006C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230006D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230006E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230006F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300070.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300071.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300072.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300073.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300074.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300075.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300076.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300077.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300078.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300079.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230007A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230007B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230007C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230007D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230007E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230007F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300080.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300081.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300082.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300083.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300084.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300085.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300086.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300087.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300088.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300089.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230008A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230008B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230008C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230008D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230008E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230008F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300090.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300091.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300092.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300093.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300094.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300095.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300096.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300097.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300098.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300099.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230009A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230009B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230009C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230009D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230009E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230009F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000A0.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000A1.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000A2.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000A3.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000A4.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000A5.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000A6.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000A7.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000A8.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000A9.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000AA.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000AB.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000AC.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000AD.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000AE.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000AF.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000B0.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000B1.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000B2.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000B3.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000B4.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000B5.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000B6.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000B7.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000B8.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000B9.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000BA.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000BB.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000BC.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000BD.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000BE.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000BF.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000C0.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000C1.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000C2.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000C3.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000C4.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02680000\4AF84808.VBN Infected: Trojan-Downloader.Win32.Zlob.aago 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02680001\4AF84A47.VBN Infected: Trojan-Downloader.Win32.Zlob.aago 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02880000\4BABF177.VBN Infected: Trojan-Downloader.Win32.Small.jer 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02EC0000.VBN Infected: Backdoor.Win32.TDSS.blh 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02EC0001.VBN Infected: Backdoor.Win32.TDSS.atb 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02EC0002\4BFC7C7D.VBN Infected: Rootkit.Win32.TDSS.dbg 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02EC0003.VBN Infected: Backdoor.Win32.TDSS.asz 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02EC0004\4BFC7D09.VBN Infected: Rootkit.Win32.Protector.cd 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140000\4FDEB8C0.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140001\4FDEB900.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140002\4FDEB90D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140003\4FDEB91B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140004\4FDEB929.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140005\4FDEB935.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140006\4FDEB942.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140007\4FDEB953.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140008\4FDEB95F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140009\4FDEB96C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814000A\4FDEB978.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814000B\4FDEB985.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814000C\4FDEB994.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814000D\4FDEB9A1.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814000E\4FDEB9AE.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814000F\4FDEB9BA.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140010\4FDEB9C7.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140011\4FDEB9D3.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140012\4FDEB9E3.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140013\4FDEB9F0.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140014\4FDEB9FD.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140015\4FDEBA09.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140016\4FDEBA15.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140017\4FDEBA22.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140018\4FDEBA2F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140019\4FDEBA3D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814001A\4FDEBA49.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814001B\4FDEBA55.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814001C\4FDEBA61.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814001D\4FDEBA6F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814001E\4FDEBA8E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814001F\4FDEBA9A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140020\4FDEBAA8.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140021\4FDEBAB5.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140022\4FDEBAC2.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140023\4FDEBACD.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140024\4FDEBADA.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140025\4FDEBAE7.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140026\4FDEBAF3.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140027\4FDEBB04.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140028\4FDEBB13.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140029\4FDEBB22.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814002A\4FDEBB30.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814002B\4FDEBB3F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814002C\4FDEBB4C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814002D\4FDEBB59.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814002E\4FDEBB65.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814002F\4FDEBB72.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140030\4FDEBB7F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140031\4FDEBB8D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140032\4FDEBB9A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140033\4FDEBBA7.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140034\4FDEBBB5.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140035\4FDEBBC2.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140036\4FDEBBCF.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140037\4FDEBBDB.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140038\4FDEBBE9.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140039\4FDEBBF7.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814003A\4FDEBC04.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814003B\4FDEBC11.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814003C\4FDEBC1F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814003D\4FDEBC2E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814003E\4FDEBC3C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814003F\4FDEBC4B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140040\4FDEBC5A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140041\4FDEBC68.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140042\4FDEBC75.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140043\4FDEBC85.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140044\4FDEBC93.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140045\4FDEBCA3.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140046\4FDEBCB5.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140047\4FDEBCC6.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140048\4FDEBCD6.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140049\4FDEBCE5.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814004A\4FDEBCF9.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814004B\4FDEBD07.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814004C\4FDEBD15.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814004D\4FDEBD22.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814004E\4FDEBD30.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814004F\4FDEBD40.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140050\4FDEBD4F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140051\4FDEBD61.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140052\4FDEBD6F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140053\4FDEBD7D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140054\4FDEBD8B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140055\4FDEBD9A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140056\4FDEBDAE.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140057\4FDEBDBB.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140058\4FDEBDCB.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140059\4FDEBDE0.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814005A\4FDEBDF3.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814005B\4FDEBE02.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814005C\4FDEBE11.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814005D\4FDEBE1F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814005E\4FDEBE32.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814005F\4FDEBE3E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140060\4FDEBE4B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140061\4FDEBE5A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140062\4FDEBE6A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140063\4FDEBE76.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140064\4FDEBE84.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140065\4FDEBE9B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140066\4FDEBEAB.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140067\4FDEBEBD.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140068\4FDEBECF.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140069\4FDEBEDF.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814006A\4FDEBEEF.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814006B\4FDEBF01.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814006C\4FDEBF0E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814006D\4FDEBF1A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814006E\4FDEBF27.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814006F\4FDEBF33.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140070\4FDEBF41.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140071\4FDEBF4E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140072\4FDEBF5C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140073\4FDEBF69.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140074\4FDEBF76.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140075\4FDEBF83.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140076\4FDEBF92.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140077\4FDEBF9E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140078\4FDEBFAA.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140079\4FDEBFB7.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814007A\4FDEBFC5.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814007B\4FDEBFD6.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814007C\4FDEBFE6.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814007D\4FDEBFF5.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814007E\4FDEC003.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814007F\4FDEC011.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140080\4FDEC01F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140081\4FDEC02D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140082\4FDEC03D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140083\4FDEC04C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140084\4FDEC059.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140085\4FDEC065.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140086\4FDEC072.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140087\4FDEC081.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140088\4FDEC097.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140089\4FDEC0A4.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814008A\4FDEC0B0.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814008B\4FDEC0BC.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814008C\4FDEC0C9.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814008D\4FDEC0D6.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814008E\4FDEC0E5.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814008F\4FDEC0F2.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140090\4FDEC100.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140091\4FDEC112.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140092\4FDEC11E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140093\4FDEC12D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140094\4FDEC139.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140095\4FDEC145.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140096\4FDEC152.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140097\4FDEC15E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140098\4FDEC16B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140099\4FDEC178.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814009A\4FDEC184.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814009B\4FDEC190.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814009C\4FDEC19C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814009D\4FDEC1A8.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814009E\4FDEC1B4.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814009F\4FDEC1C1.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\081400A0\4FDEC1CD.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\
    20 Mars 2009 01:48:55

    Le fichier attach.txt n'a pas suivi la première fois.



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-02-01.01)

    Microsoft Windows XP Édition familiale
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2002-01-01 00:28:32
    System Uptime: 2009-03-14 12:17:26 (3 hours ago)

    Motherboard: ASUSTeK Computer INC. | | P5B
    Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz | Socket 775 | 2401/266mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 298 GiB total, 200.502 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    2007 Microsoft Office Suite Service Pack 1 (SP1)
    Ad-Aware SE Professional
    Adobe Flash Player ActiveX
    Adobe Flash Player Plugin
    Adobe Reader 8.1.1 - Français
    Adobe Shockwave Player 11
    Age of Mythology
    AiO_Scan_CDA
    AiOSoftwareNPI
    APC PowerChute Personal Edition
    Archiveur WinRAR
    Asterix at the Olympic Games
    AVG Anti-Rootkit Free
    AVG Anti-Spyware 7.5
    Azureus Vuze
    Barre d'outils Outlook de Windows Live (Windows Live Toolbar)
    Bloqueur de fenêtres pop-up (Windows Live Toolbar)
    BMW M3 Challenge
    BufferChm
    C6100
    c6100_Help
    Call of Duty(R) - World at War(TM)
    CCleaner (remove only)
    CDDRV_Installer
    Client Windows Rights Management avec Service Pack 2
    Codeur Windows Media Série 9
    Combat Arms
    Compatibility Pack for the 2007 Office system
    Copernic Desktop Search 2
    Correctif pour Lecteur Windows Media 11 (KB939683)
    Correctif pour Windows Internet Explorer 7 (KB947864)
    Correctif pour Windows XP (KB952287)
    CP_CalendarTemplates1
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Panorama1Config
    cp_PosterPrintConfig
    Crazy Taxi
    CueTour
    CustomerResearchQFolder
    Destinations
    DeviceManagementQFolder
    DocProc
    DocProcQFolder
    DocumentViewer
    DocumentViewerQFolder
    EA SPORTS online 2007
    eMule
    eSupportQFolder
    Extension de Windows Live Toolbar (Windows Live Toolbar)
    Family Sports Pack
    Fax_CDA
    FIFA 08
    Fishing Special Edition
    FullDPAppQFolder
    GameSpy Arcade
    Google Earth
    Google Toolbar for Internet Explorer
    Hauppauge WinTV-PVR2 USB2 Drivers
    Hauppauge WinTV Infrared Remote
    Hauppauge WinTV Scheduler
    Hauppauge WinTV2000
    High Definition Audio Driver Package - KB888111
    HijackThis 2.0.2
    Hijackthis Version Française 1.99.0.1
    Hotfix for Windows Media Format 11 SDK (KB929399)
    HP Customer Participation Program 7.0
    HP Document Viewer 7.0
    HP Imaging Device Functions 7.0
    HP Photosmart Premier Software 6.5
    HP Photosmart, Officejet and Deskjet 7.0.A
    HP Software Update
    HP Solution Center 7.0
    HPPhotoSmartExpress
    HPProductAssistant
    ImpôtRapide 2006
    InstantShareDevices
    InstantShareDevicesMFC
    InterVideo FilterSDK for Hauppauge
    IrfanView (remove only)
    IsoBuster 2.2
    IZArc 3.81
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    Java(TM) 6 Update 11
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    JRAID
    Kaspersky On-line Scanner
    Kaspersky Online Scanner
    KhalInstallWrapper
    Lecteur Windows Media 11
    Les Sims Deluxe
    LightScribe 1.4.119.1
    LiveUpdate 3.1 (Symantec Corporation)
    Logitech Desktop Messenger
    Logitech SetPoint
    Lotus Notes 8.0
    Madden NFL 08
    Magic ISO Maker v5.4 (build 0251)
    Malwarebytes' Anti-Malware
    MarketResearch
    Maxtor Backup
    Maxtor Encryption
    Maxtor OneTouch III
    Menus intelligents (Windows Live Toolbar)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 French Language Pack
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Language Pack - FRA
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft Age of Empires II
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Flight Simulator 2004 Un siècle d'aviation
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Midtown Madness 2
    Microsoft Motocross Madness 2
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Access MUI (French) 2007
    Microsoft Office Excel MUI (French) 2007
    Microsoft Office InfoPath MUI (French) 2007
    Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
    Microsoft Office Outlook MUI (French) 2007
    Microsoft Office PowerPoint MUI (French) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (Arabic) 2007
    Microsoft Office Proof (Dutch) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (French) 2007
    Microsoft Office Publisher MUI (French) 2007
    Microsoft Office Shared MUI (French) 2007
    Microsoft Office Word MUI (French) 2007
    Microsoft Plus! pour Windows XP
    Microsoft Software Update for Web Folders (French) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Mini Car Special Edition
    Mini Golf Special Edition
    Mise à jour critique pour Lecteur Windows Media 11 (KB959772)
    Mise à jour de sécurité pour le Codeur Windows Media (KB954156)
    Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)
    Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
    Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)
    Mise à jour de sécurité pour Windows XP (KB923689)
    Mise à jour de sécurité pour Windows XP (KB923789)
    Mise à jour de sécurité pour Windows XP (KB938464-v2)
    Mise à jour de sécurité pour Windows XP (KB938464)
    Mise à jour de sécurité pour Windows XP (KB941569)
    Mise à jour de sécurité pour Windows XP (KB946648)
    Mise à jour de sécurité pour Windows XP (KB950760)
    Mise à jour de sécurité pour Windows XP (KB950762)
    Mise à jour de sécurité pour Windows XP (KB950974)
    Mise à jour de sécurité pour Windows XP (KB951066)
    Mise à jour de sécurité pour Windows XP (KB951376-v2)
    Mise à jour de sécurité pour Windows XP (KB951698)
    Mise à jour de sécurité pour Windows XP (KB951748)
    Mise à jour de sécurité pour Windows XP (KB952954)
    Mise à jour de sécurité pour Windows XP (KB953839)
    Mise à jour de sécurité pour Windows XP (KB954211)
    Mise à jour de sécurité pour Windows XP (KB954459)
    Mise à jour de sécurité pour Windows XP (KB954600)
    Mise à jour de sécurité pour Windows XP (KB955069)
    Mise à jour de sécurité pour Windows XP (KB956391)
    Mise à jour de sécurité pour Windows XP (KB956802)
    Mise à jour de sécurité pour Windows XP (KB956803)
    Mise à jour de sécurité pour Windows XP (KB956841)
    Mise à jour de sécurité pour Windows XP (KB957095)
    Mise à jour de sécurité pour Windows XP (KB957097)
    Mise à jour de sécurité pour Windows XP (KB958644)
    Mise à jour de sécurité pour Windows XP (KB958687)
    Mise à jour de sécurité pour Windows XP (KB958690)
    Mise à jour de sécurité pour Windows XP (KB960225)
    Mise à jour de sécurité pour Windows XP (KB960715)
    Mise à jour pour Windows XP (KB951072-v2)
    Mise à jour pour Windows XP (KB951978)
    Mise à jour pour Windows XP (KB955839)
    Mise à jour pour Windows XP (KB967715)
    Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
    Mozilla Firefox (2.0.0.20)
    MSN
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML4 Parser
    NASCAR Thunder TM 2004
    NASCAR® Racing 2007 Season
    Navilog1 3.7.6
    NBA Live 2003
    Nero 7 Ultra Edition
    neroxml
    NewCopy_CDA
    NFO Creator
    NHL 2001
    NHL® 08
    NHL07
    Norton Security Scan
    Norton Security Scan (Symantec Corporation)
    NVIDIA Drivers
    OCR Software by I.R.I.S 7.0
    Office Keyboard
    OneCare Advisor (Windows Live Toolbar)
    Package de base Microsoft de service de chiffrement pour cartes à puce
    Panda ActiveScan
    PanoStandAlone
    Photo Mania
    PhotoGallery
    Pinball Special Edition
    PowerDVD
    ProductContextNPI
    PunkBuster Services
    QuickTime
    RandMap
    Readme
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    RollerCoaster Tycoon 2
    SA23xx Device Manager
    Scan
    ScannerCopy
    Security Update for 2007 Microsoft Office System (KB951550)
    Security Update for 2007 Microsoft Office System (KB951944)
    Security Update for 2007 Microsoft Office System (KB958439)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB958437)
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)
    Security Update for Microsoft Office Publisher 2007 (KB950114)
    Security Update for Microsoft Office system 2007 (KB954326)
    Security Update for Microsoft Office system 2007 (KB956828)
    Security Update for Microsoft Office Word 2007 (KB956358)
    SkinsHP1
    SlideShow
    SmartCapture V1.7.14
    SolutionCenter
    Sonic_PrimoSDK
    SoundMAX
    SP2 de compatibilité descendante du client Windows Rights Management
    SpamPal
    Spybot - Search & Destroy
    Spybot - Search & Destroy 1.5.2.20
    Starball
    Status
    Superball Challenge Special Edition
    Superbike
    SureThing CD Labeler - CD Stomper Edition
    Switch
    Symantec AntiVirus
    TMPGEnc 4.0 XPress
    TMPGEnc DVD Author 3 with DivX Authoring
    Toolbox
    TrayApp
    TreeSize Free V1.78
    TVUPlayer 2.3.0.0
    Ulead DVD MovieFactory 4.0 SE
    Unload
    Update for Microsoft Office Outlook 2007 (KB952142)
    Update for Office 2007 (KB946691)
    Update for Outlook 2007 Junk Email Filter (kb962871)
    VideoLAN VLC media player 0.8.6a
    VNC Free Edition 4.1.2
    Warcraft III
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Live Favorites pour Windows Live Toolbar
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Toolbar
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 11
    Windows XP Service Pack 3
    WinZip 11.1
    Xvid 1.1.2 final uninstall
    Zylom Games Player Plugin

    ==== Event Viewer Messages From Past Week ========

    2009-03-12 20:27:00, error: Print [19] - Échec du partage de l'imprimante + 1722, Imprimante HP DeskJet 830C/832C nom de partage Imprimante4.
    2009-03-12 15:28:12, error: Service Control Manager [7031] - Le service Symantec AntiVirus s'est terminé de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans 10000 millisecondes : Redémarrer le service.
    2009-03-11 22:13:28, error: Service Control Manager [7011] - Délai (30000 millisecondes) d'attente pour une réponse du service Symantec AntiVirus à une transaction.
    2009-03-12 20:27:54, error: Service Control Manager [7024] - Le service Symantec SPBBCSvc s'est arrêté avec l'erreur service particulière 4294967295 (0xFFFFFFFF).
    2009-03-12 20:34:40, error: Service Control Manager [7009] - Délai (30000 millisecondes) d'attente pour une connexion du service ICF.
    2009-03-12 20:34:40, error: Service Control Manager [7000] - Le service ICF n'a pas pu démarrer en raison de l'erreur : Le service n'a pas répondu assez vite à la demande de lancement ou de contrôle.
    2009-03-12 20:35:37, error: Service Control Manager [7024] - Le service Symantec SPBBCSvc s'est arrêté avec l'erreur service particulière 4294967295 (0xFFFFFFFF).
    2009-03-12 20:43:50, error: Service Control Manager [7024] - Le service Symantec SPBBCSvc s'est arrêté avec l'erreur service particulière 4294967295 (0xFFFFFFFF).
    2009-03-12 20:49:49, error: Service Control Manager [7024] - Le service Symantec SPBBCSvc s'est arrêté avec l'erreur service particulière 4294967295 (0xFFFFFFFF).
    2009-03-12 20:56:31, error: Service Control Manager [7024] - Le service Symantec SPBBCSvc s'est arrêté avec l'erreur service particulière 4294967295 (0xFFFFFFFF).
    2009-03-12 21:01:35, error: Service Control Manager [7011] - Délai (30000 millisecondes) d'attente pour une réponse du service Symantec AntiVirus à une transaction.
    2009-03-12 21:01:48, error: Service Control Manager [7024] - Le service Symantec SPBBCSvc s'est arrêté avec l'erreur service particulière 4294967295 (0xFFFFFFFF).
    2009-03-13 07:43:04, error: Service Control Manager [7011] - Délai (30000 millisecondes) d'attente pour une réponse du service Symantec AntiVirus à une transaction.
    2009-03-13 07:43:24, error: Service Control Manager [7024] - Le service Symantec SPBBCSvc s'est arrêté avec l'erreur service particulière 4294967295 (0xFFFFFFFF).
    2009-03-13 07:58:01, error: Service Control Manager [7011] - Délai (30000 millisecondes) d'attente pour une réponse du service Symantec AntiVirus à une transaction.
    2009-03-13 07:58:20, error: Service Control Manager [7024] - Le service Symantec SPBBCSvc s'est arrêté avec l'erreur service particulière 4294967295 (0xFFFFFFFF).
    2009-03-13 08:17:54, error: Service Control Manager [7011] - Délai (30000 millisecondes) d'attente pour une réponse du service Symantec AntiVirus à une transaction.
    2009-03-13 08:18:10, error: Service Control Manager [7024] - Le service Symantec SPBBCSvc s'est arrêté avec l'erreur service particulière 4294967295 (0xFFFFFFFF).
    2009-03-13 08:27:31, error: Service Control Manager [7011] - Délai (30000 millisecondes) d'attente pour une réponse du service Symantec AntiVirus à une transaction.
    2009-03-13 08:27:49, error: Service Control Manager [7024] - Le service Symantec SPBBCSvc s'est arrêté avec l'erreur service particulière 4294967295 (0xFFFFFFFF).
    2009-03-13 08:36:22, error: Service Control Manager [7011] - Délai (30000 millisecondes) d'attente pour une réponse du service Symantec AntiVirus à une transaction.
    2009-03-13 08:36:42, error: Service Control Manager [7024] - Le service Symantec SPBBCSvc s'est arrêté avec l'erreur service particulière 4294967295 (0xFFFFFFFF).
    2009-03-13 08:48:09, error: Service Control Manager [7011] - Délai (30000 millisecondes) d'attente pour une réponse du service Symantec AntiVirus à une transaction.
    2009-03-13 08:48:29, error: Service Control Manager [7024] - Le service Symantec SPBBCSvc s'est arrêté avec l'erreur service particulière 4294967295 (0xFFFFFFFF).
    2009-03-13 08:59:40, error: Service Control Manager [7009] - Délai (30000 millisecondes) d'attente pour une connexion du service ICF.
    2009-03-13 08:59:40, error: Service Control Manager [7000] - Le service ICF n'a pas pu démarrer en raison de l'erreur : Le service n'a pas répondu assez vite à la demande de lancement ou de contrôle.
    2009-03-13 09:00:16, error: Service Control Manager [7011] - Délai (30000 millisecondes) d'attente pour une réponse du service Symantec AntiVirus à une transaction.
    2009-03-13 09:00:37, error: Service Control Manager [7024] - Le service Symantec SPBBCSvc s'est arrêté avec l'erreur service particulière 4294967295 (0xFFFFFFFF).
    2009-03-13 09:06:25, error: Service Control Manager [7011] - Délai (30000 millisecondes) d'attente pour une réponse du service Symantec AntiVirus à une transaction.
    2009-03-13 09:06:45, error: Service Control Manager [7024] - Le service Symantec SPBBCSvc s'est arrêté avec l'erreur service particulière 4294967295 (0xFFFFFFFF).
    2009-03-13 09:12:06, error: Service Control Manager [7011] - Délai (30000 millisecondes) d'attente pour une réponse du service Symantec AntiVirus à une transaction.
    2009-03-13 09:12:20, error: Service Control Manager [7024] - Le service Symantec SPBBCSvc s'est arrêté avec l'erreur service particulière 4294967295 (0xFFFFFFFF).
    2009-03-13 09:36:31, error: Service Control Manager [7011] - Délai (30000 millisecondes) d'attente pour une réponse du service Symantec AntiVirus à une transaction.
    2009-03-13 09:36:57, error: Service Control Manager [7024] - Le service Symantec SPBBCSvc s'est arrêté avec l'erreur service particulière 4294967295 (0xFFFFFFFF).
    2009-03-13 12:58:21, error: W32Time [34] - Le service de temps a détecté que l'heure système doit être modifiée de +86610 secondes. Le service de temps ne va pas modifier l'heure système de plus de +54000 secondes. Vérifiez que votre heure et votre fuseau horaire sont corrects et que la source de temps time.windows.com (ntp.m|0x1|192.168.1.103:123->207.46.232.182:123) fonctionne correctement.
    2009-03-13 17:08:20, error: W32Time [34] - Le service de temps a détecté que l'heure système doit être modifiée de +86611 secondes. Le service de temps ne va pas modifier l'heure système de plus de +54000 secondes. Vérifiez que votre heure et votre fuseau horaire sont corrects et que la source de temps time.windows.com (ntp.m|0x1|192.168.1.103:123->207.46.232.182:123) fonctionne correctement.
    2009-03-13 17:08:52, error: Service Control Manager [7024] - Le service Symantec SPBBCSvc s'est arrêté avec l'erreur service particulière 4294967295 (0xFFFFFFFF).
    2009-03-14 07:57:07, error: Service Control Manager [7009] - Délai (30000 millisecondes) d'attente pour une connexion du service ICF.
    2009-03-14 07:57:07, error: Service Control Manager [7000] - Le service ICF n'a pas pu démarrer en raison de l'erreur : Le service n'a pas répondu assez vite à la demande de lancement ou de contrôle.
    2009-03-14 07:58:03, error: Service Control Manager [7024] - Le service Symantec SPBBCSvc s'est arrêté avec l'erreur service particulière 4294967295 (0xFFFFFFFF).
    2009-03-14 08:00:42, error: Service Control Manager [7009] - Délai (30000 millisecondes) d'attente pour une connexion du service ICF.
    2009-03-14 08:00:42, error: Service Control Manager [7000] - Le service ICF n'a pas pu démarrer en raison de l'erreur : Le service n'a pas répondu assez vite à la demande de lancement ou de contrôle.
    2009-03-14 08:01:37, error: Service Control Manager [7024] - Le service Symantec SPBBCSvc s'est arrêté avec l'erreur service particulière 4294967295 (0xFFFFFFFF).
    2009-03-14 08:03:56, error: Service Control Manager [7009] - Délai (30000 millisecondes) d'attente pour une connexion du service ICF.
    2009-03-14 08:04:53, error: Service Control Manager [7024] - Le service Symantec SPBBCSvc s'est arrêté avec l'erreur service particulière 4294967295 (0xFFFFFFFF).
    2009-03-14 08:07:26, error: Service Control Manager [7009] - Délai (30000 millisecondes) d'attente pour une connexion du service ICF.
    2009-03-14 08:08:22, error: Service Control Manager [7024] - Le service Symantec SPBBCSvc s'est arrêté avec l'erreur service particulière 4294967295 (0xFFFFFFFF).
    2009-03-14 08:12:22, error: DCOM [10005] - DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2009-03-14 08:12:39, error: DCOM [10005] - DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman avec les arguments "" pour démarrer le serveur : {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    2009-03-14 08:12:49, error: DCOM [10005] - DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman avec les arguments "" pour démarrer le serveur : {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    2009-03-14 08:12:53, error: Service Control Manager [7001] - Le service Client DHCP dépend du service NetBIOS sur TCP/IP qui n'a pas pu démarrer en raison de l'erreur : Un périphérique attaché au système ne fonctionne pas correctement.
    2009-03-14 08:12:53, error: Service Control Manager [7001] - Le service Client DNS dépend du service Pilote du protocole TCP/IP qui n'a pas pu démarrer en raison de l'erreur : Un périphérique attaché au système ne fonctionne pas correctement.
    2009-03-14 08:12:53, error: Service Control Manager [7001] - Le service Assistance TCP/IP NetBIOS dépend du service AFD qui n'a pas pu démarrer en raison de l'erreur : Un périphérique attaché au système ne fonctionne pas correctement.
    2009-03-14 08:12:53, error: Service Control Manager [7001] - Le service Services IPSEC dépend du service Pilote IPSEC qui n'a pas pu démarrer en raison de l'erreur : Un périphérique attaché au système ne fonctionne pas correctement.
    2009-03-14 08:12:53, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : AFD AVG Anti-Spyware Driver eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRTPEL SPBBCDrv Tcpip
    2009-03-14 08:18:56, error: Service Control Manager [7006] - L'appel ScRegSetValueExW a échoué pour Start avec l'erreur : Accès refusé.
    2009-03-14 08:19:44, error: Service Control Manager [7006] - L'appel ScRegSetValueExW a échoué pour DeleteFlag avec l'erreur : Accès refusé.
    2009-03-14 08:33:40, error: SRService [104] - Le processus d'initialisation de la restauration du système a échoué.
    2009-03-14 08:34:19, error: DCOM [10005] - DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2009-03-14 08:34:51, error: Service Control Manager [7001] - Le service Client DHCP dépend du service NetBIOS sur TCP/IP qui n'a pas pu démarrer en raison de l'erreur : Un périphérique attaché au système ne fonctionne pas correctement.
    2009-03-14 08:34:51, error: Service Control Manager [7001] - Le service Client DNS dépend du service Pilote du protocole TCP/IP qui n'a pas pu démarrer en raison de l'erreur : Un périphérique attaché au système ne fonctionne pas correctement.
    2009-03-14 08:34:51, error: Service Control Manager [7001] - Le service Assistance TCP/IP NetBIOS dépend du service AFD qui n'a pas pu démarrer en raison de l'erreur : Un périphérique attaché au système ne fonctionne pas correctement.
    2009-03-14 08:34:51, error: Service Control Manager [7001] - Le service Services IPSEC dépend du service Pilote IPSEC qui n'a pas pu démarrer en raison de l'erreur : Un périphérique attaché au système ne fonctionne pas correctement.
    2009-03-14 08:34:51, error: Service Control Manager [7023] - Le service Service de restauration système s'est arrêté avec l'erreur : Le fichier spécifié est introuvable.
    2009-03-14 08:34:51, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : AFD AVG Anti-Spyware Driver eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRTPEL SPBBCDrv Tcpip
    2009-03-14 10:29:02, error: DCOM [10005] - DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman avec les arguments "" pour démarrer le serveur : {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    2009-03-14 10:29:16, error: DCOM [10005] - DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2009-03-14 10:30:36, error: SRService [104] - Le processus d'initialisation de la restauration du système a échoué.
    2009-03-14 10:31:11, error: DCOM [10005] - DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2009-03-14 10:31:23, error: DCOM [10005] - DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman avec les arguments "" pour démarrer le serveur : {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    2009-03-14 10:31:43, error: Service Control Manager [7001] - Le service Client DHCP dépend du service NetBIOS sur TCP/IP qui n'a pas pu démarrer en raison de l'erreur : Un périphérique attaché au système ne fonctionne pas correctement.
    2009-03-14 10:31:43, error: Service Control Manager [7001] - Le service Client DNS dépend du service Pilote du protocole TCP/IP qui n'a pas pu démarrer en raison de l'erreur : Un périphérique attaché au système ne fonctionne pas correctement.
    2009-03-14 10:31:43, error: Service Control Manager [7001] - Le service Assistance TCP/IP NetBIOS dépend du service AFD qui n'a pas pu démarrer en raison de l'erreur : Un périphérique attaché au système ne fonctionne pas correctement.
    2009-03-14 10:31:43, error: Service Control Manager [7001] - Le service Services IPSEC dépend du service Pilote IPSEC qui n'a pas pu démarrer en raison de l'erreur : Un périphérique attaché au système ne fonctionne pas correctement.
    2009-03-14 10:31:43, error: Service Control Manager [7023] - Le service Service de restauration système s'est arrêté avec l'erreur : Le fichier spécifié est introuvable.
    2009-03-14 10:31:43, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : AFD AVG Anti-Spyware Driver eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRTPEL SPBBCDrv Tcpip
    2009-03-14 10:31:48, error: DCOM [10005] - DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2009-03-14 10:33:07, error: SRService [104] - Le processus d'initialisation de la restauration du système a échoué.
    2009-03-14 10:33:08, error: Service Control Manager [7023] - Le service Service de restauration système s'est arrêté avec l'erreur : Le fichier spécifié est introuvable.
    2009-03-14 10:34:04, error: Service Control Manager [7024] - Le service Symantec SPBBCSvc s'est arrêté avec l'erreur service particulière 4294967295 (0xFFFFFFFF).
    2009-03-14 10:44:02, error: DCOM [10005] - DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2009-03-14 10:44:18, error: DCOM [10005] - DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman avec les arguments "" pour démarrer le serveur : {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    2009-03-14 10:44:19, error: DCOM [10005] - DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman avec les arguments "" pour démarrer le serveur : {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    2009-03-14 10:44:36, error: Service Control Manager [7001] - Le service Client DHCP dépend du service NetBIOS sur TCP/IP qui n'a pas pu démarrer en raison de l'erreur : Un périphérique attaché au système ne fonctionne pas correctement.
    2009-03-14 10:44:36, error: Service Control Manager [7001] - Le service Client DNS dépend du service Pilote du protocole TCP/IP qui n'a pas pu démarrer en raison de l'erreur : Un périphérique attaché au système ne fonctionne pas correctement.
    2009-03-14 10:44:36, error: Service Control Manager [7001] - Le service Assistance TCP/IP NetBIOS dépend du service AFD qui n'a pas pu démarrer en raison de l'erreur : Un périphérique attaché au système ne fonctionne pas correctement.
    2009-03-14 10:44:36, error: Service Control Manager [7001] - Le service Services IPSEC dépend du service Pilote IPSEC qui n'a pas pu démarrer en raison de l'erreur : Un périphérique attaché au système ne fonctionne pas correctement.
    2009-03-14 10:44:36, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : AFD AVG Anti-Spyware Driver eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRTPEL SPBBCDrv Tcpip
    2009-03-14 12:09:38, error: DCOM [10005] - DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2009-03-14 12:11:36, error: DCOM [10005] - DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2009-03-14 12:11:52, error: DCOM [10005] - DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman avec les arguments "" pour démarrer le serveur : {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    2009-03-14 12:12:10, error: Service Control Manager [7001] - Le service Client DHCP dépend du service NetBIOS sur TCP/IP qui n'a pas pu démarrer en raison de l'erreur : Un périphérique attaché au système ne fonctionne pas correctement.
    2009-03-14 12:12:10, error: Service Control Manager [7001] - Le service Client DNS dépend du service Pilote du protocole TCP/IP qui n'a pas pu démarrer en raison de l'erreur : Un périphérique attaché au système ne fonctionne pas correctement.
    2009-03-14 12:12:10, error: Service Control Manager [7001] - Le service Assistance TCP/IP NetBIOS dépend du service AFD qui n'a pas pu démarrer en raison de l'erreur : Un périphérique attaché au système ne fonctionne pas correctement.
    2009-03-14 12:12:10, error: Service Control Manager [7001] - Le service Services IPSEC dépend du service Pilote IPSEC qui n'a pas pu démarrer en raison de l'erreur : Un périphérique attaché au système ne fonctionne pas correctement.
    2009-03-14 12:12:10, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : AFD AVG Anti-Spyware Driver eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRTPEL SPBBCDrv Tcpip
    2009-03-14 12:12:25, error: DCOM [10005] - DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2009-03-14 12:13:41, error: Print [19] - Échec du partage de l'imprimante + 1722, Imprimante HP Photosmart C6100 series fax nom de partage Imprimante2.
    2009-03-14 12:14:38, error: Service Control Manager [7024] - Le service Symantec SPBBCSvc s'est arrêté avec l'erreur service particulière 4294967295 (0xFFFFFFFF).
    2009-03-14 12:19:03, error: Service Control Manager [7024] - Le service Symantec SPBBCSvc s'est arrêté avec l'erreur service particulière 4294967295 (0xFFFFFFFF).

    ==== End Of File ===========================
    20 Mars 2009 10:20:18

    Re,

    Le rapport de Kaspersky est trop long.

    Uploade-le sur mediafire :

  • Rends-toi sur ce lien : http://www.mediafire.com/
  • Clique en haut sur "Upload files To Media fire". Choisis ensuite "I want to upload without an account"
  • Une fenêtre de ton explorateur windows va s'ouvrir. Navigue jusqu'au rapport que je te demande d'uploader, sélectionne-le puis clique sur "ouvrir".
  • Clique ensuite sur "Upload".
  • A droite de l'écran, choisis : "upload to a new folder". Laisse le nom par défaut ( = la date )
  • Valide et laisse l'upload se faire.
  • Clique sur "Vieuw uploaded file" et copie-moi l'url ( = le lien ) du nouvel onglet ou de la nouvelle fenêtre qui va s'ouvrir dans ton prochain message. Ainsi, je pourrais télécharger le rapport demandé.

    ;) 
    26 Mars 2009 01:32:47

    Bonjour Egwene.

    J'imagine que tu es bien occupé.

    J'attends toujours ton analyse du fichier que j'ai mis sur mediafire.

    Merci de me donner suite pour éliminer les virus qui ont envahi mon ordinateur.

    Merci.

    27 Mars 2009 12:22:52

    :hello:  piermor,

    Vouii, je suis vraiment désolé, j'ai beaucoup de mal depuis 2 mois à suivre régulièrement mes désinfections, ce qui explique que je n'en prends plus, sauf cas exceptionnel, comme là où Calimero n'aurait pas pu t'aider, puisqu'il est en formation et que ton cas était trop dur pour lui actuellement.

    Hésite pas à me MP si pas de réponse en 24h.

    Reposte-moi un log Combofix et vois si tu peux me fournir le rapport de Kaspersky Online, je n'arrive pas à l'obtenir sur mediafire, il ne semble plus disponible.

    Merci pour ta patience.

    ;) 
    28 Mars 2009 00:31:42

    Heureux de te revoir.

    Je te joins d'abord mon dernier fichier COmboFIx et dans une réponse subséquente je vais te donner l'adresse url de mon fichier sur mediafire.

    ComboFix 09-03-15.01 - arkema 2009-03-17 6:54:07.5 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1367 [GMT -4:00]
    Lancé depuis: c:\documents and settings\arkema\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\arkema\Bureau\CFScript.txt
    AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
    * Un nouveau point de restauration a été créé

    FILE ::
    c:\windows\system32\btpanu.dll
    c:\windows\system32\Drivers\ati1ksxx.sys
    c:\windows\system32\drivers\xydxeuuo.sys
    c:\windows\system32\omvlqnf.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\btpanu.dll
    c:\windows\system32\drivers\xydxeuuo.sys
    c:\windows\system32\omvlqnf.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_XYDXEUUO
    -------\Service_ati1ksxx
    -------\Service_xydxeuuo


    ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-17 au 2009-03-17 ))))))))))))))))))))))))))))))))))))
    .

    2009-03-15 13:38 . 2009-03-15 13:38 <REP> d-------- c:\documents and settings\arkema\Application Data\wfvhrssu
    2009-03-14 11:40 . 2009-03-14 11:40 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-03-14 11:40 . 2009-03-14 11:40 <REP> d-------- c:\documents and settings\arkema\Application Data\Malwarebytes
    2009-03-14 11:40 . 2009-03-14 11:40 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-03-14 11:40 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-03-14 11:40 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-03-14 11:36 . 2009-03-14 11:36 <REP> d-------- c:\documents and settings\NetworkService\Application Data\wfvhrssu
    2009-03-14 09:18 . 2009-03-14 09:18 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
    2009-03-14 09:13 . 2009-03-14 09:14 <REP> d-------- c:\windows\ERUNT
    2009-03-14 08:53 . 2009-03-14 10:16 <REP> d-------- C:\SDFix
    2009-03-07 16:20 . 2009-03-07 16:24 <REP> d-------- c:\documents and settings\arkema\Application Data\yoclient
    2009-03-07 15:25 . 2009-03-07 15:25 <REP> d-------- c:\program files\Zylom Games
    2009-03-07 15:25 . 2009-03-07 15:25 <REP> d-------- c:\documents and settings\All Users\Application Data\Zylom
    2009-02-22 20:12 . 2009-02-22 20:12 410,984 --a------ c:\windows\system32\deploytk.dll
    2009-02-22 19:42 . 2009-02-22 19:42 <REP> d-------- c:\program files\MSBuild
    2009-02-22 19:42 . 2009-02-22 19:42 <REP> d-------- c:\program files\Microsoft Works
    2009-02-22 19:41 . 2009-02-22 19:41 <REP> d-------- c:\program files\Microsoft.NET
    2009-02-22 19:36 . 2009-02-22 19:36 <REP> d-------- c:\program files\Microsoft Visual Studio 8
    2009-02-22 19:35 . 2009-03-10 03:00 <REP> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-02-22 19:30 . 2009-02-22 19:30 <REP> dr-h----- C:\MSOCache

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-13 22:00 --------- d-----w c:\program files\Norton Security Scan
    2009-03-13 21:19 --------- d-----w c:\program files\Navilog1
    2009-03-13 21:06 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-13 01:32 --------- d-----w c:\program files\Google
    2009-03-13 01:27 --------- d-----w c:\program files\Symantec AntiVirus
    2009-03-03 21:54 --------- d-----w c:\program files\Warcraft III
    2009-02-27 14:52 --------- d-----w c:\program files\Microsoft Games
    2009-02-23 00:12 --------- d-----w c:\program files\Java
    2009-02-14 21:50 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
    2009-01-06 00:54 22,328 ----a-w c:\documents and settings\arkema\Application Data\PnkBstrK.sys
    2008-10-06 17:01 24 ----a-w c:\documents and settings\arkema\jagex_runescape_preferences.dat
    2007-08-15 22:29 47,360 ----a-w c:\documents and settings\arkema\Application Data\pcouffin.sys
    2007-01-07 16:01 32 ----a-r c:\documents and settings\All Users\hash.dat
    2008-12-19 01:45 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
    2008-12-19 01:45 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2008-12-19 01:45 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
    2008-12-19 01:45 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
    2008-12-19 01:45 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .


    ---- c:\windows\system32\dllcache\user32.dll ----
    Company: Microsoft Corporation
    File Description: DLL client de l'API Utilisateur de Windows XP
    File Version: 5.1.2600.5512 (xpsp.080413-2105)
    Product Name: SystŠme d'exploitation Microsoft© Windows©
    Copyright: ¸ Microsoft Corporation. Tous droits r‚serv‚s.
    Original file name: user32
    MD5: e853f84d3ce2faa2a802e33cf89ac023

    ---- Directory of c:\documents and settings\arkema\Application Data\wfvhrssu ----

    2009-03-15 13:39 65536 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\cert8.db
    2009-03-15 13:39 2048 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\cookies.sqlite
    2009-03-15 13:39 0 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\places.sqlite-journal
    2009-03-15 13:38 96185 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\xpti.dat
    2009-03-15 13:38 8296 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\pluginreg.dat
    2009-03-15 13:38 569 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\localstore.rdf
    2009-03-15 13:38 4096 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\formhistory.sqlite
    2009-03-15 13:38 367 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\prefs.js
    2009-03-15 13:38 215 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\compatibility.ini
    2009-03-15 13:38 2048 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\webappsstore.sqlite
    2009-03-15 13:38 2048 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\permissions.sqlite
    2009-03-15 13:38 16384 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\secmod.db
    2009-03-15 13:38 16384 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\key3.db
    2009-03-15 13:38 131072 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\places.sqlite
    2009-03-15 13:38 127820 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\compreg.dat
    2009-03-15 13:38 111 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\profiles.ini


    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856]
    "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-31 67128]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
    "msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="-" [X]
    "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
    "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-22 136600]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
    "MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984]
    "JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
    "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
    "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
    "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "MaxtorOneTouch"="c:\program files\Maxtor\ManagerApp\Onetouch.exe" [2006-08-11 712704]
    "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2006-08-11 81920]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
    "nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
    "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

    c:\documents and settings\arkema\Menu D‚marrer\Programmes\D‚marrage\
    PowerReg Scheduler.exe [2007-09-16 256000]
    SpamPal.lnk - c:\program files\SpamPal\spampal.exe [2005-10-24 387616]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-01-08 221247]
    AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2007-01-16 102455]
    D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-31 67128]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-21 784912]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2007-11-15 11:10 72208 c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\vio\dvacm.acm
    "msacm.mpegacm"= mpegacm.acm
    "msacm.ulmp3acm"= ulmp3acm.acm

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0qyxx.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0yxxx.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1ksxx.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2fnxx.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5nvxx.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7rqxx.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8baxx.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\WINDOWS\\system32\\dpnsvr.exe"=
    "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\EA SPORTS\\NASCAR Thunder TM 2004\\NASCAR_Thunder_2004.exe"=
    "c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
    "c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
    "c:\\Program Files\\IBM\\Lotus\\Notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.j2se.win32.x86_1.5.0.SR4-200707311521\\jre\\bin\\notes2w.exe"=
    "c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
    "c:\\Program Files\\Microsoft Games\\Motocross Madness 2\\MCM2.ICD"=
    "c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\\Nexon\\Combat Arms\\NMService.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
    "c:\\Program Files\\EA SPORTS\\NBA Live 2003\\nba2003.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2007-01-08 6656]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-01-08 3712]
    R2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [2007-01-08 28672]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-27 101936]
    S3 CEBDADTV;C&E DVB-T device;c:\windows\system32\DRIVERS\CEBDA150.sys --> c:\windows\system32\DRIVERS\CEBDA150.sys [?]
    S3 iComp;Hauppauge WinTV PVR2 USB2 Encoder;c:\windows\system32\drivers\HCWUSB2.sys [2007-01-16 1458688]
    S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]

    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - XYDXEUUO

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ddc4b8f-bf7e-11dc-9282-0018e70af722}]
    \Shell\AutoRun\command - g:\setup\rsrc\Autorun.exe
    \Shell\dinstall\command - g:\directx\dxsetup.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2009-03-13 c:\windows\Tasks\Norton Security Scan for arkema.job
    - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 05:18]

    2009-03-17 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{3732EDF4-F591-4ABF-A3D3-43D17D205544} - (no file)
    BHO-{84483594-190C-48A1-8C9D-6AE24DC988D3} - (no file)


    .
    ------- Examen supplémentaire -------
    .
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
    DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://www.freeworldgroup.com/games6/chocolatier/build/Chocola...
    DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://incredigamesfr.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab
    FF - ProfilePath - c:\documents and settings\arkema\Application Data\Mozilla\Firefox\Profiles\7k6ivu6s.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-17 06:57:30
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ccEvtMgr]
    "ImagePath"="-"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SAVRT]
    "ImagePath"="-"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SNDSrvc]
    "ImagePath"="-"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SYMTDI]
    "ImagePath"="-"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(808)
    c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
    c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll
    c:\windows\system32\ACTIVEDS.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
    c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    c:\windows\system32\bgsvcgen.exe
    c:\program files\Symantec AntiVirus\DefWatch.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
    c:\program files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\mnmsrvc.exe
    c:\program files\Maxtor\Utils\SyncServices.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\Symantec AntiVirus\Rtvscan.exe
    c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files\RealVNC\VNC4\winvnc4.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Netropa\Multimedia Keyboard\Traymon.exe
    c:\program files\Netropa\Onscreen Display\osd.exe
    c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
    c:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe
    c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
    c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
    c:\program files\HP\Digital Imaging\bin\hpqste08.exe
    c:\windows\system32\msiexec.exe
    c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
    .
    **************************************************************************
    .
    Heure de fin: 2009-03-17 7:06:46 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-03-17 11:06:43
    ComboFix2.txt 2009-03-16 00:30:57
    ComboFix3.txt 2008-03-03 17:27:35
    ComboFix4.txt 2008-03-03 17:24:38
    ComboFix5.txt 2009-03-17 10:53:18

    Avant-CF: 214 910 308 352 octets libres
    Après-CF: 214,908,444,672 octets libres

    Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
    319 --- E O F --- 2009-03-16 07:01:56
    1 Avril 2009 20:22:18

    Bonjour Egwene.

    J'ai été hors du pays depuis 5 jours et je constate que je n'ai pas reçu de tes nouvelles.

    Peux-tu me faire part de la suite des démaraches.

    Merci.

    2 Avril 2009 14:15:58

    :hello: 

    Effectivement, je suis désolé :/ 

    Relance combofix en double-cliquant dessus, comme tu l'avais la première fois et poste-moi le rapport.

    N.B : Hésite pas à me MP si pas de réponse en 36h/48h.

    ;) 
    4 Avril 2009 13:01:11

    Rebonjour.

    Tu trouveras ci-joint le nouveau rapport Combofix.

    J'attends de tes nouvelles.


    Merci.

    ComboFix 09-04-03.01 - arkema 2009-04-03 6:44:47.6 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1411 [GMT -4:00]
    Lancé depuis: C:\Documents and Settings\arkema\Bureau\ComboFix.exe
    AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
    * Un nouveau point de restauration a été créé
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-03 au 2009-04-03 ))))))))))))))))))))))))))))))))))))
    .

    2009-03-28 16:52 . 2009-03-28 16:53 <REP> d-------- C:\Program Files\Euro Truck Simulator
    2009-03-15 13:38 . 2009-03-15 13:38 <REP> d-------- C:\Documents and Settings\arkema\Application Data\wfvhrssu
    2009-03-14 11:40 . 2009-03-14 11:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2009-03-14 11:40 . 2009-03-14 11:40 <REP> d-------- C:\Documents and Settings\arkema\Application Data\Malwarebytes
    2009-03-14 11:40 . 2009-03-14 11:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-03-14 11:40 . 2009-02-11 10:19 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2009-03-14 11:40 . 2009-02-11 10:19 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2009-03-14 11:36 . 2009-03-14 11:36 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\wfvhrssu
    2009-03-14 09:18 . 2009-03-14 09:18 579,584 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
    2009-03-14 09:13 . 2009-03-14 09:14 <REP> d-------- C:\WINDOWS\ERUNT
    2009-03-14 08:53 . 2009-03-14 10:16 <REP> d-------- C:\SDFix
    2009-03-07 16:20 . 2009-03-07 16:24 <REP> d-------- C:\Documents and Settings\arkema\Application Data\yoclient
    2009-03-07 15:25 . 2009-03-07 15:25 <REP> d-------- C:\Program Files\Zylom Games
    2009-03-07 15:25 . 2009-03-07 15:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Zylom

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-04-01 23:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2009-04-01 22:00 --------- d-----w C:\Program Files\Norton Security Scan
    2009-03-28 19:00 34 ----a-w C:\Documents and Settings\arkema\jagex_runescape_preferences.dat
    2009-03-16 00:21 104,960 ----a-w C:\WINDOWS\system32\wtgdqpb.dll
    2009-03-14 13:02 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
    2009-03-13 21:19 --------- d-----w C:\Program Files\Navilog1
    2009-03-13 21:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-13 01:32 --------- d-----w C:\Program Files\Google
    2009-03-13 01:27 --------- d-----w C:\Program Files\Symantec AntiVirus
    2009-03-03 21:54 --------- d-----w C:\Program Files\Warcraft III
    2009-02-27 14:52 --------- d-----w C:\Program Files\Microsoft Games
    2009-02-23 00:12 410,984 ----a-w C:\WINDOWS\system32\deploytk.dll
    2009-02-23 00:12 --------- d-----w C:\Program Files\Java
    2009-02-22 23:42 --------- d-----w C:\Program Files\MSBuild
    2009-02-22 23:42 --------- d-----w C:\Program Files\Microsoft Works
    2009-02-22 23:41 --------- d-----w C:\Program Files\Microsoft.NET
    2009-02-22 23:36 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
    2009-02-14 21:50 138,464 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2009-02-14 21:50 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2009-02-09 14:05 1,846,912 ----a-w C:\WINDOWS\system32\win32k.sys
    2009-01-06 00:54 682,280 ----a-w C:\WINDOWS\system32\pbsvc.exe
    2009-01-06 00:54 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
    2009-01-06 00:54 22,328 ----a-w C:\Documents and Settings\arkema\Application Data\PnkBstrK.sys
    2007-08-15 22:29 47,360 ----a-w C:\Documents and Settings\arkema\Application Data\pcouffin.sys
    2007-01-07 16:01 32 ----a-r C:\Documents and Settings\All Users\hash.dat
    2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
    2008-12-19 01:45 67,688 ----a-w C:\Program Files\mozilla firefox\components\jar50.dll
    2008-12-19 01:45 54,368 ----a-w C:\Program Files\mozilla firefox\components\jsd3250.dll
    2008-12-19 01:45 34,944 ----a-w C:\Program Files\mozilla firefox\components\myspell.dll
    2008-12-19 01:45 46,712 ----a-w C:\Program Files\mozilla firefox\components\spellchk.dll
    2008-12-19 01:45 172,136 ----a-w C:\Program Files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 04:12 68856]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-31 08:18 67128]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 22:33 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
    "msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-12-29 06:40 687560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="-" [X]
    "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 21:33 125168]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-02-22 20:12 136600]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 06:07 843776]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
    "MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 08:09 425984]
    "JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 04:45 385024]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41 196608]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07 69632]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
    "MaxtorOneTouch"="C:\Program Files\Maxtor\ManagerApp\Onetouch.exe" [2006-08-11 08:45 712704]
    "mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2006-08-11 11:15 81920]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 18:35 32768]
    "nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 22:33 15360]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]

    C:\Documents and Settings\arkema\Menu D‚marrer\Programmes\D‚marrage\
    PowerReg Scheduler.exe [2007-09-16 09:22:32 256000]
    SpamPal.lnk - C:\Program Files\SpamPal\spampal.exe [2005-10-24 21:08:06 387616]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2007-01-08 16:21:52 221247]
    AutoStart IR.lnk - C:\Program Files\WinTV\Ir.exe [2007-01-16 22:12:35 102455]
    D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20 73728]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-31 08:18:44 67128]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-21 21:10:27 784912]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2007-11-15 11:10 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\vio\dvacm.acm
    "msacm.mpegacm"= mpegacm.acm
    "msacm.ulmp3acm"= ulmp3acm.acm

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0qyxx.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0yxxx.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1ksxx.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2fnxx.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5nvxx.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7rqxx.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8baxx.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\WINDOWS\\system32\\dpnsvr.exe"=
    "C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "C:\\Program Files\\EA SPORTS\\NASCAR Thunder TM 2004\\NASCAR_Thunder_2004.exe"=
    "C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
    "C:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
    "C:\\Program Files\\IBM\\Lotus\\Notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.j2se.win32.x86_1.5.0.SR4-200707311521\\jre\\bin\\notes2w.exe"=
    "C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
    "C:\\Program Files\\Microsoft Games\\Motocross Madness 2\\MCM2.ICD"=
    "C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "C:\\Nexon\\Combat Arms\\NMService.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
    "C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
    "C:\\Program Files\\EA SPORTS\\NBA Live 2003\\nba2003.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\EA SPORTS\\Madden NFL 08\\mainapp.exe"=
    "C:\\Program Files\\EA SPORTS\\NHL08\\nhl2008.exe"=

    R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\drivers\Msikbd2k.sys [2007-01-08 16:03:35 6656]
    R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\drivers\LBeepKE.sys [2007-01-08 15:13:19 3712]
    R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2007-01-08 16:03:36 28672]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-27 21:01:23 101936]
    S3 CEBDADTV;C&E DVB-T device;C:\WINDOWS\system32\DRIVERS\CEBDA150.sys --> C:\WINDOWS\system32\DRIVERS\CEBDA150.sys [?]
    S3 iComp;Hauppauge WinTV PVR2 USB2 Encoder;C:\WINDOWS\system32\drivers\HCWUSB2.sys [2007-01-16 22:00:22 1458688]
    S3 SavRoam;SAVRoam;C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-09-27 21:33:38 116464]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ddc4b8f-bf7e-11dc-9282-0018e70af722}]
    \Shell\AutoRun\command - G:\setup\rsrc\Autorun.exe
    \Shell\dinstall\command - G:\Directx\dxsetup.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2009-04-01 C:\WINDOWS\Tasks\Norton Security Scan for arkema.job
    - C:\Program Files\Norton Security Scan\Nss.exe [2008-09-19 05:18]

    2009-04-03 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
    .
    .
    ------- Examen supplémentaire -------
    .
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
    DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://www.freeworldgroup.com/games6/chocolatier/build/Chocola...
    DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://incredigamesfr.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab
    FF - ProfilePath - C:\Documents and Settings\arkema\Application Data\Mozilla\Firefox\Profiles\7k6ivu6s.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - component: C:\Program Files\Mozilla Firefox\components\xpinstal.dll
    .
    4 Avril 2009 18:53:32

    Re,

    D'abord je veux être sûr que tu puisses voir les fichiers/dossiers cachés :

    [~]Aller dans poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK
    [~]Aller dans poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d'exploitation./Appliquer - - > OK
    Tu recocheras après.

    [~] Poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu./Appliquer - - > OK

    Rends toi sur ce lien : Virus Total
  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :

    C:\WINDOWS\system32\wtgdqpb.dll

  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image :
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
    Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.

    Refais la même chose pour : C:\WINDOWS\system32\svchost.exe

    ;) 
    4 Avril 2009 22:02:18

    Voici le premier rapport.


    Fichier wtgdqpb.dll reçu le 2009.04.04 21:58:50 (CET)
    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.101 2009.04.04 -
    AhnLab-V3 5.0.0.2 2009.04.04 -
    AntiVir 7.9.0.129 2009.04.03 TR/Drop.Softomat.AN
    Antiy-AVL 2.0.3.1 2009.04.04 -
    Authentium 5.1.2.4 2009.04.04 -
    Avast 4.8.1335.0 2009.04.04 -
    AVG 8.5.0.285 2009.04.04 -
    BitDefender 7.2 2009.04.04 -
    CAT-QuickHeal 10.00 2009.04.04 -
    ClamAV 0.94.1 2009.04.04 -
    Comodo 1099 2009.04.04 -
    DrWeb 4.44.0.09170 2009.04.04 -
    eSafe 7.0.17.0 2009.04.02 -
    eTrust-Vet 31.6.6435 2009.04.03 -
    F-Prot 4.4.4.56 2009.04.03 -
    F-Secure 8.0.14470.0 2009.04.04 -
    Fortinet 3.117.0.0 2009.04.04 -
    GData 19 2009.04.04 -
    Ikarus T3.1.1.49.0 2009.04.04 -
    K7AntiVirus 7.10.692 2009.04.03 -
    Kaspersky 7.0.0.125 2009.04.04 -
    McAfee 5574 2009.04.04 -
    McAfee+Artemis 5574 2009.04.04 -
    McAfee-GW-Edition 6.7.6 2009.04.03 Trojan.Drop.Softomat.AN
    Microsoft 1.4502 2009.04.04 -
    NOD32 3988 2009.04.04 -
    Norman 6.00.06 2009.04.03 -
    nProtect 2009.1.8.0 2009.04.04 -
    Panda 10.0.0.14 2009.04.04 -
    PCTools 4.4.2.0 2009.04.04 -
    Prevx1 V2 2009.04.04 -
    Rising 21.23.41.00 2009.04.03 -
    Sophos 4.40.0 2009.04.04 -
    Sunbelt 3.2.1858.2 2009.04.04 -
    Symantec 1.4.4.12 2009.04.04 -
    TheHacker 6.3.4.0.302 2009.04.04 -
    TrendMicro 8.700.0.1004 2009.04.03 -
    VBA32 3.12.10.2 2009.04.03 -
    ViRobot 2009.4.4.1678 2009.04.04 -
    VirusBuster 4.6.5.0 2009.04.04 -
    Information additionnelle
    File size: 104960 bytes
    MD5...: b168e648aa1f30bcadf0df5d0ca1d3d8
    SHA1..: 8860059c6ce8e4c756a9b62c98a03085bad63275
    SHA256: 7917d7508a346608ab8ffb1c514007b3ade6f9b550e8ae39a8d9620d9cae1f19
    SHA512: d57e754fb9a041404be101d471daa65c515e0b926b131721f19b11116d15e12e<br>add4aa5023017734f0e68b40df95210141b3ebe3570dd3488ea1922272712fcf
    ssdeep: 1536:r91FgyYlm8CEfOeK6hrMuiU8HaypLgjqlzaHFsB0LGcraMditOL7hQqaDYm<br>vznOL:ju5lm6O8rzypLpkFZrt0O/EYmDO<br>
    PEiD..: -
    TrID..: File type identification<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (100.0%)
    PEInfo: -
    RDS...: NSRL Reference Data Set<br>-

    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.101 2009.04.04 -
    AhnLab-V3 5.0.0.2 2009.04.04 -
    AntiVir 7.9.0.129 2009.04.03 TR/Drop.Softomat.AN
    Antiy-AVL 2.0.3.1 2009.04.04 -
    Authentium 5.1.2.4 2009.04.04 -
    Avast 4.8.1335.0 2009.04.04 -
    AVG 8.5.0.285 2009.04.04 -
    BitDefender 7.2 2009.04.04 -
    CAT-QuickHeal 10.00 2009.04.04 -
    ClamAV 0.94.1 2009.04.04 -
    Comodo 1099 2009.04.04 -
    DrWeb 4.44.0.09170 2009.04.04 -
    eSafe 7.0.17.0 2009.04.02 -
    eTrust-Vet 31.6.6435 2009.04.03 -
    F-Prot 4.4.4.56 2009.04.03 -
    F-Secure 8.0.14470.0 2009.04.04 -
    Fortinet 3.117.0.0 2009.04.04 -
    GData 19 2009.04.04 -
    Ikarus T3.1.1.49.0 2009.04.04 -
    K7AntiVirus 7.10.692 2009.04.03 -
    Kaspersky 7.0.0.125 2009.04.04 -
    McAfee 5574 2009.04.04 -
    McAfee+Artemis 5574 2009.04.04 -
    McAfee-GW-Edition 6.7.6 2009.04.03 Trojan.Drop.Softomat.AN
    Microsoft 1.4502 2009.04.04 -
    NOD32 3988 2009.04.04 -
    Norman 6.00.06 2009.04.03 -
    nProtect 2009.1.8.0 2009.04.04 -
    Panda 10.0.0.14 2009.04.04 -
    PCTools 4.4.2.0 2009.04.04 -
    Prevx1 V2 2009.04.04 -
    Rising 21.23.41.00 2009.04.03 -
    Sophos 4.40.0 2009.04.04 -
    Sunbelt 3.2.1858.2 2009.04.04 -
    Symantec 1.4.4.12 2009.04.04 -
    TheHacker 6.3.4.0.302 2009.04.04 -
    TrendMicro 8.700.0.1004 2009.04.03 -
    VBA32 3.12.10.2 2009.04.03 -
    ViRobot 2009.4.4.1678 2009.04.04 -
    VirusBuster 4.6.5.0 2009.04.04 -

    Information additionnelle
    File size: 104960 bytes
    MD5...: b168e648aa1f30bcadf0df5d0ca1d3d8
    SHA1..: 8860059c6ce8e4c756a9b62c98a03085bad63275
    SHA256: 7917d7508a346608ab8ffb1c514007b3ade6f9b550e8ae39a8d9620d9cae1f19
    SHA512: d57e754fb9a041404be101d471daa65c515e0b926b131721f19b11116d15e12e<br>add4aa5023017734f0e68b40df95210141b3ebe3570dd3488ea1922272712fcf
    ssdeep: 1536:r91FgyYlm8CEfOeK6hrMuiU8HaypLgjqlzaHFsB0LGcraMditOL7hQqaDYm<br>vznOL:ju5lm6O8rzypLpkFZrt0O/EYmDO<br>
    PEiD..: -
    TrID..: File type identification<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (100.0%)
    PEInfo: -
    RDS...: NSRL Reference Data Set<br>-

    4 Avril 2009 22:07:17

    Voici le rapport svchost.exe


    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.101 2009.04.04 -
    AhnLab-V3 5.0.0.2 2009.04.04 -
    AntiVir 7.9.0.129 2009.04.03 -
    Antiy-AVL 2.0.3.1 2009.04.04 -
    Authentium 5.1.2.4 2009.04.04 -
    Avast 4.8.1335.0 2009.04.04 -
    AVG 8.5.0.285 2009.04.04 -
    BitDefender 7.2 2009.04.04 -
    CAT-QuickHeal 10.00 2009.04.04 -
    ClamAV 0.94.1 2009.04.04 -
    Comodo 1099 2009.04.04 -
    DrWeb 4.44.0.09170 2009.04.04 -
    eSafe 7.0.17.0 2009.04.02 -
    eTrust-Vet 31.6.6435 2009.04.03 -
    F-Prot 4.4.4.56 2009.04.03 -
    F-Secure 8.0.14470.0 2009.04.04 -
    Fortinet 3.117.0.0 2009.04.04 -
    GData 19 2009.04.04 -
    Ikarus T3.1.1.49.0 2009.04.04 -
    K7AntiVirus 7.10.692 2009.04.03 -
    Kaspersky 7.0.0.125 2009.04.04 -
    McAfee 5574 2009.04.04 -
    McAfee+Artemis 5574 2009.04.04 -
    McAfee-GW-Edition 6.7.6 2009.04.03 -
    Microsoft 1.4502 2009.04.04 -
    NOD32 3988 2009.04.04 -
    Norman 6.00.06 2009.04.03 -
    nProtect 2009.1.8.0 2009.04.04 -
    Panda 10.0.0.14 2009.04.04 -
    PCTools 4.4.2.0 2009.04.04 -
    Prevx1 V2 2009.04.04 -
    Rising 21.23.41.00 2009.04.03 -
    Sophos 4.40.0 2009.04.04 -
    Sunbelt 3.2.1858.2 2009.04.04 -
    Symantec 1.4.4.12 2009.04.04 -
    TheHacker 6.3.4.0.302 2009.04.04 -
    TrendMicro 8.700.0.1004 2009.04.03 -
    VBA32 3.12.10.2 2009.04.03 -
    ViRobot 2009.4.4.1678 2009.04.04 -
    VirusBuster 4.6.5.0 2009.04.04 -

    Information additionnelle
    File size: 14336 bytes
    MD5...: e4bdf223cd75478bf44567b4d5c2634d
    SHA1..: 3d70560753b0ab43252311fa85e12f36a51a5f55
    SHA256: 6234155d6c02c67689744d21380b17db5fe395bc8622c71b046e40ca1767785a
    SHA512: b806bd12bc6a507aa87ac8ab347044f82c3593bfae3832d0a3e88a545a051776<br>177aa9214eeac785d64f35ae83e695f90859e655d5020ff195791cefff407c7e
    ssdeep: 384:nrdi+JmG6yqlCRaJt4RHS5LutGJae7g9VJnpWCNJbW:jcG6xlCRaJKGOA7SH<br>J<br>
    PEiD..: -
    TrID..: File type identification<br>Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x2509<br>timedatestamp.....: 0x48025bc0 (Sun Apr 13 19:15:12 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x2c00 0x2c00 6.29 48331595af9d9d52b478844a07357653<br>.data 0x4000 0x210 0x200 1.62 cbd504e46c836e09e8faabdcfbabaec2<br>.rsrc 0x5000 0x408 0x600 2.51 dcede0c303bbb48c6875eb64477e5882<br><br>( 4 imports ) <br>> ADVAPI32.dll: RegQueryValueExW, SetSecurityDescriptorDacl, SetEntriesInAclW, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, GetTokenInformation, OpenProcessToken, OpenThreadToken, SetServiceStatus, RegisterServiceCtrlHandlerW, RegCloseKey, RegOpenKeyExW, StartServiceCtrlDispatcherW<br>> KERNEL32.dll: HeapFree, GetLastError, WideCharToMultiByte, lstrlenW, LocalFree, GetCurrentProcess, GetCurrentThread, GetProcAddress, LoadLibraryExW, LeaveCriticalSection, HeapAlloc, EnterCriticalSection, LCMapStringW, FreeLibrary, lstrcpyW, ExpandEnvironmentStringsW, lstrcmpiW, ExitProcess, GetCommandLineW, InitializeCriticalSection, GetProcessHeap, SetErrorMode, SetUnhandledExceptionFilter, RegisterWaitForSingleObject, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, LocalAlloc, lstrcmpW, DelayLoadFailureHook<br>> ntdll.dll: NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, wcscat, wcscpy, RtlAllocateHeap, RtlCompareUnicodeString, RtlInitUnicodeString, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtClose, RtlSubAuthorityCountSid, RtlGetDaclSecurityDescriptor, RtlQueryInformationAcl, RtlGetAce, RtlImageNtHeader, wcslen, RtlUnhandledExceptionFilter, RtlCopySid<br>> RPCRT4.dll: RpcServerUnregisterIfEx, RpcMgmtWaitServerListen, RpcMgmtSetServerStackSize, RpcServerUnregisterIf, RpcServerListen, RpcServerUseProtseqEpW, RpcServerRegisterIf, I_RpcMapWin32Status, RpcMgmtStopServerListening<br><br>( 0 exports ) <br>
    RDS...: NSRL Reference Data Set<br>-
    9 Avril 2009 17:00:14

    Bonjour Egwene.

    As-tu eu le temps de prendre connaissance des rapports que je t'ai envoyés. Je crois que tu t'aproches car j'ai des fichiers contaminés dans ce rapport.

    Merci de me donner des nouvelles.
    19 Avril 2009 14:40:55

    Bonjour Egwene.

    Je pense que tu doit être déborder par le nombre de dossiers à traiter.

    Est-il possible que tu passes mon cas à un autre analyste. Nous avons commencé à travailler sur mon cas il y a mainteant plus d'un mois et mon ordinateur n'est toujours pas réglé.

    Merci de me donner des nouveles.
    24 Avril 2009 02:07:53

    Bonjour à tous.

    Je fais appel à la collectivité pour prendre le relais de Egwene. Celui-ci doit être complètement débordé car malgré des messages personnels je n'ai pas eu aucune réponse depuis deux semaines.

    Est-ce que quelqu'un peut prendre le relais s.v.p.

    Merci de votre aide.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS