Se connecter / S'enregistrer
Votre question

pc infesté .. help!!!! - resolu-

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
20 Avril 2008 19:28:02

Bonjour à tous et à toutes .. ceci est ma premiere visite sur ce forum et j'ai besoin d'aide ..; mon pc qui tourne en XP est infesté de pop up malveillants et pénibles .. je ne suis pas tres fort en informatique .. et je patauge lamentablement ..; si une ame charitable voulais bien m'aider... ce serait vraiment gentil .. merci a tous et a toutes ..
chris

Autres pages sur : infeste help resolu

20 Avril 2008 19:46:29

Salut,

Télécharge Hijackthis (de Trend Micro)
Poste un rapport en suivant ce Tuto.
20 Avril 2008 19:55:38

salut , c'est tres gentil de me repondre te de bien vouloir m'aider , j'ai essayé de telecharger hijackthis .. et lorsque je lance le raccourci .; j'ai ce message d'erreur " c:\programm files ....\hijackthis.exe n'est pas une application win32 valide .... ca commence bien !! lol
Contenus similaires
20 Avril 2008 20:01:58

Ok, c'est Bagle.

Télécharge ELIBAGLA au bas de cette page.
Il est préférable pour certains antivirus de les désactiver avant d’entâmer cette procédure !

Clique sur le Descargar Elibagla afin de télécharger le fichier, enregistre-le sur ton bureau.
Lance le en double cliquant dessus.
Vérifie que dans le menu déroulant Unidad, il y ait bien la racine de la racine de la partition où est installé Windows, généralement -> C:\
L'option Eliminar Ficheros Automaticamente doit également être cochée.
Clique sur Explorar pour lancer l'analyse.
Poste le rapport généré en fin fin d'analyse.
20 Avril 2008 20:29:53

j'utilise un ordinateur portable pour te repondre ..... le logiciel elibagla vient de terminer et j'ai juste 1 fichier infesté .. message : MDELK.EXE ( fleche ) Bagle ... merci encore de passer du temps a m'aider ...
20 Avril 2008 20:34:54

Re,

Poste le contenu du fichier -> C:\infosat.txt

Télécharge Combofix (de sUBs) sur ton Bureau. (Tuto)

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe. (Clique droit->Exécuter en tant qu'administrateur si sous Vista)
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt

Renomme Combofix en Combo-Fix avant le téléchargement comme suit:
http://forum.pcastuces.com/sujet.asp?f=25&s=37315
20 Avril 2008 20:37:25

re,
voici le rapport c:\infostat.txt:

Sun Apr 20 20:08:32 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\CHRISTOPHE\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\CHRISTOPHE\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Sun Apr 20 20:09:42 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

Nº Total de Directorios: 6014
Nº Total de Ficheros: 67013
Nº de Ficheros Analizados: 13987
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Sun Apr 20 20:22:06 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

Nº Total de Directorios: 6015
Nº Total de Ficheros: 67014
Nº de Ficheros Analizados: 13987
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
20 Avril 2008 21:30:45

re re
voici le rapport combofix ... merci
ComboFix 08-04-20.2 - CHRISTOPHE 2008-04-20 20:46:57.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.532 [GMT 2:00]
Endroit: C:\Documents and Settings\CHRISTOPHE\Bureau\Combo-Fix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
The following files were disabled during the run:
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

ADS - explorer.exe: deleted 88 bytes in 2 streams.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\007_Google_PageRank_Checker_1.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\3D_Decks_for_Everyone_2.0.003_(KeyGen).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\4t_Calendar_Reminder_MP3_2.21.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\9L0-611_Practice_Exam_Testing_Engine_Software_1.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Accio_French-English_Dictionary_(Mac)_1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Adarian_Money_3.8_(Cracked).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Ads_Filter_1.1.0.33_(Patch).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\AL_Pictures_Slideshow_Studio_3.1_[KeyGen].zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Allok_WMV_to_AVI_MPEG_DVD_WMV_Converter_3.2.0807_(Cracked).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Amazing_Desktop_2.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\APassword_1.01_[Serial].zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Aplus_DVD_to_iPod_Ripper_8.28_[Cracked].zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Application_Accelerator_1.7.1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\ArcaMania_2_2.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Asian_Castle_Jigsaw_Puzzle_1.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\AT_Screen_Thief_3.9.7_Cracked.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\AV_Voice_Changer_Software_Gold_Edition_6.0.10.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\avg-AntiSpyware-7.5.0.47(Full).by.miguelork&optimus.EDA.Team.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Backup-2006_Studio_5.1.5.229.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\BBCNews_toolbar_for_Firefox_1.0.1.30.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\bitdefender.antivirus.10.working.crack!!!.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Blog_Blaster_1.4.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Brave_Plane_2.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\CalendarCan_2.4.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Central_Library_Trial_Edition_R1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\CocoaBench_1.2.2.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\ComediClientServer_1.1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Command_&_Conquer_Renegade_-_54th_Wildcards_model.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Contruction_Master_Pro_3.0.105.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Convert_Access_MDE_1.1_[KeyGen].zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\CPUlight_1.0.44.9.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Cubic_Inch_Converter_.a.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Cute_Album_2.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Delete_Duplicates_for_Outlook_3.5.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\DesktopCoral_1.00.07.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\DirectX_Toolkit_1.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\DJ_Music_Mixer_1.8.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\DockSwap_2.1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\docUment_1.03.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\DVDFab_Gold_3.1.6.2_(Crack).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Easyscreen_Screen_Capture_3.76_(Cracked).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\EMF_Parser_1.0.20060727_(Patch).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Erotic_Pics_Screensaver_1.00.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Excel_Import_Multiple_Access_Tables_Software_7.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\FLIP_Flash_Photo_Album_Free_1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Floppy_Disk_Checker_1.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Friday_Night_3D_Darts_1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Gradebook_Power_8.01.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Guico_Word_of_the_Day_3.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Heart_of_Midlothian_FC_RSS_Feed_1.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Hellhog_XP_1.52.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Hex_Toolbox_2.10_(Serial).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\HexBrowser_1.4_build_62.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Hit_Inspector_4.1_(Patch).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\HTMLPack_2.5_build_630.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\i5_iSeries_LPAR_Technical_Solutions_V5R3_Practice_Exam_Questions_1.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Idea_Magic_5.3.1_(KeyGen).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Ideal_Body_Weight_Calculator_1.0_Serial.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\IPConvert_1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Kaleider_4.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Kaspersky.Anti-Virus.V.6.0.0.299.Final.-.Keys.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Kayala_EasyBackup_2.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\KeyPress_1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Kinati_MiniBQM_PC_Personality_Backup_and_Transfer_2.4.71.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Leaktest_1.2_(Crack).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\LingvoSoft_Suite_2007_English_-_Croatian_2.0.23_(Key+Serial).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\LiveSync_1.2.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Macrium_Reflect_3.0.1726.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\MAPILab_NNTP_for_Outlook_1.50.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Math_Flash_3.7.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\MB_Free_Expression_Number_1.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\MF_Encryption_Pad_2.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\MHX_Homework_Helper_1.1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Panzer_General_II_demo.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Penpower_for_Palm_2.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Personalised_Letters_2006_1.1.0.2.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Pharaoh's_Arrows_1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\phoneCoder_1.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\PHP_Designer_2007_5.4_[Crack].zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\PiaNotes_1.1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Plumeria_Image_Sorter_1.0.5.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\PPRecorder_1.7.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Print_Pilot_1.41.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Process_Them_1.2_(Key+Serial).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Puppy_Toes_Dog_Records_3.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Puzzle_2.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Quesa_Wrappers_0.6.2f.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\QuickWallet_Bundle_2.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\ReadOnly_2.0_(Key+Serial).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Recover_My_iPod_1.64.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Remove_about_blank_Buddy_4.89.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\ResScope_1.9.6.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\RoboGuilt_1.1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Rooming'it_2.0_Build_226_(Patch).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\RS232_Stealth_Monitor_1.0_Serial.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\SearchTruth_Firefox_Toolbar_for_Quran_and_Hadith_1.2.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\SetPwd_1.5.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\SHARM_2.2_(With_Crack).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\ShowIP_0.8.05.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\SpeechHelper_Intonation_Training_1.1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\SpyCatcher_Express_4.5.2_Build_48.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Srego_CE_ToolPack_ActiveX_Control_1.0.0.57_Key+Serial.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Stunnix_Perl_Web_Server_1.5_Cracked.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\SWF_Printer_1.10_Patch.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Symantec.Antivirus.Norton.Corporate.Edition.v10.+.Crack.&.Infos.2006.fr.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\SysImage_HTML2Image_1.5.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\SysTrayMeter_0.2.5.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\taskXpress_2005_build_2151_[Crack].zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Teratrax_Performance_Monitor_3.0.1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Test_Constructor_2.5.4_(Cracked).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\The_Air_Balls_Screensaver_1.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\The_Core_Media_Player_4.11.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Tray_DB_1.2.1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Tuesday_Girl_1.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\uCertify_-_Security+_Practice_Test_for_Exam_SY0-101_-_253+_Questions_8.00.05.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\UltraBrowser_9.022.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Unreal_Tournament_2003_-_Life_Sentence_v2_deathmatch_map.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\VaBeach_Boardwalk_Cam_2.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\VB_&_VBA_Code_Printer_2.1.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\VisualKii_Easy_1.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\WB_Wandering_Horse_2.1_[Key+Serial].zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\webGobbler_1.2.6.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Whaddayagot_Pro_2003.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Wimbledon_Screensaver.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\WindowFX_3.0_[Key+Serial].zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Windows_Kill_Tasks_1.0.0.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Windows_Partition_Data_Recovery_Software_2.0.1.5.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\XML_Quik_Builder_1.6.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\yourLive_1.1.1.3.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\WinTouch
C:\Documents and Settings\CHRISTOPHE\Application Data\WinTouch\Nouveau dossier\
C:\Documents and Settings\CHRISTOPHE\Application Data\WinTouch\WTUninstaller.exe
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\inetget2
C:\Program Files\JavaCore
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\Messenger\wozecop89104.dll
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\gbRve12
C:\Temp\gbRve12\csLioes.log
C:\Temp\sanR24
C:\Temp\sanR24\lDii.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\Setup.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\Q0hSSVNUT1BIRQ\
C:\WINDOWS\Q0hSSVNUT1BIRQ\\asappsrv.dll
C:\WINDOWS\Q0hSSVNUT1BIRQ\\command.exe
C:\WINDOWS\Q0hSSVNUT1BIRQ\\kX1mmphonY1Klk.vbs
C:\WINDOWS\Q0hSSVNUT1BIRQ\command.exe
C:\WINDOWS\system32\1.exe
C:\WINDOWS\system32\akauehkx.dll
C:\WINDOWS\system32\aqVreo18
C:\WINDOWS\system32\aqVreo18\aqVreo182328.exe
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\bdhnewqd.dll
C:\WINDOWS\system32\bfurksib.dll
C:\WINDOWS\system32\carvwibq.dll
C:\WINDOWS\system32\cbXRKDVp.dll
C:\WINDOWS\system32\cbxyawt.dll
C:\WINDOWS\system32\ddcYrPFy.dll
C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\down\100156.exe
C:\WINDOWS\system32\drivers\down\100500.exe
C:\WINDOWS\system32\drivers\down\101046.exe
C:\WINDOWS\system32\drivers\down\1021250.exe
C:\WINDOWS\system32\drivers\down\103500.exe
C:\WINDOWS\system32\drivers\down\103890.exe
C:\WINDOWS\system32\drivers\down\104453.exe
C:\WINDOWS\system32\drivers\down\104593.exe
C:\WINDOWS\system32\drivers\down\1061734.exe
C:\WINDOWS\system32\drivers\down\106390.exe
C:\WINDOWS\system32\drivers\down\106500.exe
C:\WINDOWS\system32\drivers\down\106828.exe
C:\WINDOWS\system32\drivers\down\107875.exe
C:\WINDOWS\system32\drivers\down\108703.exe
C:\WINDOWS\system32\drivers\down\109125.exe
C:\WINDOWS\system32\drivers\down\1092890.exe
C:\WINDOWS\system32\drivers\down\109796.exe
C:\WINDOWS\system32\drivers\down\109875.exe
C:\WINDOWS\system32\drivers\down\110046.exe
C:\WINDOWS\system32\drivers\down\110343.exe
C:\WINDOWS\system32\drivers\down\1109000.exe
C:\WINDOWS\system32\drivers\down\111109.exe
C:\WINDOWS\system32\drivers\down\1112968.exe
C:\WINDOWS\system32\drivers\down\1113484.exe
C:\WINDOWS\system32\drivers\down\111437.exe
C:\WINDOWS\system32\drivers\down\111531.exe
C:\WINDOWS\system32\drivers\down\111609.exe
C:\WINDOWS\system32\drivers\down\1116281.exe
C:\WINDOWS\system32\drivers\down\112078.exe
C:\WINDOWS\system32\drivers\down\112671.exe
C:\WINDOWS\system32\drivers\down\1141359.exe
C:\WINDOWS\system32\drivers\down\114328.exe
C:\WINDOWS\system32\drivers\down\114453.exe
C:\WINDOWS\system32\drivers\down\1145000.exe
C:\WINDOWS\system32\drivers\down\1146109.exe
C:\WINDOWS\system32\drivers\down\114875.exe
C:\WINDOWS\system32\drivers\down\1149859.exe
C:\WINDOWS\system32\drivers\down\115296.exe
C:\WINDOWS\system32\drivers\down\1154562.exe
C:\WINDOWS\system32\drivers\down\115546.exe
C:\WINDOWS\system32\drivers\down\1157218.exe
C:\WINDOWS\system32\drivers\down\117046.exe
C:\WINDOWS\system32\drivers\down\117468.exe
C:\WINDOWS\system32\drivers\down\118218.exe
C:\WINDOWS\system32\drivers\down\1182421.exe
C:\WINDOWS\system32\drivers\down\118671.exe
C:\WINDOWS\system32\drivers\down\1187390.exe
C:\WINDOWS\system32\drivers\down\1190937.exe
C:\WINDOWS\system32\drivers\down\119437.exe
C:\WINDOWS\system32\drivers\down\119593.exe
C:\WINDOWS\system32\drivers\down\1196296.exe
C:\WINDOWS\system32\drivers\down\1197187.exe
C:\WINDOWS\system32\drivers\down\1203562.exe
C:\WINDOWS\system32\drivers\down\120421.exe
C:\WINDOWS\system32\drivers\down\120640.exe
C:\WINDOWS\system32\drivers\down\120734.exe
C:\WINDOWS\system32\drivers\down\1210078.exe
C:\WINDOWS\system32\drivers\down\121437.exe
C:\WINDOWS\system32\drivers\down\121562.exe
C:\WINDOWS\system32\drivers\down\121968.exe
C:\WINDOWS\system32\drivers\down\122015.exe
C:\WINDOWS\system32\drivers\down\1221250.exe
C:\WINDOWS\system32\drivers\down\122546.exe
C:\WINDOWS\system32\drivers\down\1227593.exe
C:\WINDOWS\system32\drivers\down\123328.exe
C:\WINDOWS\system32\drivers\down\123375.exe
C:\WINDOWS\system32\drivers\down\1235984.exe
C:\WINDOWS\system32\drivers\down\1236875.exe
C:\WINDOWS\system32\drivers\down\1240703.exe
C:\WINDOWS\system32\drivers\down\1244250.exe
C:\WINDOWS\system32\drivers\down\1244343.exe
C:\WINDOWS\system32\drivers\down\124484.exe
C:\WINDOWS\system32\drivers\down\124765.exe
C:\WINDOWS\system32\drivers\down\124921.exe
C:\WINDOWS\system32\drivers\down\1252859.exe
C:\WINDOWS\system32\drivers\down\125406.exe
C:\WINDOWS\system32\drivers\down\125421.exe
C:\WINDOWS\system32\drivers\down\1255796.exe
C:\WINDOWS\system32\drivers\down\126453.exe
C:\WINDOWS\system32\drivers\down\126625.exe
C:\WINDOWS\system32\drivers\down\127421.exe
C:\WINDOWS\system32\drivers\down\127734.exe
C:\WINDOWS\system32\drivers\down\128453.exe
C:\WINDOWS\system32\drivers\down\129421.exe
C:\WINDOWS\system32\drivers\down\130140.exe
C:\WINDOWS\system32\drivers\down\1304796.exe
C:\WINDOWS\system32\drivers\down\131140.exe
C:\WINDOWS\system32\drivers\down\131859.exe
C:\WINDOWS\system32\drivers\down\132078.exe
C:\WINDOWS\system32\drivers\down\132796.exe
C:\WINDOWS\system32\drivers\down\132937.exe
C:\WINDOWS\system32\drivers\down\133015.exe
C:\WINDOWS\system32\drivers\down\133093.exe
C:\WINDOWS\system32\drivers\down\133875.exe
C:\WINDOWS\system32\drivers\down\134234.exe
C:\WINDOWS\system32\drivers\down\135515.exe
C:\WINDOWS\system32\drivers\down\137468.exe
C:\WINDOWS\system32\drivers\down\137921.exe
C:\WINDOWS\system32\drivers\down\138187.exe
C:\WINDOWS\system32\drivers\down\138578.exe
C:\WINDOWS\system32\drivers\down\139281.exe
C:\WINDOWS\system32\drivers\down\140484.exe
C:\WINDOWS\system32\drivers\down\141250.exe
C:\WINDOWS\system32\drivers\down\141375.exe
C:\WINDOWS\system32\drivers\down\142187.exe
C:\WINDOWS\system32\drivers\down\142906.exe
C:\WINDOWS\system32\drivers\down\143234.exe
C:\WINDOWS\system32\drivers\down\145250.exe
C:\WINDOWS\system32\drivers\down\14612640.exe
C:\WINDOWS\system32\drivers\down\14614234.exe
C:\WINDOWS\system32\drivers\down\14615000.exe
C:\WINDOWS\system32\drivers\down\146156.exe
C:\WINDOWS\system32\drivers\down\14617234.exe
C:\WINDOWS\system32\drivers\down\14627312.exe
C:\WINDOWS\system32\drivers\down\146281.exe
C:\WINDOWS\system32\drivers\down\14643921.exe
C:\WINDOWS\system32\drivers\down\14644359.exe
C:\WINDOWS\system32\drivers\down\14648968.exe
C:\WINDOWS\system32\drivers\down\14652343.exe
C:\WINDOWS\system32\drivers\down\14653953.exe
C:\WINDOWS\system32\drivers\down\14654609.exe
C:\WINDOWS\system32\drivers\down\14655453.exe
C:\WINDOWS\system32\drivers\down\14656421.exe
C:\WINDOWS\system32\drivers\down\14657390.exe
C:\WINDOWS\system32\drivers\down\14662437.exe
C:\WINDOWS\system32\drivers\down\14664437.exe
C:\WINDOWS\system32\drivers\down\14674640.exe
C:\WINDOWS\system32\drivers\down\146750.exe
C:\WINDOWS\system32\drivers\down\14678921.exe
C:\WINDOWS\system32\drivers\down\14687421.exe
C:\WINDOWS\system32\drivers\down\14690203.exe
C:\WINDOWS\system32\drivers\down\14707281.exe
C:\WINDOWS\system32\drivers\down\14710406.exe
C:\WINDOWS\system32\drivers\down\14711453.exe
C:\WINDOWS\system32\drivers\down\14713187.exe
C:\WINDOWS\system32\drivers\down\14713546.exe
C:\WINDOWS\system32\drivers\down\14715437.exe
C:\WINDOWS\system32\drivers\down\14720765.exe
C:\WINDOWS\system32\drivers\down\14721312.exe
C:\WINDOWS\system32\drivers\down\14723625.exe
C:\WINDOWS\system32\drivers\down\14724875.exe
C:\WINDOWS\system32\drivers\down\14726109.exe
C:\WINDOWS\system32\drivers\down\14726468.exe
C:\WINDOWS\system32\drivers\down\14729312.exe
C:\WINDOWS\system32\drivers\down\14729593.exe
C:\WINDOWS\system32\drivers\down\14730156.exe
C:\WINDOWS\system32\drivers\down\14731484.exe
C:\WINDOWS\system32\drivers\down\14731671.exe
C:\WINDOWS\system32\drivers\down\14735593.exe
C:\WINDOWS\system32\drivers\down\14738953.exe
C:\WINDOWS\system32\drivers\down\147406.exe
C:\WINDOWS\system32\drivers\down\14742609.exe
C:\WINDOWS\system32\drivers\down\14755375.exe
C:\WINDOWS\system32\drivers\down\14767578.exe
C:\WINDOWS\system32\drivers\down\14771062.exe
C:\WINDOWS\system32\drivers\down\14772062.exe
C:\WINDOWS\system32\drivers\down\14773796.exe
C:\WINDOWS\system32\drivers\down\14775281.exe
C:\WINDOWS\system32\drivers\down\14775875.exe
C:\WINDOWS\system32\drivers\down\14783781.exe
C:\WINDOWS\system32\drivers\down\14790609.exe
C:\WINDOWS\system32\drivers\down\14790984.exe
C:\WINDOWS\system32\drivers\down\14812281.exe
C:\WINDOWS\system32\drivers\down\148234.exe
C:\WINDOWS\system32\drivers\down\14843828.exe
C:\WINDOWS\system32\drivers\down\14865875.exe
C:\WINDOWS\system32\drivers\down\149328.exe
C:\WINDOWS\system32\drivers\down\149593.exe
C:\WINDOWS\system32\drivers\down\150359.exe
C:\WINDOWS\system32\drivers\down\150968.exe
C:\WINDOWS\system32\drivers\down\151781.exe
C:\WINDOWS\system32\drivers\down\151968.exe
C:\WINDOWS\system32\drivers\down\152421.exe
C:\WINDOWS\system32\drivers\down\152578.exe
C:\WINDOWS\system32\drivers\down\152781.exe
C:\WINDOWS\system32\drivers\down\153296.exe
C:\WINDOWS\system32\drivers\down\154859.exe
C:\WINDOWS\system32\drivers\down\154984.exe
C:\WINDOWS\system32\drivers\down\155031.exe
C:\WINDOWS\system32\drivers\down\155109.exe
C:\WINDOWS\system32\drivers\down\155203.exe
C:\WINDOWS\system32\drivers\down\155796.exe
C:\WINDOWS\system32\drivers\down\156140.exe
C:\WINDOWS\system32\drivers\down\156265.exe
C:\WINDOWS\system32\drivers\down\156375.exe
C:\WINDOWS\system32\drivers\down\156906.exe
C:\WINDOWS\system32\drivers\down\157156.exe
C:\WINDOWS\system32\drivers\down\157171.exe
C:\WINDOWS\system32\drivers\down\158421.exe
C:\WINDOWS\system32\drivers\down\158703.exe
C:\WINDOWS\system32\drivers\down\158765.exe
C:\WINDOWS\system32\drivers\down\159265.exe
C:\WINDOWS\system32\drivers\down\159687.exe
C:\WINDOWS\system32\drivers\down\159734.exe
C:\WINDOWS\system32\drivers\down\159750.exe
C:\WINDOWS\system32\drivers\down\159812.exe
C:\WINDOWS\system32\drivers\down\1604921.exe
C:\WINDOWS\system32\drivers\down\16055562.exe
C:\WINDOWS\system32\drivers\down\16061984.exe
C:\WINDOWS\system32\drivers\down\160625.exe
C:\WINDOWS\system32\drivers\down\16064968.exe
C:\WINDOWS\system32\drivers\down\161015.exe
C:\WINDOWS\system32\drivers\down\16107812.exe
C:\WINDOWS\system32\drivers\down\16108484.exe
C:\WINDOWS\system32\drivers\down\16112984.exe
C:\WINDOWS\system32\drivers\down\161140.exe
C:\WINDOWS\system32\drivers\down\16114390.exe
C:\WINDOWS\system32\drivers\down\16117218.exe
C:\WINDOWS\system32\drivers\down\16120796.exe
C:\WINDOWS\system32\drivers\down\16147578.exe
C:\WINDOWS\system32\drivers\down\16149234.exe
C:\WINDOWS\system32\drivers\down\16156609.exe
C:\WINDOWS\system32\drivers\down\16159015.exe
C:\WINDOWS\system32\drivers\down\16161906.exe
C:\WINDOWS\system32\drivers\down\16165078.exe
C:\WINDOWS\system32\drivers\down\16175671.exe
C:\WINDOWS\system32\drivers\down\16179265.exe
C:\WINDOWS\system32\drivers\down\16180609.exe
C:\WINDOWS\system32\drivers\down\16181984.exe
C:\WINDOWS\system32\drivers\down\16185453.exe
C:\WINDOWS\system32\drivers\down\161921.exe
C:\WINDOWS\system32\drivers\down\16195953.exe
C:\WINDOWS\system32\drivers\down\16233890.exe
C:\WINDOWS\system32\drivers\down\16240375.exe
C:\WINDOWS\system32\drivers\down\16242031.exe
C:\WINDOWS\system32\drivers\down\162578.exe
C:\WINDOWS\system32\drivers\down\163625.exe
C:\WINDOWS\system32\drivers\down\163812.exe
C:\WINDOWS\system32\drivers\down\163968.exe
C:\WINDOWS\system32\drivers\down\164328.exe
C:\WINDOWS\system32\drivers\down\1643406.exe
C:\WINDOWS\system32\drivers\down\164656.exe
C:\WINDOWS\system32\drivers\down\164906.exe
C:\WINDOWS\system32\drivers\down\16496953.exe
C:\WINDOWS\system32\drivers\down\165046.exe
C:\WINDOWS\system32\drivers\down\16534750.exe
C:\WINDOWS\system32\drivers\down\16552359.exe
C:\WINDOWS\system32\drivers\down\16572937.exe
C:\WINDOWS\system32\drivers\down\16575000.exe
C:\WINDOWS\system32\drivers\down\16584078.exe
C:\WINDOWS\system32\drivers\down\16587718.exe
C:\WINDOWS\system32\drivers\down\166328.exe
C:\WINDOWS\system32\drivers\down\167375.exe
C:\WINDOWS\system32\drivers\down\167390.exe
C:\WINDOWS\system32\drivers\down\1674250.exe
C:\WINDOWS\system32\drivers\down\169281.exe
C:\WINDOWS\system32\drivers\down\17090921.exe
C:\WINDOWS\system32\drivers\down\170937.exe
C:\WINDOWS\system32\drivers\down\17101312.exe
C:\WINDOWS\system32\drivers\down\17101656.exe
C:\WINDOWS\system32\drivers\down\17104015.exe
C:\WINDOWS\system32\drivers\down\171046.exe
C:\WINDOWS\system32\drivers\down\171359.exe
C:\WINDOWS\system32\drivers\down\17145609.exe
C:\WINDOWS\system32\drivers\down\171812.exe
C:\WINDOWS\system32\drivers\down\171937.exe
C:\WINDOWS\system32\drivers\down\172296.exe
C:\WINDOWS\system32\drivers\down\173937.exe
C:\WINDOWS\system32\drivers\down\174703.exe
C:\WINDOWS\system32\drivers\down\175625.exe
C:\WINDOWS\system32\drivers\down\17602796.exe
C:\WINDOWS\system32\drivers\down\176437.exe
C:\WINDOWS\system32\drivers\down\177468.exe
C:\WINDOWS\system32\drivers\down\178171.exe
C:\WINDOWS\system32\drivers\down\178343.exe
C:\WINDOWS\system32\drivers\down\178843.exe
C:\WINDOWS\system32\drivers\down\179328.exe
C:\WINDOWS\system32\drivers\down\179375.exe
C:\WINDOWS\system32\drivers\down\180515.exe
C:\WINDOWS\system32\drivers\down\181140.exe
C:\WINDOWS\system32\drivers\down\181281.exe
C:\WINDOWS\system32\drivers\down\181750.exe
C:\WINDOWS\system32\drivers\down\182437.exe
C:\WINDOWS\system32\drivers\down\182718.exe
C:\WINDOWS\system32\drivers\down\183187.exe
C:\WINDOWS\system32\drivers\down\183328.exe
C:\WINDOWS\system32\drivers\down\183703.exe
C:\WINDOWS\system32\drivers\down\184828.exe
C:\WINDOWS\system32\drivers\down\185687.exe
C:\WINDOWS\system32\drivers\down\186125.exe
C:\WINDOWS\system32\drivers\down\186296.exe
C:\WINDOWS\system32\drivers\down\188125.exe
C:\WINDOWS\system32\drivers\down\188281.exe
C:\WINDOWS\system32\drivers\down\188343.exe
C:\WINDOWS\system32\drivers\down\189031.exe
C:\WINDOWS\system32\drivers\down\189265.exe
C:\WINDOWS\system32\drivers\down\189531.exe
C:\WINDOWS\system32\drivers\down\190203.exe
C:\WINDOWS\system32\drivers\down\190531.exe
C:\WINDOWS\system32\drivers\down\191031.exe
C:\WINDOWS\system32\drivers\down\191593.exe
C:\WINDOWS\system32\drivers\down\191890.exe
C:\WINDOWS\system32\drivers\down\191906.exe
C:\WINDOWS\system32\drivers\down\192562.exe
C:\WINDOWS\system32\drivers\down\193328.exe
C:\WINDOWS\system32\drivers\down\193359.exe
C:\WINDOWS\system32\drivers\down\193375.exe
C:\WINDOWS\system32\drivers\down\193734.exe
C:\WINDOWS\system32\drivers\down\194171.exe
C:\WINDOWS\system32\drivers\down\194640.exe
C:\WINDOWS\system32\drivers\down\194859.exe
C:\WINDOWS\system32\drivers\down\196609.exe
C:\WINDOWS\system32\drivers\down\196984.exe
C:\WINDOWS\system32\drivers\down\197062.exe
C:\WINDOWS\system32\drivers\down\197375.exe
C:\WINDOWS\system32\drivers\down\197937.exe
C:\WINDOWS\system32\drivers\down\197984.exe
C:\WINDOWS\system32\drivers\down\198890.exe
C:\WINDOWS\system32\drivers\down\199500.exe
C:\WINDOWS\system32\drivers\down\199656.exe
C:\WINDOWS\system32\drivers\down\199859.exe
C:\WINDOWS\system32\drivers\down\201203.exe
C:\WINDOWS\system32\drivers\down\201843.exe
C:\WINDOWS\system32\drivers\down\202687.exe
C:\WINDOWS\system32\drivers\down\202953.exe
C:\WINDOWS\system32\drivers\down\203906.exe
C:\WINDOWS\system32\drivers\down\204125.exe
C:\WINDOWS\system32\drivers\down\207296.exe
C:\WINDOWS\system32\drivers\down\209609.exe
C:\WINDOWS\system32\drivers\down\209796.exe
C:\WINDOWS\system32\drivers\down\210375.exe
C:\WINDOWS\system32\drivers\down\211625.exe
C:\WINDOWS\system32\drivers\down\216218.exe
C:\WINDOWS\system32\drivers\down\217484.exe
C:\WINDOWS\system32\drivers\down\218843.exe
C:\WINDOWS\system32\drivers\down\219609.exe
C:\WINDOWS\system32\drivers\down\220203.exe
C:\WINDOWS\system32\drivers\down\224546.exe
C:\WINDOWS\system32\drivers\down\224906.exe
C:\WINDOWS\system32\drivers\down\225125.exe
C:\WINDOWS\system32\drivers\down\226640.exe
C:\WINDOWS\system32\drivers\down\228062.exe
C:\WINDOWS\system32\drivers\down\228968.exe
C:\WINDOWS\system32\drivers\down\229109.exe
C:\WINDOWS\system32\drivers\down\231406.exe
C:\WINDOWS\system32\drivers\down\232312.exe
C:\WINDOWS\system32\drivers\down\233390.exe
C:\WINDOWS\system32\drivers\down\234312.exe
C:\WINDOWS\system32\drivers\down\241812.exe
C:\WINDOWS\system32\drivers\down\242046.exe
C:\WINDOWS\system32\drivers\down\243937.exe
C:\WINDOWS\system32\drivers\down\244328.exe
C:\WINDOWS\system32\drivers\down\244578.exe
C:\WINDOWS\system32\drivers\down\244828.exe
C:\WINDOWS\system32\drivers\down\247015.exe
C:\WINDOWS\system32\drivers\down\248718.exe
C:\WINDOWS\system32\drivers\down\253296.exe
C:\WINDOWS\system32\drivers\down\254859.exe
C:\WINDOWS\system32\drivers\down\264281.exe
C:\WINDOWS\system32\drivers\down\2782375.exe
C:\WINDOWS\system32\drivers\down\2784484.exe
C:\WINDOWS\system32\drivers\down\2786000.exe
C:\WINDOWS\system32\drivers\down\2788921.exe
C:\WINDOWS\system32\drivers\down\2792203.exe
C:\WINDOWS\system32\drivers\down\2821281.exe
C:\WINDOWS\system32\drivers\down\2823000.exe
C:\WINDOWS\system32\drivers\down\2830671.exe
C:\WINDOWS\system32\drivers\down\283515.exe
C:\WINDOWS\system32\drivers\down\2855921.exe
C:\WINDOWS\system32\drivers\down\2858578.exe
C:\WINDOWS\system32\drivers\down\2866421.exe
C:\WINDOWS\system32\drivers\down\287046.exe
C:\WINDOWS\system32\drivers\down\2873093.exe
C:\WINDOWS\system32\drivers\down\2874000.exe
C:\WINDOWS\system32\drivers\down\2874609.exe
C:\WINDOWS\system32\drivers\down\2877296.exe
C:\WINDOWS\system32\drivers\down\2888343.exe
C:\WINDOWS\system32\drivers\down\290781.exe
C:\WINDOWS\system32\drivers\down\2917093.exe
C:\WINDOWS\system32\drivers\down\29202515.exe
C:\WINDOWS\system32\drivers\down\29204218.exe
C:\WINDOWS\system32\drivers\down\29206265.exe
C:\WINDOWS\system32\drivers\down\29236984.exe
C:\WINDOWS\system32\drivers\down\29240593.exe
C:\WINDOWS\system32\drivers\down\29242453.exe
C:\WINDOWS\system32\drivers\down\29244156.exe
C:\WINDOWS\system32\drivers\down\29246671.exe
C:\WINDOWS\system32\drivers\down\29255375.exe
C:\WINDOWS\system32\drivers\down\29256515.exe
C:\WINDOWS\system32\drivers\down\29256859.exe
C:\WINDOWS\system32\drivers\down\29259859.exe
C:\WINDOWS\system32\drivers\down\29268625.exe
C:\WINDOWS\system32\drivers\down\29299718.exe
C:\WINDOWS\system32\drivers\down\29306781.exe
C:\WINDOWS\system32\drivers\down\2945671.exe
C:\WINDOWS\system32\drivers\down\296468.exe
C:\WINDOWS\system32\drivers\down\307234.exe
C:\WINDOWS\system32\drivers\down\309921.exe
C:\WINDOWS\system32\drivers\down\311515.exe
C:\WINDOWS\system32\drivers\down\32024109.exe
C:\WINDOWS\system32\drivers\down\32026265.exe
C:\WINDOWS\system32\drivers\down\32031203.exe
C:\WINDOWS\system32\drivers\down\32034421.exe
C:\WINDOWS\system32\drivers\down\32466375.exe
C:\WINDOWS\system32\drivers\down\32489375.exe
C:\WINDOWS\system32\drivers\down\32491546.exe
C:\WINDOWS\system32\drivers\down\32495453.exe
C:\WINDOWS\system32\drivers\down\32497593.exe
C:\WINDOWS\system32\drivers\down\32500015.exe
C:\WINDOWS\system32\drivers\down\32512875.exe
C:\WINDOWS\system32\drivers\down\326593.exe
C:\WINDOWS\system32\drivers\down\32951078.exe
C:\WINDOWS\system32\drivers\down\32951765.exe
C:\WINDOWS\system32\drivers\down\32952062.exe
C:\WINDOWS\system32\drivers\down\32954578.exe
C:\WINDOWS\system32\drivers\down\32993437.exe
C:\WINDOWS\system32\drivers\down\332406.exe
C:\WINDOWS\system32\drivers\down\33429546.exe
C:\WINDOWS\system32\drivers\down\3398953.exe
C:\WINDOWS\system32\drivers\down\3399828.exe
C:\WINDOWS\system32\drivers\down\346796.exe
C:\WINDOWS\system32\drivers\down\350984.exe
C:\WINDOWS\system32\drivers\down\359812.exe
C:\WINDOWS\system32\drivers\down\360562.exe
C:\WINDOWS\system32\drivers\down\361984.exe
C:\WINDOWS\system32\drivers\down\364406.exe
C:\WINDOWS\system32\drivers\down\370421.exe
C:\WINDOWS\system32\drivers\down\378187.exe
C:\WINDOWS\system32\drivers\down\391343.exe
C:\WINDOWS\system32\drivers\down\396187.exe
C:\WINDOWS\system32\drivers\down\407562.exe
C:\WINDOWS\system32\drivers\down\413484.exe
C:\WINDOWS\system32\drivers\down\419234.exe
C:\WINDOWS\system32\drivers\down\423296.exe
C:\WINDOWS\system32\drivers\down\428093.exe
C:\WINDOWS\system32\drivers\down\429703.exe
C:\WINDOWS\system32\drivers\down\430500.exe
C:\WINDOWS\system32\drivers\down\431187.exe
C:\WINDOWS\system32\drivers\down\432703.exe
C:\WINDOWS\system32\drivers\down\434796.exe
C:\WINDOWS\system32\drivers\down\43718500.exe
C:\WINDOWS\system32\drivers\down\43719093.exe
C:\WINDOWS\system32\drivers\down\43722812.exe
C:\WINDOWS\system32\drivers\down\437234.exe
C:\WINDOWS\system32\drivers\down\43725812.exe
C:\WINDOWS\system32\drivers\down\43731078.exe
C:\WINDOWS\system32\drivers\down\43757656.exe
C:\WINDOWS\system32\drivers\down\43763343.exe
C:\WINDOWS\system32\drivers\down\43767078.exe
C:\WINDOWS\system32\drivers\down\43769968.exe
C:\WINDOWS\system32\drivers\down\43772703.exe
C:\WINDOWS\system32\drivers\down\43783578.exe
C:\WINDOWS\system32\drivers\down\43784359.exe
C:\WINDOWS\system32\drivers\down\43785828.exe
C:\WINDOWS\system32\drivers\down\43790187.exe
C:\WINDOWS\system32\drivers\down\43799890.exe
C:\WINDOWS\system32\drivers\down\43828578.exe
C:\WINDOWS\system32\drivers\down\43836812.exe
C:\WINDOWS\system32\drivers\down\439546.exe
C:\WINDOWS\system32\drivers\down\442250.exe
C:\WINDOWS\system32\drivers\down\443265.exe
C:\WINDOWS\system32\drivers\down\445484.exe
C:\WINDOWS\system32\drivers\down\449031.exe
C:\WINDOWS\system32\drivers\down\451906.exe
C:\WINDOWS\system32\drivers\down\472609.exe
C:\WINDOWS\system32\drivers\down\47841343.exe
C:\WINDOWS\system32\drivers\down\47841984.exe
C:\WINDOWS\system32\drivers\down\47844375.exe
C:\WINDOWS\system32\drivers\down\47846453.exe
C:\WINDOWS\system32\drivers\down\47849531.exe
C:\WINDOWS\system32\drivers\down\48307765.exe
C:\WINDOWS\system32\drivers\down\48311390.exe
C:\WINDOWS\system32\drivers\down\48318031.exe
C:\WINDOWS\system32\drivers\down\48321031.exe
C:\WINDOWS\system32\drivers\down\48325703.exe
C:\WINDOWS\system32\drivers\down\48330218.exe
C:\WINDOWS\system32\drivers\down\483375.exe
C:\WINDOWS\system32\drivers\down\48795468.exe
C:\WINDOWS\system32\drivers\down\48799359.exe
C:\WINDOWS\system32\drivers\down\48800015.exe
C:\WINDOWS\system32\drivers\down\48802640.exe
C:\WINDOWS\system32\drivers\down\48840343.exe
C:\WINDOWS\system32\drivers\down\489203.exe
C:\WINDOWS\system32\drivers\down\49276718.exe
C:\WINDOWS\system32\drivers\down\532703.exe
C:\WINDOWS\system32\drivers\down\544406.exe
C:\WINDOWS\system32\drivers\down\550765.exe
C:\WINDOWS\system32\drivers\down\58252937.exe
C:\WINDOWS\system32\drivers\down\58253328.exe
C:\WINDOWS\system32\drivers\down\58256875.exe
C:\WINDOWS\system32\drivers\down\58260703.exe
C:\WINDOWS\system32\drivers\down\58291921.exe
C:\WINDOWS\system32\drivers\down\58296765.exe
C:\WINDOWS\system32\drivers\down\58298765.exe
C:\WINDOWS\system32\drivers\down\58300656.exe
C:\WINDOWS\system32\drivers\down\58303046.exe
C:\WINDOWS\system32\drivers\down\58317828.exe
C:\WINDOWS\system32\drivers\down\58319468.exe
C:\WINDOWS\system32\drivers\down\58319859.exe
C:\WINDOWS\system32\drivers\down\58322296.exe
C:\WINDOWS\system32\drivers\down\58331578.exe
C:\WINDOWS\system32\drivers\down\58360093.exe
C:\WINDOWS\system32\drivers\down\58367234.exe
C:\WINDOWS\system32\drivers\down\592156.exe
C:\WINDOWS\system32\drivers\down\602671.exe
C:\WINDOWS\system32\drivers\down\626031.exe
C:\WINDOWS\system32\drivers\down\627125.exe
C:\WINDOWS\system32\drivers\down\631453.exe
C:\WINDOWS\system32\drivers\down\631703.exe
C:\WINDOWS\system32\drivers\down\632078.exe
C:\WINDOWS\system32\drivers\down\636500.exe
C:\WINDOWS\system32\drivers\down\63688796.exe
C:\WINDOWS\system32\drivers\down\63689250.exe
C:\WINDOWS\system32\drivers\down\63692171.exe
C:\WINDOWS\system32\drivers\down\63694125.exe
C:\WINDOWS\system32\drivers\down\64150125.exe
C:\WINDOWS\system32\drivers\down\64152296.exe
C:\WINDOWS\system32\drivers\down\64156031.exe
C:\WINDOWS\system32\drivers\down\64158109.exe
C:\WINDOWS\system32\drivers\down\64160359.exe
C:\WINDOWS\system32\drivers\down\64162703.exe
C:\WINDOWS\system32\drivers\down\64602312.exe
C:\WINDOWS\system32\drivers\down\64603781.exe
C:\WINDOWS\system32\drivers\down\64604328.exe
C:\WINDOWS\system32\drivers\down\64606781.exe
C:\WINDOWS\system32\drivers\down\64650578.exe
C:\WINDOWS\system32\drivers\down\65106359.exe
C:\WINDOWS\system32\drivers\down\651234.exe
C:\WINDOWS\system32\drivers\down\656468.exe
C:\WINDOWS\system32\drivers\down\656765.exe
C:\WINDOWS\system32\drivers\down\661015.exe
C:\WINDOWS\system32\drivers\down\662171.exe
C:\WINDOWS\system32\drivers\down\662250.exe
C:\WINDOWS\system32\drivers\down\664796.exe
C:\WINDOWS\system32\drivers\down\665343.exe
C:\WINDOWS\system32\drivers\down\666796.exe
C:\WINDOWS\system32\drivers\down\668812.exe
C:\WINDOWS\system32\drivers\down\671531.exe
C:\WINDOWS\system32\drivers\down\682437.exe
C:\WINDOWS\system32\drivers\down\685109.exe
C:\WINDOWS\system32\drivers\down\693406.exe
C:\WINDOWS\system32\drivers\down\697265.exe
C:\WINDOWS\system32\drivers\down\698656.exe
C:\WINDOWS\system32\drivers\down\699296.exe
C:\WINDOWS\system32\drivers\down\704718.exe
C:\WINDOWS\system32\drivers\down\707046.exe
C:\WINDOWS\system32\drivers\down\707218.exe
C:\WINDOWS\system32\drivers\down\707937.exe
C:\WINDOWS\system32\drivers\down\708734.exe
C:\WINDOWS\system32\drivers\down\708937.exe
C:\WINDOWS\system32\drivers\down\709109.exe
C:\WINDOWS\system32\drivers\down\711031.exe
C:\WINDOWS\system32\drivers\down\712218.exe
C:\WINDOWS\system32\drivers\down\714625.exe
C:\WINDOWS\system32\drivers\down\715906.exe
C:\WINDOWS\system32\drivers\down\716593.exe
C:\WINDOWS\system32\drivers\down\722250.exe
C:\WINDOWS\system32\drivers\down\72779828.exe
C:\WINDOWS\system32\drivers\down\72780203.exe
C:\WINDOWS\system32\drivers\down\72829281.exe
C:\WINDOWS\system32\drivers\down\72831171.exe
C:\WINDOWS\system32\drivers\down\72885000.exe
C:\WINDOWS\system32\drivers\down\72891500.exe
C:\WINDOWS\system32\drivers\down\72893640.exe
C:\WINDOWS\system32\drivers\down\72895765.exe
C:\WINDOWS\system32\drivers\down\72907203.exe
C:\WINDOWS\system32\drivers\down\72915734.exe
C:\WINDOWS\system32\drivers\down\72923328.exe
C:\WINDOWS\system32\drivers\down\72923968.exe
C:\WINDOWS\system32\drivers\down\72927218.exe
C:\WINDOWS\system32\drivers\down\72929421.exe
C:\WINDOWS\system32\drivers\down\72938765.exe
C:\WINDOWS\system32\drivers\down\72976750.exe
C:\WINDOWS\system32\drivers\down\72986250.exe
C:\WINDOWS\system32\drivers\down\734187.exe
C:\WINDOWS\system32\drivers\down\737000.exe
C:\WINDOWS\system32\drivers\down\746203.exe
C:\WINDOWS\system32\drivers\down\748062.exe
C:\WINDOWS\system32\drivers\down\754046.exe
C:\WINDOWS\system32\drivers\down\75492437.exe
C:\WINDOWS\system32\drivers\down\75504875.exe
C:\WINDOWS\system32\drivers\down\75541171.exe
C:\WINDOWS\system32\drivers\down\75546953.exe
C:\WINDOWS\system32\drivers\down\75549062.exe
C:\WINDOWS\system32\drivers\down\75555843.exe
C:\WINDOWS\system32\drivers\down\75559062.exe
C:\WINDOWS\system32\drivers\down\75571859.exe
C:\WINDOWS\system32\drivers\down\75572765.exe
C:\WINDOWS\system32\drivers\down\75573281.exe
C:\WINDOWS\system32\drivers\down\75575734.exe
C:\WINDOWS\system32\drivers\down\75585109.exe
C:\WINDOWS\system32\drivers\down\75616468.exe
C:\WINDOWS\system32\drivers\down\75627921.exe
C:\WINDOWS\system32\drivers\down\763078.exe
C:\WINDOWS\system32\drivers\down\765781.exe
C:\WINDOWS\system32\drivers\down\772000.exe
C:\WINDOWS\system32\drivers\down\782593.exe
C:\WINDOWS\system32\drivers\down\829031.exe
C:\WINDOWS\system32\drivers\down\83328.exe
C:\WINDOWS\system32\drivers\down\852203.exe
C:\WINDOWS\system32\drivers\down\86109.exe
C:\WINDOWS\system32\drivers\down\86875.exe
C:\WINDOWS\system32\drivers\down\86921.exe
C:\WINDOWS\system32\drivers\down\886187.exe
C:\WINDOWS\system32\drivers\down\88640.exe
C:\WINDOWS\system32\drivers\down\89250.exe
C:\WINDOWS\system32\drivers\down\89500.exe
C:\WINDOWS\system32\drivers\down\904546.exe
C:\WINDOWS\system32\drivers\down\90671.exe
C:\WINDOWS\system32\drivers\down\91062.exe
C:\WINDOWS\system32\drivers\down\92140.exe
C:\WINDOWS\system32\drivers\down\93812.exe
C:\WINDOWS\system32\drivers\down\95187.exe
C:\WINDOWS\system32\drivers\down\956484.exe
C:\WINDOWS\system32\drivers\down\96921.exe
C:\WINDOWS\system32\drivers\down\978359.exe
C:\WINDOWS\system32\drivers\down\98234.exe
C:\WINDOWS\system32\drivers\down\99437.exe
C:\WINDOWS\system32\drivers\down\996562.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\dsfwfskh.dll
C:\WINDOWS\system32\ectccvln.dll
C:\WINDOWS\system32\emuhfigj.dll
C:\WINDOWS\system32\erachava.dll
C:\WINDOWS\system32\gviueeon.ini
C:\WINDOWS\system32\hrhknoye.dll
C:\WINDOWS\system32\hrxexjli.dll
C:\WINDOWS\system32\iieppaoo.dll
C:\WINDOWS\system32\iwmxxxja.ini
C:\WINDOWS\system32\jkkHArOH.dll
C:\WINDOWS\system32\jrmtfomb.dll
C:\WINDOWS\system32\jsfqockh.dll
C:\WINDOWS\system32\kqsekyhj.dll
C:\WINDOWS\system32\lccjanpw.dll
C:\WINDOWS\system32\ltvhqqkx.dll
C:\WINDOWS\system32\mbmkbtrn.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\mjjqfygo.dll
C:\WINDOWS\system32\mlJAqpmj.dll
C:\WINDOWS\system32\mrlcyjyt.ini
C:\WINDOWS\system32\msgmkois.dll
C:\WINDOWS\system32\msxwrxcu.dll
C:\WINDOWS\system32\oujgqflg.dll
C:\WINDOWS\system32\ovwewmki.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnmmJca.dll
C:\WINDOWS\system32\pnkpicmd.dll
C:\WINDOWS\system32\pojjepdk.dll
C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\pqstv.ini2
C:\WINDOWS\system32\rqRLCRIA.dll
C:\WINDOWS\system32\siokmgsm.ini
C:\WINDOWS\system32\svriysdi.dll
C:\WINDOWS\system32\tyjyclrm.dll
C:\WINDOWS\system32\ukxfksto.ini
C:\WINDOWS\system32\vidglloq.dll
C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\wuovrwrn.ini
C:\WINDOWS\system32\yayVNffE.dll
C:\WINDOWS\system32\yomgtmng.dll
C:\WINDOWS\system32\yxvuuprr.ini
C:\WINDOWS\tk58.exe
C:\winlogon.exe
C:\x.dat
C:\z.dat
C:\WINDOWS\Fonts\'

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Legacy_SROSA
-------\Service_cmdService
-------\Service_Network Monitor


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))))))))
.

2008-04-20 19:48 . 2008-04-20 19:48 <REP> d-------- C:\Program Files\Trend Micro
2008-04-20 15:46 . 2008-04-20 15:46 <REP> d-------- C:\Program Files\Enigma Software Group
2008-04-20 12:35 . 2008-04-20 12:35 34,688,749 --a------ C:\WINDOWS\VPTNFILE.227
2008-04-20 12:35 . 2008-04-20 12:35 34,688,749 --a------ C:\WINDOWS\LPT$VPN.227
2008-04-20 12:34 . 2008-04-20 12:35 <REP> d-------- C:\WINDOWS\AU_Temp
2008-04-17 20:03 . 2008-04-17 20:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-04-17 19:59 . 2008-04-17 19:59 <REP> d-------- C:\Program Files\IVT Corporation
2008-04-17 08:47 . 2008-04-17 08:47 <REP> d-------- C:\WINDOWS\system32\xcsDd18
2008-04-17 08:47 . 2008-04-17 08:47 <REP> d-------- C:\Temp\berDrv11
2008-04-17 08:47 . 2008-04-17 08:47 31,232 --a------ C:\WINDOWS\system32\pmnolmll.dll
2008-04-09 22:09 . 2008-04-09 22:09 <REP> d-------- C:\WINDOWS\system32\bharebio18
2008-04-09 22:09 . 2008-04-09 22:09 <REP> d-------- C:\Temp\wdlw14
2008-04-09 20:25 . 2008-04-09 20:25 <REP> d-------- C:\Program Files\Alwil Software
2008-04-09 20:06 . 2008-04-09 20:06 <REP> d-------- C:\Program Files\ProntoEdit4
2008-03-30 21:55 . 2008-04-09 19:19 2,180,403 ---hs---- C:\WINDOWS\system32\naokalka.ini
2008-03-30 10:09 . 2008-03-30 10:09 29,696 ---hs---- C:\Documents and Settings\CHRISTOPHE\lsass.exe
2008-03-29 22:47 . 2008-03-29 22:47 283 --a------ C:\WINDOWS\system32\temp_0000_65-18.aok
2008-03-29 22:46 . 2008-03-29 22:46 137 --a------ C:\WINDOWS\system32\test.aok
2008-03-29 21:57 . 2008-03-30 20:20 1,584,537 ---hs---- C:\WINDOWS\system32\pjhxyaew.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 19:20 13,440 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-04-20 12:49 38,400 ----a-w C:\WINDOWS\mrofinu1188.exe
2008-04-20 10:35 91,744 ----a-w C:\WINDOWS\BPMNT.dll
2008-04-20 10:35 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-04-20 10:35 333,576 ----a-w C:\WINDOWS\tsc.exe
2008-04-20 10:35 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
2008-04-18 22:34 38,400 ----a-w C:\WINDOWS\mrofinu1188.exe.tmp
2008-04-13 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-11 13:42 1,004 -c--a-w C:\Documents and Settings\CHRISTOPHE\Application Data\wklnhst.dat
2008-03-12 21:51 --------- d-----w C:\Program Files\eMule
2008-03-12 21:45 --------- d-----w C:\Program Files\Norton AntiVirus
2008-03-12 21:37 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2008-03-12 21:34 687,592 ----a-w C:\WINDOWS\system32\atmtd.dll
2008-03-12 21:34 37,376 ----a-w C:\WINDOWS\mrofinu1000106.exe
2008-03-12 21:34 134 ----a-w C:\n.bat
2008-03-04 19:32 105,984 ----a-w C:\WINDOWS\b152.exe
2007-09-30 14:59 8,704 --sha-w C:\Program Files\Thumbs.db
1995-09-20 14:16 456,976 ----a-w C:\Program Files\Fichiers communs\dao3032.dll
2006-05-08 18:03 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
.
20 Avril 2008 23:46:25

Waou, bien infecté !

Télécharge MsnFix (de !aur3n7) sur ton Bureau. (>>Tuto<<)

Dézippe-le sur ton bureau.

Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat. (L'extension bat peut ne pas apparaître)

- Exécute l'option R.
- Si l'infection est détectée, presse une touche pour lancer le nettoyage. (N)

Si tu dois redémarrer l'ordinateur fais le manuellement.

Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log

Note: Si tu obtiens un fichier zip d'upload sur ton bureau, fais ceci

*******

Télécharge SDFix (d'Andy Manchesta)

Enregistre le sur ton le bureau.

Lance le.
Fais install afin qu'il puisse s'extraire.

Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
Double clique sur RunThis.bat . (L'extension bat peut ne pas apparaître)
Appuie sur Y pour le lancer.

Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est probable que le redémarrage soit un peu plus long que d'habitude.
Une fois l'apparition de ton Bureau, il affichera Finished

Appuie sur une touche.

Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier SDFix >Report.txt<

********

Puis repasse Combofix, poste son rapport ;) 
21 Avril 2008 20:22:29

re.. j'espere que tu vas bien , voici le rapport , enfin ce que j'espere etre le rapport msnfix..merci encore
MSNFix 1.708

C:\Documents and Settings\CHRISTOPHE\Bureau\MSNFix\MSNFix
Fix exécuté le 2008-04-21 - 19:37:45.78 By CHRISTOPHE
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\b???.exe
... C:\WINDOWS\mrofinu*.exe

************************ Recherche les dossiers présents

... \TEMP\




************************ Suppression des fichiers

.. OK ... C:\WINDOWS\b???.exe
.. OK ... C:\WINDOWS\mrofinu*.exe


************************ Suppression des dossiers

/!\ ... \TEMP\


************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


Aucun Fichier trouvé



************************ Fichiers suspects

Aucun Fichier trouvé


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 2008-04-21_194037.93.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

21 Avril 2008 21:01:23

re re ...apres mainte peripecie voici enfin le rapport de combofix.. merci encore

SDFix: Version 1.173
Run by CHRISTOPHE on 2008-04-21 at 20:41

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\DOCUME~1\CHRIST~1\APPLIC~1\MICROS~1\WINDOWS\NYLUJBQX.EXE - Deleted
C:\WINDOWS\system32\atmtd.dll - Deleted
C:\WINDOWS\system32\atmtd.dll._ - Deleted
C:\WINDOWS\uninstall_nmon.vbs - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-21 20:47:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060ed2692]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060ed2692]

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 126


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:Enabled:Assistance … distance"
"%ProgramFiles%\\Messenger\\msmsgs.exe"="%ProgramFiles%\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%ProgramFiles%\\AOL 9.0\\AOL.exe"="%ProgramFiles%\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0"
"%ProgramFiles%\\AOL 9.0\\WAOL.exe"="%ProgramFiles%\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0"
"%WinDir%\\system32\\fxsclnt.exe"="%WinDir%\\system32\\fxsclnt.exe:*:enabled:Microsoft Fax Console"
"%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe"="%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner"
"%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe"="%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor"
"%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe"="%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0a\\waol.exe"="C:\\Program Files\\AOL 9.0a\\waol.exe:*:Enabled:AOL 9.0a"
"C:\\Program Files\\TribalWeb.net\\tribalweb.exe"="C:\\Program Files\\TribalWeb.net\\tribalweb.exe:*:Enabled:TribalWeb.net : R‚seau priv‚ sur Internet"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Fichiers communs\\AOL\\1168454215\\ee\\aolsoftware.exe"="C:\\Program Files\\Fichiers communs\\AOL\\1168454215\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\\Documents and Settings\\CHRISTOPHE\\Application Data\\m\\flec006.exe"="C:\\Documents and Settings\\CHRISTOPHE\\Application Data\\m\\flec006.exe:*:D isabled:flec006"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:Enabled:Assistance … distance"
"%ProgramFiles%\\Messenger\\msmsgs.exe"="%ProgramFiles%\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%ProgramFiles%\\AOL 9.0\\AOL.exe"="%ProgramFiles%\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0"
"%ProgramFiles%\\AOL 9.0\\WAOL.exe"="%ProgramFiles%\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0"
"%WinDir%\\system32\\fxsclnt.exe"="%WinDir%\\system32\\fxsclnt.exe:*:enabled:Microsoft Fax Console"
"%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe"="%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner"
"%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe"="%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor"
"%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe"="%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0a\\waol.exe"="C:\\Program Files\\AOL 9.0a\\waol.exe:*:Enabled:AOL 9.0a"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 13 Apr 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Mon 10 May 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Tue 13 Apr 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Mon 10 May 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0a\aolphx.exe"
Mon 10 May 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0a\aoltray.exe"
Mon 10 May 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0a\RBM.exe"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Sun 13 Feb 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 9 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 21 Apr 2008 120 A..H. --- "C:\Program Files\Common Files\X10\Common\x10prod.sys"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\CHRISTOPHE\Application Data\U3\temp\Launchpad Removal.exe"

Finished!

21 Avril 2008 21:04:43

Bien,

Repasse Combofix, poste son rapport.
21 Avril 2008 21:21:12

re bonsoir ... voici le nouveau rapport combofix:
ComboFix 08-04-20.2 - CHRISTOPHE 2008-04-21 21:08:22.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.630 [GMT 2:00]
Endroit: C:\Documents and Settings\CHRISTOPHE\Bureau\Combo-Fix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\007_Google_PageRank_Checker_1.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\3D_Decks_for_Everyone_2.0.003_(KeyGen).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\4t_Calendar_Reminder_MP3_2.21.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\9L0-611_Practice_Exam_Testing_Engine_Software_1.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Accio_French-English_Dictionary_(Mac)_1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Adarian_Money_3.8_(Cracked).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Ads_Filter_1.1.0.33_(Patch).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\AL_Pictures_Slideshow_Studio_3.1_[KeyGen].zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Allok_WMV_to_AVI_MPEG_DVD_WMV_Converter_3.2.0807_(Cracked).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Amazing_Desktop_2.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\APassword_1.01_[Serial].zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Aplus_DVD_to_iPod_Ripper_8.28_[Cracked].zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Application_Accelerator_1.7.1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\ArcaMania_2_2.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Asian_Castle_Jigsaw_Puzzle_1.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\AT_Screen_Thief_3.9.7_Cracked.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\AV_Voice_Changer_Software_Gold_Edition_6.0.10.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\avg-AntiSpyware-7.5.0.47(Full).by.miguelork&optimus.EDA.Team.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Backup-2006_Studio_5.1.5.229.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\BBCNews_toolbar_for_Firefox_1.0.1.30.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\bitdefender.antivirus.10.working.crack!!!.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Blog_Blaster_1.4.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Brave_Plane_2.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\CalendarCan_2.4.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Central_Library_Trial_Edition_R1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\CocoaBench_1.2.2.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\ComediClientServer_1.1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Command_&_Conquer_Renegade_-_54th_Wildcards_model.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Contruction_Master_Pro_3.0.105.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Convert_Access_MDE_1.1_[KeyGen].zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\CPUlight_1.0.44.9.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Cubic_Inch_Converter_.a.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Cute_Album_2.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Delete_Duplicates_for_Outlook_3.5.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\DesktopCoral_1.00.07.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\DirectX_Toolkit_1.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\DJ_Music_Mixer_1.8.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\DockSwap_2.1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\docUment_1.03.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\DVDFab_Gold_3.1.6.2_(Crack).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Easyscreen_Screen_Capture_3.76_(Cracked).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\EMF_Parser_1.0.20060727_(Patch).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Erotic_Pics_Screensaver_1.00.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Excel_Import_Multiple_Access_Tables_Software_7.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\FLIP_Flash_Photo_Album_Free_1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Floppy_Disk_Checker_1.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Friday_Night_3D_Darts_1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Gradebook_Power_8.01.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Guico_Word_of_the_Day_3.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Heart_of_Midlothian_FC_RSS_Feed_1.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Hellhog_XP_1.52.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Hex_Toolbox_2.10_(Serial).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\HexBrowser_1.4_build_62.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Hit_Inspector_4.1_(Patch).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\HTMLPack_2.5_build_630.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\i5_iSeries_LPAR_Technical_Solutions_V5R3_Practice_Exam_Questions_1.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Idea_Magic_5.3.1_(KeyGen).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Ideal_Body_Weight_Calculator_1.0_Serial.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\IPConvert_1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Kaleider_4.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Kaspersky.Anti-Virus.V.6.0.0.299.Final.-.Keys.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Kayala_EasyBackup_2.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\KeyPress_1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Kinati_MiniBQM_PC_Personality_Backup_and_Transfer_2.4.71.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Leaktest_1.2_(Crack).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\LingvoSoft_Suite_2007_English_-_Croatian_2.0.23_(Key+Serial).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\LiveSync_1.2.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Macrium_Reflect_3.0.1726.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\MAPILab_NNTP_for_Outlook_1.50.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Math_Flash_3.7.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\MB_Free_Expression_Number_1.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\MF_Encryption_Pad_2.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\MHX_Homework_Helper_1.1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Panzer_General_II_demo.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Penpower_for_Palm_2.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Personalised_Letters_2006_1.1.0.2.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Pharaoh's_Arrows_1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\phoneCoder_1.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\PHP_Designer_2007_5.4_[Crack].zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\PiaNotes_1.1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Plumeria_Image_Sorter_1.0.5.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\PPRecorder_1.7.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Print_Pilot_1.41.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Process_Them_1.2_(Key+Serial).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Puppy_Toes_Dog_Records_3.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Puzzle_2.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Quesa_Wrappers_0.6.2f.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\QuickWallet_Bundle_2.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\ReadOnly_2.0_(Key+Serial).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Recover_My_iPod_1.64.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Remove_about_blank_Buddy_4.89.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\ResScope_1.9.6.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\RoboGuilt_1.1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Rooming'it_2.0_Build_226_(Patch).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\RS232_Stealth_Monitor_1.0_Serial.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\SearchTruth_Firefox_Toolbar_for_Quran_and_Hadith_1.2.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\SetPwd_1.5.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\SHARM_2.2_(With_Crack).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\ShowIP_0.8.05.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\SpeechHelper_Intonation_Training_1.1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\SpyCatcher_Express_4.5.2_Build_48.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Srego_CE_ToolPack_ActiveX_Control_1.0.0.57_Key+Serial.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Stunnix_Perl_Web_Server_1.5_Cracked.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\SWF_Printer_1.10_Patch.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Symantec.Antivirus.Norton.Corporate.Edition.v10.+.Crack.&.Infos.2006.fr.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\SysImage_HTML2Image_1.5.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\SysTrayMeter_0.2.5.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\taskXpress_2005_build_2151_[Crack].zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Teratrax_Performance_Monitor_3.0.1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Test_Constructor_2.5.4_(Cracked).zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\The_Air_Balls_Screensaver_1.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\The_Core_Media_Player_4.11.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Tray_DB_1.2.1.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Tuesday_Girl_1.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\uCertify_-_Security+_Practice_Test_for_Exam_SY0-101_-_253+_Questions_8.00.05.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\UltraBrowser_9.022.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Unreal_Tournament_2003_-_Life_Sentence_v2_deathmatch_map.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\VaBeach_Boardwalk_Cam_2.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\VB_&_VBA_Code_Printer_2.1.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\VisualKii_Easy_1.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\WB_Wandering_Horse_2.1_[Key+Serial].zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\webGobbler_1.2.6.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Whaddayagot_Pro_2003.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Wimbledon_Screensaver.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\WindowFX_3.0_[Key+Serial].zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Windows_Kill_Tasks_1.0.0.0.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Windows_Partition_Data_Recovery_Software_2.0.1.5.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\XML_Quik_Builder_1.6.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\m\shared\yourLive_1.1.1.3.zip
C:\Documents and Settings\CHRISTOPHE\Application Data\WinTouch
C:\Documents and Settings\CHRISTOPHE\Application Data\WinTouch\Nouveau dossier\
C:\Documents and Settings\CHRISTOPHE\Application Data\WinTouch\WTUninstaller.exe
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\inetget2
C:\Program Files\JavaCore
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\Messenger\wozecop89104.dll
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\gbRve12
C:\Temp\gbRve12\csLioes.log
C:\Temp\sanR24
C:\Temp\sanR24\lDii.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\Setup.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\Q0hSSVNUT1BIRQ\
C:\WINDOWS\Q0hSSVNUT1BIRQ\\asappsrv.dll
C:\WINDOWS\Q0hSSVNUT1BIRQ\\command.exe
C:\WINDOWS\Q0hSSVNUT1BIRQ\\kX1mmphonY1Klk.vbs
C:\WINDOWS\Q0hSSVNUT1BIRQ\command.exe
C:\WINDOWS\system32\1.exe
C:\WINDOWS\system32\akauehkx.dll
C:\WINDOWS\system32\aqVreo18
C:\WINDOWS\system32\aqVreo18\aqVreo182328.exe
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\bdhnewqd.dll
C:\WINDOWS\system32\bfurksib.dll
C:\WINDOWS\system32\carvwibq.dll
C:\WINDOWS\system32\cbXRKDVp.dll
C:\WINDOWS\system32\cbxyawt.dll
C:\WINDOWS\system32\ddcYrPFy.dll
C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\down\100156.exe
C:\WINDOWS\system32\drivers\down\100500.exe
C:\WINDOWS\system32\drivers\down\101046.exe
C:\WINDOWS\system32\drivers\down\1021250.exe
C:\WINDOWS\system32\drivers\down\103500.exe
C:\WINDOWS\system32\drivers\down\103890.exe
C:\WINDOWS\system32\drivers\down\104453.exe
C:\WINDOWS\system32\drivers\down\104593.exe
C:\WINDOWS\system32\drivers\down\1061734.exe
C:\WINDOWS\system32\drivers\down\106390.exe
C:\WINDOWS\system32\drivers\down\106500.exe
C:\WINDOWS\system32\drivers\down\106828.exe
C:\WINDOWS\system32\drivers\down\107875.exe
C:\WINDOWS\system32\drivers\down\108703.exe
C:\WINDOWS\system32\drivers\down\109125.exe
C:\WINDOWS\system32\drivers\down\1092890.exe
C:\WINDOWS\system32\drivers\down\109796.exe
C:\WINDOWS\system32\drivers\down\109875.exe
C:\WINDOWS\system32\drivers\down\110046.exe
C:\WINDOWS\system32\drivers\down\110343.exe
C:\WINDOWS\system32\drivers\down\1109000.exe
C:\WINDOWS\system32\drivers\down\111109.exe
C:\WINDOWS\system32\drivers\down\1112968.exe
C:\WINDOWS\system32\drivers\down\1113484.exe
C:\WINDOWS\system32\drivers\down\111437.exe
C:\WINDOWS\system32\drivers\down\111531.exe
C:\WINDOWS\system32\drivers\down\111609.exe
C:\WINDOWS\system32\drivers\down\1116281.exe
C:\WINDOWS\system32\drivers\down\112078.exe
C:\WINDOWS\system32\drivers\down\112671.exe
C:\WINDOWS\system32\drivers\down\1141359.exe
C:\WINDOWS\system32\drivers\down\114328.exe
C:\WINDOWS\system32\drivers\down\114453.exe
C:\WINDOWS\system32\drivers\down\1145000.exe
C:\WINDOWS\system32\drivers\down\1146109.exe
C:\WINDOWS\system32\drivers\down\114875.exe
C:\WINDOWS\system32\drivers\down\1149859.exe
C:\WINDOWS\system32\drivers\down\115296.exe
C:\WINDOWS\system32\drivers\down\1154562.exe
C:\WINDOWS\system32\drivers\down\115546.exe
C:\WINDOWS\system32\drivers\down\1157218.exe
C:\WINDOWS\system32\drivers\down\117046.exe
C:\WINDOWS\system32\drivers\down\117468.exe
C:\WINDOWS\system32\drivers\down\118218.exe
C:\WINDOWS\system32\drivers\down\1182421.exe
C:\WINDOWS\system32\drivers\down\118671.exe
C:\WINDOWS\system32\drivers\down\1187390.exe
C:\WINDOWS\system32\drivers\down\1190937.exe
C:\WINDOWS\system32\drivers\down\119437.exe
C:\WINDOWS\system32\drivers\down\119593.exe
C:\WINDOWS\system32\drivers\down\1196296.exe
C:\WINDOWS\system32\drivers\down\1197187.exe
C:\WINDOWS\system32\drivers\down\1203562.exe
C:\WINDOWS\system32\drivers\down\120421.exe
C:\WINDOWS\system32\drivers\down\120640.exe
C:\WINDOWS\system32\drivers\down\120734.exe
C:\WINDOWS\system32\drivers\down\1210078.exe
C:\WINDOWS\system32\drivers\down\121437.exe
C:\WINDOWS\system32\drivers\down\121562.exe
C:\WINDOWS\system32\drivers\down\121968.exe
C:\WINDOWS\system32\drivers\down\122015.exe
C:\WINDOWS\system32\drivers\down\1221250.exe
C:\WINDOWS\system32\drivers\down\122546.exe
C:\WINDOWS\system32\drivers\down\1227593.exe
C:\WINDOWS\system32\drivers\down\123328.exe
C:\WINDOWS\system32\drivers\down\123375.exe
C:\WINDOWS\system32\drivers\down\1235984.exe
C:\WINDOWS\system32\drivers\down\1236875.exe
C:\WINDOWS\system32\drivers\down\1240703.exe
C:\WINDOWS\system32\drivers\down\1244250.exe
C:\WINDOWS\system32\drivers\down\1244343.exe
C:\WINDOWS\system32\drivers\down\124484.exe
C:\WINDOWS\system32\drivers\down\124765.exe
C:\WINDOWS\system32\drivers\down\124921.exe
C:\WINDOWS\system32\drivers\down\1252859.exe
C:\WINDOWS\system32\drivers\down\125406.exe
C:\WINDOWS\system32\drivers\down\125421.exe
C:\WINDOWS\system32\drivers\down\1255796.exe
C:\WINDOWS\system32\drivers\down\126453.exe
C:\WINDOWS\system32\drivers\down\126625.exe
C:\WINDOWS\system32\drivers\down\127421.exe
C:\WINDOWS\system32\drivers\down\127734.exe
C:\WINDOWS\system32\drivers\down\128453.exe
C:\WINDOWS\system32\drivers\down\129421.exe
C:\WINDOWS\system32\drivers\down\130140.exe
C:\WINDOWS\system32\drivers\down\1304796.exe
C:\WINDOWS\system32\drivers\down\131140.exe
C:\WINDOWS\system32\drivers\down\131859.exe
C:\WINDOWS\system32\drivers\down\132078.exe
C:\WINDOWS\system32\drivers\down\132796.exe
C:\WINDOWS\system32\drivers\down\132937.exe
C:\WINDOWS\system32\drivers\down\133015.exe
C:\WINDOWS\system32\drivers\down\133093.exe
C:\WINDOWS\system32\drivers\down\133875.exe
C:\WINDOWS\system32\drivers\down\134234.exe
C:\WINDOWS\system32\drivers\down\135515.exe
C:\WINDOWS\system32\drivers\down\137468.exe
C:\WINDOWS\system32\drivers\down\137921.exe
C:\WINDOWS\system32\drivers\down\138187.exe
C:\WINDOWS\system32\drivers\down\138578.exe
C:\WINDOWS\system32\drivers\down\139281.exe
C:\WINDOWS\system32\drivers\down\140484.exe
C:\WINDOWS\system32\drivers\down\141250.exe
C:\WINDOWS\system32\drivers\down\141375.exe
C:\WINDOWS\system32\drivers\down\142187.exe
C:\WINDOWS\system32\drivers\down\142906.exe
C:\WINDOWS\system32\drivers\down\143234.exe
C:\WINDOWS\system32\drivers\down\145250.exe
C:\WINDOWS\system32\drivers\down\14612640.exe
C:\WINDOWS\system32\drivers\down\14614234.exe
C:\WINDOWS\system32\drivers\down\14615000.exe
C:\WINDOWS\system32\drivers\down\146156.exe
C:\WINDOWS\system32\drivers\down\14617234.exe
C:\WINDOWS\system32\drivers\down\14627312.exe
C:\WINDOWS\system32\drivers\down\146281.exe
C:\WINDOWS\system32\drivers\down\14643921.exe
C:\WINDOWS\system32\drivers\down\14644359.exe
C:\WINDOWS\system32\drivers\down\14648968.exe
C:\WINDOWS\system32\drivers\down\14652343.exe
C:\WINDOWS\system32\drivers\down\14653953.exe
C:\WINDOWS\system32\drivers\down\14654609.exe
C:\WINDOWS\system32\drivers\down\14655453.exe
C:\WINDOWS\system32\drivers\down\14656421.exe
C:\WINDOWS\system32\drivers\down\14657390.exe
C:\WINDOWS\system32\drivers\down\14662437.exe
C:\WINDOWS\system32\drivers\down\14664437.exe
C:\WINDOWS\system32\drivers\down\14674640.exe
C:\WINDOWS\system32\drivers\down\146750.exe
C:\WINDOWS\system32\drivers\down\14678921.exe
C:\WINDOWS\system32\drivers\down\14687421.exe
C:\WINDOWS\system32\drivers\down\14690203.exe
C:\WINDOWS\system32\drivers\down\14707281.exe
C:\WINDOWS\system32\drivers\down\14710406.exe
C:\WINDOWS\system32\drivers\down\14711453.exe
C:\WINDOWS\system32\drivers\down\14713187.exe
C:\WINDOWS\system32\drivers\down\14713546.exe
C:\WINDOWS\system32\drivers\down\14715437.exe
C:\WINDOWS\system32\drivers\down\14720765.exe
C:\WINDOWS\system32\drivers\down\14721312.exe
C:\WINDOWS\system32\drivers\down\14723625.exe
C:\WINDOWS\system32\drivers\down\14724875.exe
C:\WINDOWS\system32\drivers\down\14726109.exe
C:\WINDOWS\system32\drivers\down\14726468.exe
C:\WINDOWS\system32\drivers\down\14729312.exe
C:\WINDOWS\system32\drivers\down\14729593.exe
C:\WINDOWS\system32\drivers\down\14730156.exe
C:\WINDOWS\system32\drivers\down\14731484.exe
C:\WINDOWS\system32\drivers\down\14731671.exe
C:\WINDOWS\system32\drivers\down\14735593.exe
C:\WINDOWS\system32\drivers\down\14738953.exe
C:\WINDOWS\system32\drivers\down\147406.exe
C:\WINDOWS\system32\drivers\down\14742609.exe
C:\WINDOWS\system32\drivers\down\14755375.exe
C:\WINDOWS\system32\drivers\down\14767578.exe
C:\WINDOWS\system32\drivers\down\14771062.exe
C:\WINDOWS\system32\drivers\down\14772062.exe
C:\WINDOWS\system32\drivers\down\14773796.exe
C:\WINDOWS\system32\drivers\down\14775281.exe
C:\WINDOWS\system32\drivers\down\14775875.exe
C:\WINDOWS\system32\drivers\down\14783781.exe
C:\WINDOWS\system32\drivers\down\14790609.exe
C:\WINDOWS\system32\drivers\down\14790984.exe
C:\WINDOWS\system32\drivers\down\14812281.exe
C:\WINDOWS\system32\drivers\down\148234.exe
C:\WINDOWS\system32\drivers\down\14843828.exe
C:\WINDOWS\system32\drivers\down\14865875.exe
C:\WINDOWS\system32\drivers\down\149328.exe
C:\WINDOWS\system32\drivers\down\149593.exe
C:\WINDOWS\system32\drivers\down\150359.exe
C:\WINDOWS\system32\drivers\down\150968.exe
C:\WINDOWS\system32\drivers\down\151781.exe
C:\WINDOWS\system32\drivers\down\151968.exe
C:\WINDOWS\system32\drivers\down\152421.exe
C:\WINDOWS\system32\drivers\down\152578.exe
C:\WINDOWS\system32\drivers\down\152781.exe
C:\WINDOWS\system32\drivers\down\153296.exe
C:\WINDOWS\system32\drivers\down\154859.exe
C:\WINDOWS\system32\drivers\down\154984.exe
C:\WINDOWS\system32\drivers\down\155031.exe
C:\WINDOWS\system32\drivers\down\155109.exe
C:\WINDOWS\system32\drivers\down\155203.exe
C:\WINDOWS\system32\drivers\down\155796.exe
C:\WINDOWS\system32\drivers\down\156140.exe
C:\WINDOWS\system32\drivers\down\156265.exe
C:\WINDOWS\system32\drivers\down\156375.exe
C:\WINDOWS\system32\drivers\down\156906.exe
C:\WINDOWS\system32\drivers\down\157156.exe
C:\WINDOWS\system32\drivers\down\157171.exe
C:\WINDOWS\system32\drivers\down\158421.exe
C:\WINDOWS\system32\drivers\down\158703.exe
C:\WINDOWS\system32\drivers\down\158765.exe
C:\WINDOWS\system32\drivers\down\159265.exe
C:\WINDOWS\system32\drivers\down\159687.exe
C:\WINDOWS\system32\drivers\down\159734.exe
C:\WINDOWS\system32\drivers\down\159750.exe
C:\WINDOWS\system32\drivers\down\159812.exe
C:\WINDOWS\system32\drivers\down\1604921.exe
C:\WINDOWS\system32\drivers\down\16055562.exe
C:\WINDOWS\system32\drivers\down\16061984.exe
C:\WINDOWS\system32\drivers\down\160625.exe
C:\WINDOWS\system32\drivers\down\16064968.exe
C:\WINDOWS\system32\drivers\down\161015.exe
C:\WINDOWS\system32\drivers\down\16107812.exe
C:\WINDOWS\system32\drivers\down\16108484.exe
C:\WINDOWS\system32\drivers\down\16112984.exe
C:\WINDOWS\system32\drivers\down\161140.exe
C:\WINDOWS\system32\drivers\down\16114390.exe
C:\WINDOWS\system32\drivers\down\16117218.exe
C:\WINDOWS\system32\drivers\down\16120796.exe
C:\WINDOWS\system32\drivers\down\16147578.exe
C:\WINDOWS\system32\drivers\down\16149234.exe
C:\WINDOWS\system32\drivers\down\16156609.exe
C:\WINDOWS\system32\drivers\down\16159015.exe
C:\WINDOWS\system32\drivers\down\16161906.exe
C:\WINDOWS\system32\drivers\down\16165078.exe
C:\WINDOWS\system32\drivers\down\16175671.exe
C:\WINDOWS\system32\drivers\down\16179265.exe
C:\WINDOWS\system32\drivers\down\16180609.exe
C:\WINDOWS\system32\drivers\down\16181984.exe
C:\WINDOWS\system32\drivers\down\16185453.exe
C:\WINDOWS\system32\drivers\down\161921.exe
C:\WINDOWS\system32\drivers\down\16195953.exe
C:\WINDOWS\system32\drivers\down\16233890.exe
C:\WINDOWS\system32\drivers\down\16240375.exe
C:\WINDOWS\system32\drivers\down\16242031.exe
C:\WINDOWS\system32\drivers\down\162578.exe
C:\WINDOWS\system32\drivers\down\163625.exe
C:\WINDOWS\system32\drivers\down\163812.exe
C:\WINDOWS\system32\drivers\down\163968.exe
C:\WINDOWS\system32\drivers\down\164328.exe
C:\WINDOWS\system32\drivers\down\1643406.exe
C:\WINDOWS\system32\drivers\down\164656.exe
C:\WINDOWS\system32\drivers\down\164906.exe
C:\WINDOWS\system32\drivers\down\16496953.exe
C:\WINDOWS\system32\drivers\down\165046.exe
C:\WINDOWS\system32\drivers\down\16534750.exe
C:\WINDOWS\system32\drivers\down\16552359.exe
C:\WINDOWS\system32\drivers\down\16572937.exe
C:\WINDOWS\system32\drivers\down\16575000.exe
C:\WINDOWS\system32\drivers\down\16584078.exe
C:\WINDOWS\system32\drivers\down\16587718.exe
C:\WINDOWS\system32\drivers\down\166328.exe
C:\WINDOWS\system32\drivers\down\167375.exe
C:\WINDOWS\system32\drivers\down\167390.exe
C:\WINDOWS\system32\drivers\down\1674250.exe
C:\WINDOWS\system32\drivers\down\169281.exe
C:\WINDOWS\system32\drivers\down\17090921.exe
C:\WINDOWS\system32\drivers\down\170937.exe
C:\WINDOWS\system32\drivers\down\17101312.exe
C:\WINDOWS\system32\drivers\down\17101656.exe
C:\WINDOWS\system32\drivers\down\17104015.exe
C:\WINDOWS\system32\drivers\down\171046.exe
C:\WINDOWS\system32\drivers\down\171359.exe
C:\WINDOWS\system32\drivers\down\17145609.exe
C:\WINDOWS\system32\drivers\down\171812.exe
C:\WINDOWS\system32\drivers\down\171937.exe
C:\WINDOWS\system32\drivers\down\172296.exe
C:\WINDOWS\system32\drivers\down\173937.exe
C:\WINDOWS\system32\drivers\down\174703.exe
C:\WINDOWS\system32\drivers\down\175625.exe
C:\WINDOWS\system32\drivers\down\17602796.exe
C:\WINDOWS\system32\drivers\down\176437.exe
C:\WINDOWS\system32\drivers\down\177468.exe
C:\WINDOWS\system32\drivers\down\178171.exe
C:\WINDOWS\system32\drivers\down\178343.exe
C:\WINDOWS\system32\drivers\down\178843.exe
C:\WINDOWS\system32\drivers\down\179328.exe
C:\WINDOWS\system32\drivers\down\179375.exe
C:\WINDOWS\system32\drivers\down\180515.exe
C:\WINDOWS\system32\drivers\down\181140.exe
C:\WINDOWS\system32\drivers\down\181281.exe
C:\WINDOWS\system32\drivers\down\181750.exe
C:\WINDOWS\system32\drivers\down\182437.exe
C:\WINDOWS\system32\drivers\down\182718.exe
C:\WINDOWS\system32\drivers\down\183187.exe
C:\WINDOWS\system32\drivers\down\183328.exe
C:\WINDOWS\system32\drivers\down\183703.exe
C:\WINDOWS\system32\drivers\down\184828.exe
C:\WINDOWS\system32\drivers\down\185687.exe
C:\WINDOWS\system32\drivers\down\186125.exe
C:\WINDOWS\system32\drivers\down\186296.exe
C:\WINDOWS\system32\drivers\down\188125.exe
C:\WINDOWS\system32\drivers\down\188281.exe
C:\WINDOWS\system32\drivers\down\188343.exe
C:\WINDOWS\system32\drivers\down\189031.exe
C:\WINDOWS\system32\drivers\down\189265.exe
C:\WINDOWS\system32\drivers\down\189531.exe
C:\WINDOWS\system32\drivers\down\190203.exe
C:\WINDOWS\system32\drivers\down\190531.exe
C:\WINDOWS\system32\drivers\down\191031.exe
C:\WINDOWS\system32\drivers\down\191593.exe
C:\WINDOWS\system32\drivers\down\191890.exe
C:\WINDOWS\system32\drivers\down\191906.exe
C:\WINDOWS\system32\drivers\down\192562.exe
C:\WINDOWS\system32\drivers\down\193328.exe
C:\WINDOWS\system32\drivers\down\193359.exe
C:\WINDOWS\system32\drivers\down\193375.exe
C:\WINDOWS\system32\drivers\down\193734.exe
C:\WINDOWS\system32\drivers\down\194171.exe
C:\WINDOWS\system32\drivers\down\194640.exe
C:\WINDOWS\system32\drivers\down\194859.exe
C:\WINDOWS\system32\drivers\down\196609.exe
C:\WINDOWS\system32\drivers\down\196984.exe
C:\WINDOWS\system32\drivers\down\197062.exe
C:\WINDOWS\system32\drivers\down\197375.exe
C:\WINDOWS\system32\drivers\down\197937.exe
C:\WINDOWS\system32\drivers\down\197984.exe
C:\WINDOWS\system32\drivers\down\198890.exe
C:\WINDOWS\system32\drivers\down\199500.exe
C:\WINDOWS\system32\drivers\down\199656.exe
C:\WINDOWS\system32\drivers\down\199859.exe
C:\WINDOWS\system32\drivers\down\201203.exe
C:\WINDOWS\system32\drivers\down\201843.exe
C:\WINDOWS\system32\drivers\down\202687.exe
C:\WINDOWS\system32\drivers\down\202953.exe
C:\WINDOWS\system32\drivers\down\203906.exe
C:\WINDOWS\system32\drivers\down\204125.exe
C:\WINDOWS\system32\drivers\down\207296.exe
C:\WINDOWS\system32\drivers\down\209609.exe
C:\WINDOWS\system32\drivers\down\209796.exe
C:\WINDOWS\system32\drivers\down\210375.exe
C:\WINDOWS\system32\drivers\down\211625.exe
C:\WINDOWS\system32\drivers\down\216218.exe
C:\WINDOWS\system32\drivers\down\217484.exe
C:\WINDOWS\system32\drivers\down\218843.exe
C:\WINDOWS\system32\drivers\down\219609.exe
C:\WINDOWS\system32\drivers\down\220203.exe
C:\WINDOWS\system32\drivers\down\224546.exe
C:\WINDOWS\system32\drivers\down\224906.exe
C:\WINDOWS\system32\drivers\down\225125.exe
C:\WINDOWS\system32\drivers\down\226640.exe
C:\WINDOWS\system32\drivers\down\228062.exe
C:\WINDOWS\system32\drivers\down\228968.exe
C:\WINDOWS\system32\drivers\down\229109.exe
C:\WINDOWS\system32\drivers\down\231406.exe
C:\WINDOWS\system32\drivers\down\232312.exe
C:\WINDOWS\system32\drivers\down\233390.exe
C:\WINDOWS\system32\drivers\down\234312.exe
C:\WINDOWS\system32\drivers\down\241812.exe
C:\WINDOWS\system32\drivers\down\242046.exe
C:\WINDOWS\system32\drivers\down\243937.exe
C:\WINDOWS\system32\drivers\down\244328.exe
C:\WINDOWS\system32\drivers\down\244578.exe
C:\WINDOWS\system32\drivers\down\244828.exe
C:\WINDOWS\system32\drivers\down\247015.exe
C:\WINDOWS\system32\drivers\down\248718.exe
C:\WINDOWS\system32\drivers\down\253296.exe
C:\WINDOWS\system32\drivers\down\254859.exe
C:\WINDOWS\system32\drivers\down\264281.exe
C:\WINDOWS\system32\drivers\down\2782375.exe
C:\WINDOWS\system32\drivers\down\2784484.exe
C:\WINDOWS\system32\drivers\down\2786000.exe
C:\WINDOWS\system32\drivers\down\2788921.exe
C:\WINDOWS\system32\drivers\down\2792203.exe
C:\WINDOWS\system32\drivers\down\2821281.exe
C:\WINDOWS\system32\drivers\down\2823000.exe
C:\WINDOWS\system32\drivers\down\2830671.exe
C:\WINDOWS\system32\drivers\down\283515.exe
C:\WINDOWS\system32\drivers\down\2855921.exe
C:\WINDOWS\system32\drivers\down\2858578.exe
C:\WINDOWS\system32\drivers\down\2866421.exe
C:\WINDOWS\system32\drivers\down\287046.exe
C:\WINDOWS\system32\drivers\down\2873093.exe
C:\WINDOWS\system32\drivers\down\2874000.exe
C:\WINDOWS\system32\drivers\down\2874609.exe
C:\WINDOWS\system32\drivers\down\2877296.exe
C:\WINDOWS\system32\drivers\down\2888343.exe
C:\WINDOWS\system32\drivers\down\290781.exe
C:\WINDOWS\system32\drivers\down\2917093.exe
C:\WINDOWS\system32\drivers\down\29202515.exe
C:\WINDOWS\system32\drivers\down\29204218.exe
C:\WINDOWS\system32\drivers\down\29206265.exe
C:\WINDOWS\system32\drivers\down\29236984.exe
C:\WINDOWS\system32\drivers\down\29240593.exe
C:\WINDOWS\system32\drivers\down\29242453.exe
C:\WINDOWS\system32\drivers\down\29244156.exe
C:\WINDOWS\system32\drivers\down\29246671.exe
C:\WINDOWS\system32\drivers\down\29255375.exe
C:\WINDOWS\system32\drivers\down\29256515.exe
C:\WINDOWS\system32\drivers\down\29256859.exe
C:\WINDOWS\system32\drivers\down\29259859.exe
C:\WINDOWS\system32\drivers\down\29268625.exe
C:\WINDOWS\system32\drivers\down\29299718.exe
C:\WINDOWS\system32\drivers\down\29306781.exe
C:\WINDOWS\system32\drivers\down\2945671.exe
C:\WINDOWS\system32\drivers\down\296468.exe
C:\WINDOWS\system32\drivers\down\307234.exe
C:\WINDOWS\system32\drivers\down\309921.exe
C:\WINDOWS\system32\drivers\down\311515.exe
C:\WINDOWS\system32\drivers\down\32024109.exe
C:\WINDOWS\system32\drivers\down\32026265.exe
C:\WINDOWS\system32\drivers\down\32031203.exe
C:\WINDOWS\system32\drivers\down\32034421.exe
C:\WINDOWS\system32\drivers\down\32466375.exe
C:\WINDOWS\system32\drivers\down\32489375.exe
C:\WINDOWS\system32\drivers\down\32491546.exe
C:\WINDOWS\system32\drivers\down\32495453.exe
C:\WINDOWS\system32\drivers\down\32497593.exe
C:\WINDOWS\system32\drivers\down\32500015.exe
C:\WINDOWS\system32\drivers\down\32512875.exe
C:\WINDOWS\system32\drivers\down\326593.exe
C:\WINDOWS\system32\drivers\down\32951078.exe
C:\WINDOWS\system32\drivers\down\32951765.exe
C:\WINDOWS\system32\drivers\down\32952062.exe
C:\WINDOWS\system32\drivers\down\32954578.exe
C:\WINDOWS\system32\drivers\down\32993437.exe
C:\WINDOWS\system32\drivers\down\332406.exe
C:\WINDOWS\system32\drivers\down\33429546.exe
C:\WINDOWS\system32\drivers\down\3398953.exe
C:\WINDOWS\system32\drivers\down\3399828.exe
C:\WINDOWS\system32\drivers\down\346796.exe
C:\WINDOWS\system32\drivers\down\350984.exe
C:\WINDOWS\system32\drivers\down\359812.exe
C:\WINDOWS\system32\drivers\down\360562.exe
C:\WINDOWS\system32\drivers\down\361984.exe
C:\WINDOWS\system32\drivers\down\364406.exe
C:\WINDOWS\system32\drivers\down\370421.exe
C:\WINDOWS\system32\drivers\down\378187.exe
C:\WINDOWS\system32\drivers\down\391343.exe
C:\WINDOWS\system32\drivers\down\396187.exe
C:\WINDOWS\system32\drivers\down\407562.exe
C:\WINDOWS\system32\drivers\down\413484.exe
C:\WINDOWS\system32\drivers\down\419234.exe
C:\WINDOWS\system32\drivers\down\423296.exe
C:\WINDOWS\system32\drivers\down\428093.exe
C:\WINDOWS\system32\drivers\down\429703.exe
C:\WINDOWS\system32\drivers\down\430500.exe
C:\WINDOWS\system32\drivers\down\431187.exe
C:\WINDOWS\system32\drivers\down\432703.exe
C:\WINDOWS\system32\drivers\down\434796.exe
C:\WINDOWS\system32\drivers\down\43718500.exe
C:\WINDOWS\system32\drivers\down\43719093.exe
C:\WINDOWS\system32\drivers\down\43722812.exe
C:\WINDOWS\system32\drivers\down\437234.exe
C:\WINDOWS\system32\drivers\down\43725812.exe
C:\WINDOWS\system32\drivers\down\43731078.exe
C:\WINDOWS\system32\drivers\down\43757656.exe
C:\WINDOWS\system32\drivers\down\43763343.exe
C:\WINDOWS\system32\drivers\down\43767078.exe
C:\WINDOWS\system32\drivers\down\43769968.exe
C:\WINDOWS\system32\drivers\down\43772703.exe
C:\WINDOWS\system32\drivers\down\43783578.exe
C:\WINDOWS\system32\drivers\down\43784359.exe
C:\WINDOWS\system32\drivers\down\43785828.exe
C:\WINDOWS\system32\drivers\down\43790187.exe
C:\WINDOWS\system32\drivers\down\43799890.exe
C:\WINDOWS\system32\drivers\down\43828578.exe
C:\WINDOWS\system32\drivers\down\43836812.exe
C:\WINDOWS\system32\drivers\down\439546.exe
C:\WINDOWS\system32\drivers\down\442250.exe
C:\WINDOWS\system32\drivers\down\443265.exe
C:\WINDOWS\system32\drivers\down\445484.exe
C:\WINDOWS\system32\drivers\down\449031.exe
C:\WINDOWS\system32\drivers\down\451906.exe
C:\WINDOWS\system32\drivers\down\472609.exe
C:\WINDOWS\system32\drivers\down\47841343.exe
C:\WINDOWS\system32\drivers\down\47841984.exe
C:\WINDOWS\system32\drivers\down\47844375.exe
C:\WINDOWS\system32\drivers\down\47846453.exe
C:\WINDOWS\system32\drivers\down\47849531.exe
C:\WINDOWS\system32\drivers\down\48307765.exe
C:\WINDOWS\system32\drivers\down\48311390.exe
C:\WINDOWS\system32\drivers\down\48318031.exe
C:\WINDOWS\system32\drivers\down\48321031.exe
C:\WINDOWS\system32\drivers\down\48325703.exe
C:\WINDOWS\system32\drivers\down\48330218.exe
C:\WINDOWS\system32\drivers\down\483375.exe
C:\WINDOWS\system32\drivers\down\48795468.exe
C:\WINDOWS\system32\drivers\down\48799359.exe
C:\WINDOWS\system32\drivers\down\48800015.exe
C:\WINDOWS\system32\drivers\down\48802640.exe
C:\WINDOWS\system32\drivers\down\48840343.exe
C:\WINDOWS\system32\drivers\down\489203.exe
C:\WINDOWS\system32\drivers\down\49276718.exe
C:\WINDOWS\system32\drivers\down\532703.exe
C:\WINDOWS\system32\drivers\down\544406.exe
C:\WINDOWS\system32\drivers\down\550765.exe
C:\WINDOWS\system32\drivers\down\58252937.exe
C:\WINDOWS\system32\drivers\down\58253328.exe
C:\WINDOWS\system32\drivers\down\58256875.exe
C:\WINDOWS\system32\drivers\down\58260703.exe
C:\WINDOWS\system32\drivers\down\58291921.exe
C:\WINDOWS\system32\drivers\down\58296765.exe
C:\WINDOWS\system32\drivers\down\58298765.exe
C:\WINDOWS\system32\drivers\down\58300656.exe
C:\WINDOWS\system32\drivers\down\58303046.exe
C:\WINDOWS\system32\drivers\down\58317828.exe
C:\WINDOWS\system32\drivers\down\58319468.exe
C:\WINDOWS\system32\drivers\down\58319859.exe
C:\WINDOWS\system32\drivers\down\58322296.exe
C:\WINDOWS\system32\drivers\down\58331578.exe
C:\WINDOWS\system32\drivers\down\58360093.exe
C:\WINDOWS\system32\drivers\down\58367234.exe
C:\WINDOWS\system32\drivers\down\592156.exe
C:\WINDOWS\system32\drivers\down\602671.exe
C:\WINDOWS\system32\drivers\down\626031.exe
C:\WINDOWS\system32\drivers\down\627125.exe
C:\WINDOWS\system32\drivers\down\631453.exe
C:\WINDOWS\system32\drivers\down\631703.exe
C:\WINDOWS\system32\drivers\down\632078.exe
C:\WINDOWS\system32\drivers\down\636500.exe
C:\WINDOWS\system32\drivers\down\63688796.exe
C:\WINDOWS\system32\drivers\down\63689250.exe
C:\WINDOWS\system32\drivers\down\63692171.exe
C:\WINDOWS\system32\drivers\down\63694125.exe
C:\WINDOWS\system32\drivers\down\64150125.exe
C:\WINDOWS\system32\drivers\down\64152296.exe
C:\WINDOWS\system32\drivers\down\64156031.exe
C:\WINDOWS\system32\drivers\down\64158109.exe
C:\WINDOWS\system32\drivers\down\64160359.exe
C:\WINDOWS\system32\drivers\down\64162703.exe
C:\WINDOWS\system32\drivers\down\64602312.exe
C:\WINDOWS\system32\drivers\down\64603781.exe
C:\WINDOWS\system32\drivers\down\64604328.exe
C:\WINDOWS\system32\drivers\down\64606781.exe
C:\WINDOWS\system32\drivers\down\64650578.exe
C:\WINDOWS\system32\drivers\down\65106359.exe
C:\WINDOWS\system32\drivers\down\651234.exe
C:\WINDOWS\system32\drivers\down\656468.exe
C:\WINDOWS\system32\drivers\down\656765.exe
C:\WINDOWS\system32\drivers\down\661015.exe
C:\WINDOWS\system32\drivers\down\662171.exe
C:\WINDOWS\system32\drivers\down\662250.exe
C:\WINDOWS\system32\drivers\down\664796.exe
C:\WINDOWS\system32\drivers\down\665343.exe
C:\WINDOWS\system32\drivers\down\666796.exe
C:\WINDOWS\system32\drivers\down\668812.exe
C:\WINDOWS\system32\drivers\down\671531.exe
C:\WINDOWS\system32\drivers\down\682437.exe
C:\WINDOWS\system32\drivers\down\685109.exe
C:\WINDOWS\system32\drivers\down\693406.exe
C:\WINDOWS\system32\drivers\down\697265.exe
C:\WINDOWS\system32\drivers\down\698656.exe
C:\WINDOWS\system32\drivers\down\699296.exe
C:\WINDOWS\system32\drivers\down\704718.exe
C:\WINDOWS\system32\drivers\down\707046.exe
C:\WINDOWS\system32\drivers\down\707218.exe
C:\WINDOWS\system32\drivers\down\707937.exe
C:\WINDOWS\system32\drivers\down\708734.exe
C:\WINDOWS\system32\drivers\down\708937.exe
C:\WINDOWS\system32\drivers\down\709109.exe
C:\WINDOWS\system32\drivers\down\711031.exe
C:\WINDOWS\system32\drivers\down\712218.exe
C:\WINDOWS\system32\drivers\down\714625.exe
C:\WINDOWS\system32\drivers\down\715906.exe
C:\WINDOWS\system32\drivers\down\716593.exe
C:\WINDOWS\system32\drivers\down\722250.exe
C:\WINDOWS\system32\drivers\down\72779828.exe
C:\WINDOWS\system32\drivers\down\72780203.exe
C:\WINDOWS\system32\drivers\down\72829281.exe
C:\WINDOWS\system32\drivers\down\72831171.exe
C:\WINDOWS\system32\drivers\down\72885000.exe
C:\WINDOWS\system32\drivers\down\72891500.exe
C:\WINDOWS\system32\drivers\down\72893640.exe
C:\WINDOWS\system32\drivers\down\72895765.exe
C:\WINDOWS\system32\drivers\down\72907203.exe
C:\WINDOWS\system32\drivers\down\72915734.exe
C:\WINDOWS\system32\drivers\down\72923328.exe
C:\WINDOWS\system32\drivers\down\72923968.exe
C:\WINDOWS\system32\drivers\down\72927218.exe
C:\WINDOWS\system32\drivers\down\72929421.exe
C:\WINDOWS\system32\drivers\down\72938765.exe
C:\WINDOWS\system32\drivers\down\72976750.exe
C:\WINDOWS\system32\drivers\down\72986250.exe
C:\WINDOWS\system32\drivers\down\734187.exe
C:\WINDOWS\system32\drivers\down\737000.exe
C:\WINDOWS\system32\drivers\down\746203.exe
C:\WINDOWS\system32\drivers\down\748062.exe
C:\WINDOWS\system32\drivers\down\754046.exe
C:\WINDOWS\system32\drivers\down\75492437.exe
C:\WINDOWS\system32\drivers\down\75504875.exe
C:\WINDOWS\system32\drivers\down\75541171.exe
C:\WINDOWS\system32\drivers\down\75546953.exe
C:\WINDOWS\system32\drivers\down\75549062.exe
C:\WINDOWS\system32\drivers\down\75555843.exe
C:\WINDOWS\system32\drivers\down\75559062.exe
C:\WINDOWS\system32\drivers\down\75571859.exe
C:\WINDOWS\system32\drivers\down\75572765.exe
C:\WINDOWS\system32\drivers\down\75573281.exe
C:\WINDOWS\system32\drivers\down\75575734.exe
C:\WINDOWS\system32\drivers\down\75585109.exe
C:\WINDOWS\system32\drivers\down\75616468.exe
C:\WINDOWS\system32\drivers\down\75627921.exe
C:\WINDOWS\system32\drivers\down\763078.exe
C:\WINDOWS\system32\drivers\down\765781.exe
C:\WINDOWS\system32\drivers\down\772000.exe
C:\WINDOWS\system32\drivers\down\782593.exe
C:\WINDOWS\system32\drivers\down\829031.exe
C:\WINDOWS\system32\drivers\down\83328.exe
C:\WINDOWS\system32\drivers\down\852203.exe
C:\WINDOWS\system32\drivers\down\86109.exe
C:\WINDOWS\system32\drivers\down\86875.exe
C:\WINDOWS\system32\drivers\down\86921.exe
C:\WINDOWS\system32\drivers\down\886187.exe
C:\WINDOWS\system32\drivers\down\88640.exe
C:\WINDOWS\system32\drivers\down\89250.exe
C:\WINDOWS\system32\drivers\down\89500.exe
C:\WINDOWS\system32\drivers\down\904546.exe
C:\WINDOWS\system32\drivers\down\90671.exe
C:\WINDOWS\system32\drivers\down\91062.exe
C:\WINDOWS\system32\drivers\down\92140.exe
C:\WINDOWS\system32\drivers\down\93812.exe
C:\WINDOWS\system32\drivers\down\95187.exe
C:\WINDOWS\system32\drivers\down\956484.exe
C:\WINDOWS\system32\drivers\down\96921.exe
C:\WINDOWS\system32\drivers\down\978359.exe
C:\WINDOWS\system32\drivers\down\98234.exe
C:\WINDOWS\system32\drivers\down\99437.exe
C:\WINDOWS\system32\drivers\down\996562.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\dsfwfskh.dll
C:\WINDOWS\system32\ectccvln.dll
C:\WINDOWS\system32\emuhfigj.dll
C:\WINDOWS\system32\erachava.dll
C:\WINDOWS\system32\gviueeon.ini
C:\WINDOWS\system32\hrhknoye.dll
C:\WINDOWS\system32\hrxexjli.dll
C:\WINDOWS\system32\iieppaoo.dll
C:\WINDOWS\system32\iwmxxxja.ini
C:\WINDOWS\system32\jkkHArOH.dll
C:\WINDOWS\system32\jrmtfomb.dll
C:\WINDOWS\system32\jsfqockh.dll
C:\WINDOWS\system32\kqsekyhj.dll
C:\WINDOWS\system32\lccjanpw.dll
C:\WINDOWS\system32\ltvhqqkx.dll
C:\WINDOWS\system32\mbmkbtrn.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\mjjqfygo.dll
C:\WINDOWS\system32\mlJAqpmj.dll
C:\WINDOWS\system32\mrlcyjyt.ini
C:\WINDOWS\system32\msgmkois.dll
C:\WINDOWS\system32\msxwrxcu.dll
C:\WINDOWS\system32\oujgqflg.dll
C:\WINDOWS\system32\ovwewmki.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnmmJca.dll
C:\WINDOWS\system32\pnkpicmd.dll
C:\WINDOWS\system32\pojjepdk.dll
C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\pqstv.ini2
C:\WINDOWS\system32\rqRLCRIA.dll
C:\WINDOWS\system32\siokmgsm.ini
C:\WINDOWS\system32\svriysdi.dll
C:\WINDOWS\system32\tyjyclrm.dll
C:\WINDOWS\system32\ukxfksto.ini
C:\WINDOWS\system32\vidglloq.dll
C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\wuovrwrn.ini
C:\WINDOWS\system32\yayVNffE.dll
C:\WINDOWS\system32\yomgtmng.dll
C:\WINDOWS\system32\yxvuuprr.ini
C:\WINDOWS\tk58.exe
C:\winlogon.exe
C:\x.dat
C:\z.dat
C:\WINDOWS\Fonts\'

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Legacy_SROSA
-------\Service_cmdService
-------\Service_Network Monitor
-------\Legacy_SROSA


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-21 to 2008-04-21 ))))))))))))))))))))))))))))))))))))
.

2008-04-21 20:39 . 2008-04-21 20:39 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-21 20:25 . 2008-04-21 20:49 <REP> d-------- C:\SDFix
2008-04-20 19:48 . 2008-04-20 19:48 <REP> d-------- C:\Program Files\Trend Micro
2008-04-20 15:46 . 2008-04-20 15:46 <REP> d-------- C:\Program Files\Enigma Software Group
2008-04-20 12:35 . 2008-04-20 12:35 34,688,749 --a------ C:\WINDOWS\VPTNFILE.227
2008-04-20 12:35 . 2008-04-20 12:35 34,688,749 --a------ C:\WINDOWS\LPT$VPN.227
2008-04-20 12:34 . 2008-04-20 12:35 <REP> d-------- C:\WINDOWS\AU_Temp
2008-04-17 20:03 . 2008-04-17 20:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-04-17 19:59 . 2008-04-17 19:59 <REP> d-------- C:\Program Files\IVT Corporation
2008-04-17 08:47 . 2008-04-17 08:47 <REP> d-------- C:\WINDOWS\system32\xcsDd18
2008-04-17 08:47 . 2008-04-17 08:47 <REP> d-------- C:\Temp\berDrv11
2008-04-17 08:47 . 2008-04-17 08:47 31,232 --a------ C:\WINDOWS\system32\pmnolmll.dll
2008-04-09 22:09 . 2008-04-09 22:09 <REP> d-------- C:\WINDOWS\system32\bharebio18
2008-04-09 22:09 . 2008-04-09 22:09 <REP> d-------- C:\Temp\wdlw14
2008-04-09 20:25 . 2008-04-09 20:25 <REP> d-------- C:\Program Files\Alwil Software
2008-04-09 20:06 . 2008-04-09 20:06 <REP> d-------- C:\Program Files\ProntoEdit4
2008-03-30 21:55 . 2008-04-09 19:19 2,180,403 ---hs---- C:\WINDOWS\system32\naokalka.ini
2008-03-29 22:47 . 2008-03-29 22:47 283 --a------ C:\WINDOWS\system32\temp_0000_65-18.aok
2008-03-29 22:46 . 2008-03-29 22:46 137 --a------ C:\WINDOWS\system32\test.aok
2008-03-29 21:57 . 2008-03-30 20:20 1,584,537 ---hs---- C:\WINDOWS\system32\pjhxyaew.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 19:10 13,440 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-04-20 10:35 91,744 ----a-w C:\WINDOWS\BPMNT.dll
2008-04-20 10:35 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-04-20 10:35 333,576 ----a-w C:\WINDOWS\tsc.exe
2008-04-20 10:35 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
2008-04-13 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-11 13:42 1,004 -c--a-w C:\Documents and Settings\CHRISTOPHE\Application Data\wklnhst.dat
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 21:51 --------- d-----w C:\Program Files\eMule
2008-03-12 21:45 --------- d-----w C:\Program Files\Norton AntiVirus
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2007-09-30 14:59 8,704 --sha-w C:\Program Files\Thumbs.db
1995-09-20 14:16 456,976 ----a-w C:\Program Files\Fichiers communs\dao3032.dll
2006-05-08 18:03 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-29 13:23 4603904]
"nwiz"="nwiz.exe" [2004-09-29 13:23 921600 C:\WINDOWS\system32\nwiz.exe]
"Cmaudio"="cmicnfg.cpl" []
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"Dit"="Dit.exe" [2004-04-02 13:31 86016 C:\WINDOWS\Dit.exe]
"CHotkey"="mHotkey.exe" [2002-07-23 11:09 477184 C:\WINDOWS\mHotkey.exe]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2004-10-08 17:14 81920]
"NvMediaCenter"="NvMCTray.dll" [2004-09-29 13:23 86016 C:\WINDOWS\system32\nvmctray.dll]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-04-20 21:10 71304]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-06-02 20:58 95960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07 49263]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 18:15 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 18:15 81920]
"PSPVideo9"="C:\Program Files\pspvideo9\pspVideo9.exe" [2005-10-30 02:56 606208]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2008-04-20 18:52 54424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxyawt]
cbxyawt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3acm"= ac3acm.acm
"vidc.yv12"= yv12vfw.dll
"msacm.lameacm"= LameACM.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%ProgramFiles%\\Messenger\\msmsgs.exe"=
"%ProgramFiles%\\AOL 9.0\\AOL.exe"=
"%ProgramFiles%\\AOL 9.0\\WAOL.exe"=
"%WinDir%\\system32\\fxsclnt.exe"=
"%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe"=
"%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe"=
"%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe"=
"C:\\Program Files\\AOL 9.0a\\waol.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\1168454215\\ee\\aolsoftware.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 09:04]
R3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-04-21 21:10]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-01 14:58]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 09:47]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2004-11-16 15:48]
S2 LogWatch;Event Log Watch;"C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe" [2008-04-20 18:50]
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2002-06-06 12:14]
S3 CA_LIC_CLNT;Client de licence CA;"C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe" [2002-09-20 16:27]
S3 CA_LIC_SRVR;Serveur de licence CA;"C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe" [2002-09-20 16:41]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys []
S3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2004-12-01 15:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{978c632e-c920-11dc-b53f-00038a000015}]
\Shell\Auto\command - H:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-15 19:15:12 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-04-21 19:13:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-21 21:10:52
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 126

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Hercules\Tunes Explorer\HTunesExplorerWireless.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-21 21:15:00 - machine was rebooted [CHRISTOPHE]
ComboFix-quarantined-files.txt 2008-04-21 19:14:57

Pre-Run: 93,602,521,088 octets libres
Post-Run: 93,595,856,896 octets libres

1000 --- E O F --- 2008-04-20 22:00:21
22 Avril 2008 20:59:49

re re re.... merci encore une fois pour tout , voici le nouveau rapport ..
ComboFix 08-04-20.2 - CHRISTOPHE 2008-04-22 20:36:40.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.584 [GMT 2:00]
Endroit: C:\Documents and Settings\CHRISTOPHE\Bureau\Combo-Fix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-22 to 2008-04-22 ))))))))))))))))))))))))))))))))))))
.

2008-04-22 20:29 . 2008-04-22 20:30 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-04-22 20:27 . 2008-04-22 20:28 <REP> d-------- C:\08a79f293a4c763183
2008-04-22 20:25 . 2006-03-24 06:37 49,152 --a------ C:\WINDOWS\system32\SET19.tmp
2008-04-22 20:22 . 2008-04-22 20:22 <REP> d-------- C:\WINDOWS\LastGood
2008-04-21 20:39 . 2008-04-21 20:39 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-21 20:25 . 2008-04-21 20:49 <REP> d-------- C:\SDFix
2008-04-20 19:48 . 2008-04-20 19:48 <REP> d-------- C:\Program Files\Trend Micro
2008-04-20 15:46 . 2008-04-20 15:46 <REP> d-------- C:\Program Files\Enigma Software Group
2008-04-20 12:35 . 2008-04-20 12:35 34,688,749 --a------ C:\WINDOWS\VPTNFILE.227
2008-04-20 12:35 . 2008-04-20 12:35 34,688,749 --a------ C:\WINDOWS\LPT$VPN.227
2008-04-20 12:34 . 2008-04-20 12:35 <REP> d-------- C:\WINDOWS\AU_Temp
2008-04-17 20:03 . 2008-04-17 20:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-04-17 19:59 . 2008-04-17 19:59 <REP> d-------- C:\Program Files\IVT Corporation
2008-04-17 08:47 . 2008-04-17 08:47 <REP> d-------- C:\WINDOWS\system32\xcsDd18
2008-04-17 08:47 . 2008-04-17 08:47 <REP> d-------- C:\Temp\berDrv11
2008-04-17 08:47 . 2008-04-17 08:47 31,232 --a------ C:\WINDOWS\system32\pmnolmll.dll
2008-04-09 22:09 . 2008-04-09 22:09 <REP> d-------- C:\WINDOWS\system32\bharebio18
2008-04-09 22:09 . 2008-04-09 22:09 <REP> d-------- C:\Temp\wdlw14
2008-04-09 20:25 . 2008-04-09 20:25 <REP> d-------- C:\Program Files\Alwil Software
2008-04-09 20:06 . 2008-04-09 20:06 <REP> d-------- C:\Program Files\ProntoEdit4
2008-03-30 21:55 . 2008-04-09 19:19 2,180,403 ---hs---- C:\WINDOWS\system32\naokalka.ini
2008-03-29 22:47 . 2008-03-29 22:47 283 --a------ C:\WINDOWS\system32\temp_0000_65-18.aok
2008-03-29 22:46 . 2008-03-29 22:46 137 --a------ C:\WINDOWS\system32\test.aok
2008-03-29 21:57 . 2008-03-30 20:20 1,584,537 ---hs---- C:\WINDOWS\system32\pjhxyaew.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 18:13 13,440 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-04-20 10:35 91,744 ----a-w C:\WINDOWS\BPMNT.dll
2008-04-20 10:35 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-04-20 10:35 333,576 ----a-w C:\WINDOWS\tsc.exe
2008-04-20 10:35 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
2008-04-13 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-11 13:42 1,004 -c--a-w C:\Documents and Settings\CHRISTOPHE\Application Data\wklnhst.dat
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 21:51 --------- d-----w C:\Program Files\eMule
2008-03-12 21:45 --------- d-----w C:\Program Files\Norton AntiVirus
2008-03-01 16:28 3,591,680 ------w C:\WINDOWS\system32\SET13A.tmp
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:02 663,552 ------w C:\WINDOWS\system32\wininet.dll
2007-09-30 14:59 8,704 --sha-w C:\Program Files\Thumbs.db
1995-09-20 14:16 456,976 ----a-w C:\Program Files\Fichiers communs\dao3032.dll
2006-05-08 18:03 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
.

((((((((((((((((((((((((((((( snapshot@2008-04-21_21.14.42.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-03-24 04:49:05 49,152 ----a-w C:\WINDOWS\$hf_mig$\KB904942\SP2QFE\wdigest.dll
+ 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB904942\spmsg.dll
+ 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB904942\spuninst.exe
+ 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB904942\update\spcustom.dll
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB904942\update\update.exe
+ 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB904942\update\updspapi.dll
+ 2006-07-14 15:52:22 121,856 ----a-w C:\WINDOWS\$hf_mig$\KB915865\SP2QFE\xmllite.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB915865\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB915865\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB915865\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB915865\update\updspapi.dll
+ 2007-12-07 01:42:15 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\advpack.dll
+ 2007-12-19 22:20:28 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\dxtmsft.dll
+ 2007-12-07 01:42:15 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\dxtrans.dll
+ 2007-12-07 01:42:15 133,120 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\extmgr.dll
+ 2007-12-07 01:42:15 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\icardie.dll
+ 2007-12-06 08:34:28 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ie4uinit.exe
+ 2007-12-07 01:42:15 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieakeng.dll
+ 2007-12-07 01:42:16 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieaksie.dll
+ 2007-12-06 05:00:02 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieapfltr.dat
+ 2007-12-07 01:42:16 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieapfltr.dll
+ 2007-12-07 01:42:16 388,096 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iedkcs32.dll
+ 2007-12-07 01:42:19 6,067,200 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieframe.dll
+ 2007-12-07 01:42:19 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iernonce.dll
+ 2007-12-07 01:42:19 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iertutil.dll
+ 2007-12-06 08:34:29 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieudinit.exe
+ 2007-12-06 08:34:45 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
+ 2007-12-07 01:42:20 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\jsproxy.dll
+ 2007-12-07 01:42:20 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\msfeeds.dll
+ 2007-12-07 01:42:20 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\msfeedsbs.dll
+ 2007-12-07 01:42:21 3,593,216 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
+ 2007-12-07 01:42:21 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\mshtmled.dll
+ 2007-12-07 01:42:21 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\msrating.dll
+ 2007-12-07 01:42:21 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\mstime.dll
+ 2007-12-07 01:42:21 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\occache.dll
+ 2008-01-11 05:54:27 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\pngfilt.dll
+ 2007-12-07 01:42:21 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\url.dll
+ 2007-12-07 01:42:22 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\urlmon.dll
+ 2007-12-07 01:42:22 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\webcheck.dll
+ 2007-12-07 01:42:22 825,344 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\update\updspapi.dll
+ 2008-03-01 12:34:26 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\advpack.dll
+ 2008-03-01 12:34:26 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\dxtmsft.dll
+ 2008-03-01 12:34:26 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\dxtrans.dll
+ 2008-03-01 12:34:27 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\extmgr.dll
+ 2008-03-01 12:34:27 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\icardie.dll
+ 2008-02-22 09:39:56 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ie4uinit.exe
+ 2008-03-01 12:34:27 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieakeng.dll
+ 2008-03-01 12:34:27 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dat
+ 2008-03-01 12:34:27 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dll
+ 2008-03-01 12:34:27 388,608 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iedkcs32.dll
+ 2008-03-01 12:34:29 6,067,712 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieframe.dll
+ 2008-03-01 12:34:29 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iernonce.dll
+ 2008-03-01 12:34:29 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iertutil.dll
+ 2008-02-22 09:39:56 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieudinit.exe
+ 2008-02-22 09:40:22 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
+ 2008-03-01 12:34:30 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\jsproxy.dll
+ 2008-03-01 12:34:30 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msfeeds.dll
+ 2008-03-01 12:34:30 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msfeedsbs.dll
+ 2008-03-01 12:34:32 3,593,216 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
+ 2008-03-01 12:34:32 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mshtmled.dll
+ 2008-03-01 12:34:32 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msrating.dll
+ 2008-03-01 12:34:32 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mstime.dll
+ 2008-03-01 12:34:32 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\occache.dll
+ 2008-03-01 12:34:32 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\pngfilt.dll
+ 2008-03-01 12:34:32 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\url.dll
+ 2008-03-01 12:34:33 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\urlmon.dll
+ 2008-03-01 12:34:33 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\webcheck.dll
+ 2008-03-01 12:34:33 827,392 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\updspapi.dll
- 2008-04-21 19:10:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-22 18:13:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2004-08-05 12:00:00 61,440 -c----w C:\WINDOWS\ie7\admparse.dll
+ 2004-08-05 12:00:00 101,888 -c----w C:\WINDOWS\ie7\advpack.dll
+ 2004-08-05 12:00:00 35,328 -c----w C:\WINDOWS\ie7\corpol.dll
+ 2006-06-02 19:32:20 33,792 -c----w C:\WINDOWS\ie7\custsat.dll
+ 2008-02-16 09:02:34 357,888 -c----w C:\WINDOWS\ie7\dxtmsft.dll
+ 2008-02-16 09:02:35 205,312 -c----w C:\WINDOWS\ie7\dxtrans.dll
+ 2008-02-16 09:02:35 55,808 -c----w C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-05 12:00:00 38,912 -c----w C:\WINDOWS\ie7\hmmapi.dll
+ 2004-08-05 12:00:00 34,304 -c----w C:\WINDOWS\ie7\ie4uinit.exe
+ 2004-08-05 12:00:00 139,264 -c----w C:\WINDOWS\ie7\ieakeng.dll
+ 2004-08-05 12:00:00 221,696 -c----w C:\WINDOWS\ie7\ieaksie.dll
+ 2004-08-05 12:00:00 245,760 -c----w C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-05 12:00:00 323,584 -c----w C:\WINDOWS\ie7\iedkcs32.dll
+ 2008-02-15 09:23:37 18,432 -c----w C:\WINDOWS\ie7\iedw.exe
+ 2004-08-05 12:00:00 81,920 -c----w C:\WINDOWS\ie7\ieencode.dll
+ 2008-02-16 09:02:35 251,392 -c----w C:\WINDOWS\ie7\iepeers.dll
+ 2004-08-05 12:00:00 49,152 -c----w C:\WINDOWS\ie7\iernonce.dll
+ 2004-08-05 12:00:00 63,488 -c----w C:\WINDOWS\ie7\iesetup.dll
+ 2004-08-05 12:00:00 93,184 -c----w C:\WINDOWS\ie7\iexplore.exe
+ 2004-08-05 12:00:00 35,840 -c----w C:\WINDOWS\ie7\imgutil.dll
+ 2008-02-16 09:02:35 96,768 -c----w C:\WINDOWS\ie7\inseng.dll
+ 2007-12-18 14:41:58 450,560 -c----w C:\WINDOWS\ie7\jscript.dll
+ 2008-02-16 09:02:35 16,384 -c----w C:\WINDOWS\ie7\jsproxy.dll
+ 2004-08-05 12:00:00 22,528 -c----w C:\WINDOWS\ie7\licmgr10.dll
+ 2004-08-05 12:00:00 29,184 -c----w C:\WINDOWS\ie7\mshta.exe
+ 2008-02-16 22:32:38 3,080,704 -c----w C:\WINDOWS\ie7\mshtml.dll
+ 2008-02-16 09:02:36 449,024 -c----w C:\WINDOWS\ie7\mshtmled.dll
+ 2004-08-05 12:00:00 57,344 -c----w C:\WINDOWS\ie7\mshtmler.dll
+ 2004-08-05 12:00:00 146,432 -c----w C:\WINDOWS\ie7\msls31.dll
+ 2008-02-16 09:02:37 146,432 -c----w C:\WINDOWS\ie7\msrating.dll
+ 2008-02-16 09:02:37 532,480 -c----w C:\WINDOWS\ie7\mstime.dll
+ 2004-08-05 12:00:00 97,280 -c----w C:\WINDOWS\ie7\occache.dll
+ 2008-02-16 09:02:37 39,424 -c----w C:\WINDOWS\ie7\pngfilt.dll
+ 2007-09-26 16:34:42 33,472 -c----w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-09-26 16:32:30 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 15:43:28 216,800 -c----w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 15:43:30 394,976 -c----w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2004-08-05 12:00:00 37,888 -c----w C:\WINDOWS\ie7\url.dll
+ 2008-02-16 09:02:39 617,984 -c----w C:\WINDOWS\ie7\urlmon.dll
+ 2007-12-18 14:41:59 417,792 -c----w C:\WINDOWS\ie7\vbscript.dll
+ 2007-06-26 13:56:54 851,968 -c----w C:\WINDOWS\ie7\vgx.dll
+ 2004-08-05 12:00:00 281,600 -c----w C:\WINDOWS\ie7\webcheck.dll
+ 2008-02-16 09:02:39 663,552 -c----w C:\WINDOWS\ie7\wininet.dll
+ 2007-08-13 16:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll
+ 2007-08-13 16:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtmsft.dll
+ 2007-08-13 16:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtrans.dll
+ 2007-08-13 16:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\extmgr.dll
+ 2007-08-13 16:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\icardie.dll
+ 2007-08-13 16:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ie4uinit.exe
+ 2007-08-13 16:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakeng.dll
+ 2007-08-13 16:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieaksie.dll
+ 2007-08-13 15:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakui.dll
+ 2007-02-12 14:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dat
+ 2007-07-11 10:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dll
+ 2007-08-13 16:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iedkcs32.dll
+ 2007-08-13 16:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieframe.dll
+ 2007-08-13 16:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iernonce.dll
+ 2007-08-13 16:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iertutil.dll
+ 2007-08-13 16:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieudinit.exe
+ 2007-08-13 16:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe
+ 2007-08-13 16:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\jsproxy.dll
+ 2007-08-13 16:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeeds.dll
+ 2007-08-13 16:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeedsbs.dll
+ 2007-08-13 16:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll
+ 2007-08-13 16:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtmled.dll
+ 2007-08-13 16:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msrating.dll
+ 2007-08-13 16:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mstime.dll
+ 2007-08-13 16:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\occache.dll
+ 2007-08-13 16:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\pngfilt.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\updspapi.dll
+ 2007-08-13 16:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll
+ 2007-08-13 16:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll
+ 2007-08-13 16:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll
+ 2007-08-13 16:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
+ 2007-12-07 02:08:32 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-07 02:08:32 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll.000
+ 2007-12-19 22:53:23 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-19 22:53:23 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll.000
+ 2007-12-07 02:08:32 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:08:32 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll.000
+ 2007-12-07 02:08:32 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:08:32 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-07 02:08:32 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll.000
+ 2007-12-06 11:02:31 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:08:32 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:08:32 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dat
+ 2007-12-07 02:08:32 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:08:32 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll.000
+ 2007-12-07 02:08:32 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:08:33 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:08:33 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll.000
+ 2007-12-07 02:08:33 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:08:33 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-07 02:08:33 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll.000
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 11:03:16 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-06 11:03:16 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe.000
+ 2007-12-07 02:08:33 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:08:33 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:08:33 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll.000
+ 2007-12-07 02:08:33 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-07 02:08:33 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll.000
+ 2007-12-08 08:38:36 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-08 08:38:36 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll.000
+ 2007-12-07 02:08:34 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:08:34 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll.000
+ 2007-12-07 02:08:34 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:08:34 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:08:34 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:36:55 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2008-01-11 05:36:55 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll.000
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:08:34 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:08:34 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll.000
+ 2007-12-07 02:08:34 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:08:34 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll.000
+ 2007-12-07 02:08:34 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:08:34 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll.000
+ 2007-12-07 02:08:34 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
+ 2007-12-07 02:08:34 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll.000
+ 2006-06-02 19:32:20 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
+ 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
- 2004-08-05 12:00:00 101,888 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-01 12:58:06 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-02-16 09:02:34 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 12:58:06 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-02-16 09:02:35 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 12:58:06 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-02-16 09:02:35 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 12:58:06 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 12:58:06 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2004-08-05 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-02-29 08:56:41 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2004-08-05 12:00:00 139,264 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 12:58:06 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2004-08-05 12:00:00 221,696 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-01 12:58:06 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2004-08-05 12:00:00 245,760 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dat
+ 2008-03-01 12:58:07 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2004-08-05 12:00:00 323,584 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-01 12:58:07 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-01 12:58:08 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2004-08-05 12:00:00 49,152 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 12:58:08 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 12:58:08 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2004-08-05 12:00:00 93,184 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-02-29 08:57:05 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-02-16 09:02:35 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 12:58:08 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 12:58:08 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-03-01 12:58:08 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-02-16 22:32:38 3,080,704 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-03-01 16:28:10 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-02-16 09:02:36 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 12:58:09 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-02-16 09:02:37 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 12:58:10 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-02-16 09:02:37 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 12:58:10 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2004-08-05 12:00:00 97,280 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-01 12:58:10 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-02-16 09:02:37 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 12:58:10 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2004-08-05 12:00:00 37,888 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-01 12:58:10 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2008-02-16 09:02:39 617,984 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-01 12:58:10 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2004-08-05 12:00:00 49,152 -c--a-w C:\WINDOWS\system32\dllcache\wdigest.dll
+ 2006-03-24 04:37:52 49,152 -c--a-w C:\WINDOWS\system32\dllcache\wdigest.dll
- 2004-08-05 12:00:00 281,600 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-01 12:58:11 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-02-16 09:02:39 663,552 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-01 12:58:11 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-02-16 09:02:35 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 12:58:06 133,120 ------w C:\WINDOWS\system32\extmgr.dll
+ 2007-08-13 16:36:26 61,952 ------w C:\WINDOWS\system32\icardie.dll
+ 2006-06-29 06:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
- 2004-08-05 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-02-29 08:56:41 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2004-08-05 12:00:00 139,264 -c--a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-01 12:58:06 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2004-08-05 12:00:00 221,696 -c--a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-01 12:58:06 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2004-08-05 12:00:00 245,760 -c--a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2007-02-12 14:10:12 2,451,312 ------w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-07-11 10:27:48 383,488 ------w C:\WINDOWS\system32\ieapfltr.dll
- 2004-08-05 12:00:00 323,584 -c--a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-01 12:58:07 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-08-13 16:54:10 6,049,280 ------w C:\WINDOWS\system32\ieframe.dll
- 2004-08-05 12:00:00 49,152 -c--a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 12:58:08 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2007-08-13 16:34:04 266,752 ------w C:\WINDOWS\system32\iertutil.dll
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-08-13 16:54:10 180,736 ------w C:\WINDOWS\system32\ieui.dll
- 2008-02-16 09:02:35 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-01 12:58:08 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2007-08-13 16:54:10 458,752 ------w C:\WINDOWS\system32\msfeeds.dll
+ 2007-08-13 16:54:10 50,688 ------w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-08-13 16:36:40 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
- 2008-02-16 09:02:37 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-03-01 12:58:10 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2008-02-16 09:02:37 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-03-01 12:58:10 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2006-06-28 15:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
+ 2006-06-29 06:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
- 2004-08-05 12:00:00 97,280 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-03-01 12:58:10 102,912 ------w C:\WINDOWS\system32\occache.dll
+ 2007-08-13 16:45:16 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
+ 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\system32\xmllite.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-29 13:23 4603904]
"nwiz"="nwiz.exe" [2004-09-29 13:23 921600 C:\WINDOWS\system32\nwiz.exe]
"Cmaudio"="cmicnfg.cpl" []
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"Dit"="Dit.exe" [2004-04-02 13:31 86016 C:\WINDOWS\Dit.exe]
"CHotkey"="mHotkey.exe" [2002-07-23 11:09 477184 C:\WINDOWS\mHotkey.exe]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2004-10-08 17:14 81920]
"NvMediaCenter"="NvMCTray.dll" [2004-09-29 13:23 86016 C:\WINDOWS\system32\nvmctray.dll]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-04-20 21:10 71304]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-06-02 20:58 95960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07 49263]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 18:15 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 18:15 81920]
"PSPVideo9"="C:\Program Files\pspvideo9\pspVideo9.exe" [2005-10-30 02:56 606208]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2008-04-20 18:52 54424]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-03-14 15:57:44 691984]
Tunes Explorer.lnk - C:\Program Files\Hercules\Tunes Explorer\HTunesExplorerWireless.exe [2007-10-03 01:19:57 106496]
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1_BDC88E5AF47B4314AB38994592E32C95.exe [2007-05-20 18:39:40 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxyawt]
cbxyawt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3acm"= ac3acm.acm
"vidc.yv12"= yv12vfw.dll
"msacm.lameacm"= LameACM.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%ProgramFiles%\\Messenger\\msmsgs.exe"=
"%ProgramFiles%\\AOL 9.0\\AOL.exe"=
"%ProgramFiles%\\AOL 9.0\\WAOL.exe"=
"%WinDir%\\system32\\fxsclnt.exe"=
"%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe"=
"%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe"=
"%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe"=
"C:\\Program Files\\AOL 9.0a\\waol.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\1168454215\\ee\\aolsoftware.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 09:04]
R3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-04-22 20:13]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-01 14:58]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 09:47]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2004-11-16 15:48]
S2 LogWatch;Event Log Watch;"C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe" [2008-04-20 18:50]
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2002-06-06 12:14]
S3 CA_LIC_CLNT;Client de licence CA;"C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe" [2002-09-20 16:27]
S3 CA_LIC_SRVR;Serveur de licence CA;"C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe" [2002-09-20 16:41]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys []
S3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2004-12-01 15:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{978c632e-c920-11dc-b53f-00038a000015}]
\Shell\Auto\command - H:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-15 19:15:12 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-04-22 18:38:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 20:37:29
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-22 20:38:34
ComboFix-quarantined-files.txt 2008-04-22 18:38:26
ComboFix2.txt 2008-04-21 19:15:01

Pre-Run: 93,210,128,384 octets libres
Post-Run: 93,201,645,568 octets libres

453 --- E O F --- 2008-04-22 18:31:47
22 Avril 2008 21:08:51

Re,

Copie le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\system32\naokalka.ini
C:\WINDOWS\system32\pmnolmll.dll
C:\WINDOWS\system32\pjhxyaew.ini

Folder::
C:\Temp
C:\WINDOWS\system32\bharebio18

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxyawt]


Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt sur ton Bureau.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.
22 Avril 2008 21:24:39

Il ne veux pas fonctionner .; j'ai un message d'erreur qui me dit que c'est mal ecrit ...
ps ... on m'a parlé d'un logiciel qui s'appelle :"cleanup 40" qu'en penses tu ?
merci encore
22 Avril 2008 21:29:58

voici mon dernier rapport combofix :
ComboFix 08-04-20.2 - CHRISTOPHE 2008-04-22 21:22:41.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.630 [GMT 2:00]
Endroit: C:\Documents and Settings\CHRISTOPHE\Bureau\Combo-Fix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-22 to 2008-04-22 ))))))))))))))))))))))))))))))))))))
.

2008-04-22 20:30 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-22 20:30 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-22 20:30 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-22 20:30 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-22 20:30 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-22 20:30 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-22 20:30 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-22 20:30 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-22 20:30 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-22 20:29 . 2008-04-22 20:30 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-04-21 20:39 . 2008-04-21 20:39 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-21 20:25 . 2008-04-21 20:49 <REP> d-------- C:\SDFix
2008-04-20 19:48 . 2008-04-20 19:48 <REP> d-------- C:\Program Files\Trend Micro
2008-04-20 15:46 . 2008-04-20 15:46 <REP> d-------- C:\Program Files\Enigma Software Group
2008-04-20 12:35 . 2008-04-20 12:35 34,688,749 --a------ C:\WINDOWS\VPTNFILE.227
2008-04-20 12:35 . 2008-04-20 12:35 34,688,749 --a------ C:\WINDOWS\LPT$VPN.227
2008-04-20 12:34 . 2008-04-20 12:35 <REP> d-------- C:\WINDOWS\AU_Temp
2008-04-17 20:03 . 2008-04-17 20:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-04-17 19:59 . 2008-04-17 19:59 <REP> d-------- C:\Program Files\IVT Corporation
2008-04-17 08:47 . 2008-04-17 08:47 <REP> d-------- C:\WINDOWS\system32\xcsDd18
2008-04-17 08:47 . 2008-04-17 08:47 <REP> d-------- C:\Temp\berDrv11
2008-04-17 08:47 . 2008-04-17 08:47 31,232 --a------ C:\WINDOWS\system32\pmnolmll.dll
2008-04-09 22:09 . 2008-04-09 22:09 <REP> d-------- C:\WINDOWS\system32\bharebio18
2008-04-09 22:09 . 2008-04-09 22:09 <REP> d-------- C:\Temp\wdlw14
2008-04-09 20:25 . 2008-04-09 20:25 <REP> d-------- C:\Program Files\Alwil Software
2008-04-09 20:06 . 2008-04-09 20:06 <REP> d-------- C:\Program Files\ProntoEdit4
2008-03-30 21:55 . 2008-04-09 19:19 2,180,403 ---hs---- C:\WINDOWS\system32\naokalka.ini
2008-03-29 22:47 . 2008-03-29 22:47 283 --a------ C:\WINDOWS\system32\temp_0000_65-18.aok
2008-03-29 22:46 . 2008-03-29 22:46 137 --a------ C:\WINDOWS\system32\test.aok
2008-03-29 21:57 . 2008-03-30 20:20 1,584,537 ---hs---- C:\WINDOWS\system32\pjhxyaew.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 18:49 13,440 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-04-20 10:35 91,744 ----a-w C:\WINDOWS\BPMNT.dll
2008-04-20 10:35 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-04-20 10:35 333,576 ----a-w C:\WINDOWS\tsc.exe
2008-04-20 10:35 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
2008-04-13 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-11 13:42 1,004 -c--a-w C:\Documents and Settings\CHRISTOPHE\Application Data\wklnhst.dat
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 21:51 --------- d-----w C:\Program Files\eMule
2008-03-12 21:45 --------- d-----w C:\Program Files\Norton AntiVirus
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-09-30 14:59 8,704 --sha-w C:\Program Files\Thumbs.db
1995-09-20 14:16 456,976 ----a-w C:\Program Files\Fichiers communs\dao3032.dll
2006-05-08 18:03 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
.

((((((((((((((((((((((((((((( snapshot_2008-04-22_20.37.55,23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-22 18:13:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-22 18:49:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2004-08-05 12:00:00 61,440 -c----w C:\WINDOWS\system32\admparse.dll
+ 2007-08-13 16:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
- 2004-08-05 12:00:00 101,888 ------w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 12:58:06 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2004-08-05 12:00:00 61,440 -c----w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2007-08-13 16:39:20 71,680 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
- 2004-05-11 22:18:58 28,672 -c----w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2007-08-13 16:54:10 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
- 2004-08-05 12:00:00 38,912 -c----w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2007-08-13 16:18:02 60,416 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
- 2008-02-15 09:23:37 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 16:44:02 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2004-08-05 12:00:00 81,920 -c----w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2007-08-13 16:45:18 78,336 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
- 2008-02-16 09:02:35 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-13 16:54:10 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2004-08-05 12:00:00 63,488 -c----w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2007-08-13 16:39:12 55,296 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
- 2004-08-05 12:00:00 35,840 -c----w C:\WINDOWS\system32\dllcache\imgutil.dll
+ 2007-08-13 16:36:06 36,352 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2008-02-16 09:02:35 96,768 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-13 16:39:02 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-12-18 14:41:58 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-08-13 16:38:04 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2004-08-05 12:00:00 22,528 -c----w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2007-08-13 16:44:18 40,960 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
- 2004-08-05 12:00:00 29,184 -c----w C:\WINDOWS\system32\dllcache\mshta.exe
+ 2007-08-13 16:32:30 45,568 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
- 2004-08-05 12:00:00 57,344 -c----w C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2007-08-13 16:01:12 48,128 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2004-08-05 12:00:00 146,432 -c----w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2007-08-13 16:54:10 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
- 2007-12-18 14:41:59 417,792 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2007-08-13 16:54:10 413,696 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-06-26 13:56:54 851,968 -c----w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-08-13 16:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll
- 2008-02-16 09:02:34 357,888 ------w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-01 12:58:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-02-16 09:02:35 205,312 ------w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-01 12:58:06 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-08-13 16:36:26 61,952 ------w C:\WINDOWS\system32\icardie.dll
+ 2008-03-01 12:58:06 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-02-12 14:10:12 2,451,312 ------w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
- 2007-07-11 10:27:48 383,488 ------w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-03-01 12:58:07 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2004-08-05 12:00:00 81,920 -c----w C:\WINDOWS\system32\ieencode.dll
+ 2007-08-13 16:45:18 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
- 2007-08-13 16:54:10 6,049,280 ------w C:\WINDOWS\system32\ieframe.dll
+ 2008-03-01 12:58:08 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-02-16 09:02:35 251,392 ------w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-13 16:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-08-13 16:34:04 266,752 ------w C:\WINDOWS\system32\iertutil.dll
+ 2008-03-01 12:58:08 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2004-08-05 12:00:00 63,488 -c----w C:\WINDOWS\system32\iesetup.dll
+ 2007-08-13 16:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
- 2004-08-05 12:00:00 35,840 -c----w C:\WINDOWS\system32\imgutil.dll
+ 2007-08-13 16:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2008-02-16 09:02:35 96,768 ------w C:\WINDOWS\system32\inseng.dll
+ 2007-08-13 16:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-12-18 14:41:58 450,560 ------w C:\WINDOWS\system32\jscript.dll
+ 2007-08-13 16:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
- 2004-08-05 12:00:00 22,528 -c----w C:\WINDOWS\system32\licmgr10.dll
+ 2007-08-13 16:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
- 2007-08-13 16:54:10 458,752 ------w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-01 12:58:08 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-08-13 16:54:10 50,688 ------w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-03-01 12:58:08 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2004-08-05 12:00:00 29,184 -c----w C:\WINDOWS\system32\mshta.exe
+ 2007-08-13 16:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2008-02-16 22:32:38 3,080,704 ------w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-01 16:28:10 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-02-16 09:02:36 449,024 ------w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-01 12:58:09 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-05 12:00:00 57,344 -c----w C:\WINDOWS\system32\mshtmler.dll
+ 2007-08-13 16:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2004-08-05 12:00:00 146,432 ------w C:\WINDOWS\system32\msls31.dll
+ 2007-08-13 16:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2008-02-16 09:02:37 39,424 ------w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-01 12:58:10 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2004-08-05 12:00:00 37,888 ------w C:\WINDOWS\system32\url.dll
+ 2008-03-01 12:58:10 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-02-16 09:02:39 617,984 ------w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-01 12:58:10 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-12-18 14:41:59 417,792 ------w C:\WINDOWS\system32\vbscript.dll
+ 2007-08-13 16:54:10 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2004-08-05 12:00:00 49,152 ------w C:\WINDOWS\system32\wdigest.dll
+ 2006-03-24 04:37:52 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
- 2004-08-05 12:00:00 281,600 ------w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-01 12:58:11 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-29 13:23 4603904]
"nwiz"="nwiz.exe" [2004-09-29 13:23 921600 C:\WINDOWS\system32\nwiz.exe]
"Cmaudio"="cmicnfg.cpl" []
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"Dit"="Dit.exe" [2004-04-02 13:31 86016 C:\WINDOWS\Dit.exe]
"CHotkey"="mHotkey.exe" [2002-07-23 11:09 477184 C:\WINDOWS\mHotkey.exe]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2004-10-08 17:14 81920]
"NvMediaCenter"="NvMCTray.dll" [2004-09-29 13:23 86016 C:\WINDOWS\system32\nvmctray.dll]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-04-20 21:10 71304]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-06-02 20:58 95960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07 49263]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 18:15 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 18:15 81920]
"PSPVideo9"="C:\Program Files\pspvideo9\pspVideo9.exe" [2005-10-30 02:56 606208]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2008-04-20 18:52 54424]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-03-14 15:57:44 691984]
Tunes Explorer.lnk - C:\Program Files\Hercules\Tunes Explorer\HTunesExplorerWireless.exe [2007-10-03 01:19:57 106496]
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1_BDC88E5AF47B4314AB38994592E32C95.exe [2007-05-20 18:39:40 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxyawt]
cbxyawt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3acm"= ac3acm.acm
"vidc.yv12"= yv12vfw.dll
"msacm.lameacm"= LameACM.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%ProgramFiles%\\Messenger\\msmsgs.exe"=
"%ProgramFiles%\\AOL 9.0\\AOL.exe"=
"%ProgramFiles%\\AOL 9.0\\WAOL.exe"=
"%WinDir%\\system32\\fxsclnt.exe"=
"%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe"=
"%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe"=
"%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe"=
"C:\\Program Files\\AOL 9.0a\\waol.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\1168454215\\ee\\aolsoftware.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 09:04]
R3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-04-22 20:49]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-01 14:58]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 09:47]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2004-11-16 15:48]
S2 LogWatch;Event Log Watch;"C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe" [2008-04-20 18:50]
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2002-06-06 12:14]
S3 CA_LIC_CLNT;Client de licence CA;"C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe" [2002-09-20 16:27]
S3 CA_LIC_SRVR;Serveur de licence CA;"C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe" [2002-09-20 16:41]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys []
S3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2004-12-01 15:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{978c632e-c920-11dc-b53f-00038a000015}]
\Shell\Auto\command - H:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-15 19:15:12 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-04-22 19:23:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 21:23:42
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-22 21:25:22
ComboFix-quarantined-files.txt 2008-04-22 19:24:56
ComboFix2.txt 2008-04-22 18:38:35
ComboFix3.txt 2008-04-21 19:15:01

Pre-Run: 93,230,358,528 octets libres
Post-Run: 93,221,224,448 octets libres

251 --- E O F --- 2008-04-22 18:31:47
22 Avril 2008 22:19:54

Re,

Refais le CFScript.

- Poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu./Appliquer - - > OK

Assure-toi que le fichier se nomme bien CFScript.txt et non CFScript.txt.txt
Combofix et le cfscript doivent être placés au même endroit.
22 Avril 2008 23:01:33

salut .. j'ai bien fait ce que tu m'as dit .; pas de coche sur "masquer .... " et le fichier est bien sur le bureau comme le logo de "combo-fix.exe et le nom du fichier est bien cfscript.text ... en ayant respecté les majuscules ...
quand je fais glisser .. il me demande si je veux executer le logiciel .. je reponds oui.. et ....nouveautée .; " you cannot rename ComboFix as Combo-Fix .; please use another name, .......;
desole d'etre aussi nul ...
23 Avril 2008 00:57:02

Re,

CFScript.text ??
=> CFScript.txt

Normalement ce n'est pas le nom de Combofix qui pose problème ..
24 Avril 2008 21:38:30

re bonsoir ...
desole je ne me suis pas connecté depuis quelques temps .. j'ai ressayé de faire glisser mon fichier txt sur combofix et rebelotte ... messge d'erreur comme quoi l'ecriture n'est pas bonne ..
merci encore
24 Avril 2008 21:48:40

Tu t'es forcément trompé quelque part :p 

Sinon supprime ta version de Combofix, retélécharge-le à partir de mon lien et ressaie sans le renommer (combofix).

Vérifie bien que c'est CFScript.txt et pas txt.txt ! (afficher les extensions !)
Ils doivent être placés au même endroit.
24 Avril 2008 22:20:25

rerere.. lol .. et bien apres avoir tout supprimé et tout recommencer .; victoire .; voici le nouveau rapport .; et encore et toujours .. merci
ComboFix 08-04-22.5 - CHRISTOPHE 2008-04-24 22:16:40.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.609 [GMT 2:00]
Endroit: C:\Documents and Settings\CHRISTOPHE\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\CHRISTOPHE\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\WINDOWS\system32\naokalka.ini
C:\WINDOWS\system32\pjhxyaew.ini
C:\WINDOWS\system32\pmnolmll.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp
C:\Temp\berDrv11\fxpNbu.log
C:\Temp\wdlw14\maxN1bo.log
C:\WINDOWS\system32\bharebio18
C:\WINDOWS\system32\bharebio18\bharebio182328.exe
C:\WINDOWS\system32\naokalka.ini
C:\WINDOWS\system32\pjhxyaew.ini
C:\WINDOWS\system32\pmnolmll.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))))))))
.

2008-04-24 19:17 . 2008-04-24 19:17 <REP> d-------- C:\WINDOWS\LastGood
2008-04-22 20:30 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-22 20:30 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-22 20:30 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-22 20:30 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-22 20:30 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-22 20:30 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-22 20:30 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-22 20:30 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-22 20:30 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-22 20:29 . 2008-04-22 20:30 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-04-21 20:39 . 2008-04-21 20:39 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-21 20:25 . 2008-04-21 20:49 <REP> d-------- C:\SDFix
2008-04-20 19:48 . 2008-04-20 19:48 <REP> d-------- C:\Program Files\Trend Micro
2008-04-20 15:46 . 2008-04-20 15:46 <REP> d-------- C:\Program Files\Enigma Software Group
2008-04-20 12:35 . 2008-04-20 12:35 34,688,749 --a------ C:\WINDOWS\VPTNFILE.227
2008-04-20 12:35 . 2008-04-20 12:35 34,688,749 --a------ C:\WINDOWS\LPT$VPN.227
2008-04-20 12:34 . 2008-04-20 12:35 <REP> d-------- C:\WINDOWS\AU_Temp
2008-04-17 20:03 . 2008-04-17 20:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-04-17 19:59 . 2008-04-17 19:59 <REP> d-------- C:\Program Files\IVT Corporation
2008-04-17 08:47 . 2008-04-17 08:47 <REP> d-------- C:\WINDOWS\system32\xcsDd18
2008-04-09 20:25 . 2008-04-09 20:25 <REP> d-------- C:\Program Files\Alwil Software
2008-04-09 20:06 . 2008-04-09 20:06 <REP> d-------- C:\Program Files\ProntoEdit4
2008-03-29 22:47 . 2008-03-29 22:47 283 --a------ C:\WINDOWS\system32\temp_0000_65-18.aok
2008-03-29 22:46 . 2008-03-29 22:46 137 --a------ C:\WINDOWS\system32\test.aok

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 17:16 13,440 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-04-20 10:35 91,744 ----a-w C:\WINDOWS\BPMNT.dll
2008-04-20 10:35 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-04-20 10:35 333,576 ----a-w C:\WINDOWS\tsc.exe
2008-04-20 10:35 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
2008-04-13 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-11 13:42 1,004 -c--a-w C:\Documents and Settings\CHRISTOPHE\Application Data\wklnhst.dat
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 21:51 --------- d-----w C:\Program Files\eMule
2008-03-12 21:45 --------- d-----w C:\Program Files\Norton AntiVirus
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-09-30 14:59 8,704 --sha-w C:\Program Files\Thumbs.db
1995-09-20 14:16 456,976 ----a-w C:\Program Files\Fichiers communs\dao3032.dll
2006-05-08 18:03 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
.

((((((((((((((((((((((((((((( snapshot_2008-04-22_21.24.36,40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-22 18:49:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-24 17:15:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-29 13:23 4603904]
"nwiz"="nwiz.exe" [2004-09-29 13:23 921600 C:\WINDOWS\system32\nwiz.exe]
"Cmaudio"="cmicnfg.cpl" []
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"Dit"="Dit.exe" [2004-04-02 13:31 86016 C:\WINDOWS\Dit.exe]
"CHotkey"="mHotkey.exe" [2002-07-23 11:09 477184 C:\WINDOWS\mHotkey.exe]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2004-10-08 17:14 81920]
"NvMediaCenter"="NvMCTray.dll" [2004-09-29 13:23 86016 C:\WINDOWS\system32\nvmctray.dll]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-04-20 21:10 71304]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-06-02 20:58 95960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07 49263]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 18:15 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 18:15 81920]
"PSPVideo9"="C:\Program Files\pspvideo9\pspVideo9.exe" [2005-10-30 02:56 606208]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2008-04-20 18:52 54424]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-03-14 15:57:44 691984]
Tunes Explorer.lnk - C:\Program Files\Hercules\Tunes Explorer\HTunesExplorerWireless.exe [2007-10-03 01:19:57 106496]
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1_BDC88E5AF47B4314AB38994592E32C95.exe [2007-05-20 18:39:40 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%ProgramFiles%\\Messenger\\msmsgs.exe"=
"%ProgramFiles%\\AOL 9.0\\AOL.exe"=
"%ProgramFiles%\\AOL 9.0\\WAOL.exe"=
"%WinDir%\\system32\\fxsclnt.exe"=
"%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe"=
"%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe"=
"%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe"=
"C:\\Program Files\\AOL 9.0a\\waol.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\1168454215\\ee\\aolsoftware.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 09:04]
R3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-04-24 19:16]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-01 14:58]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 09:47]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2004-11-16 15:48]
S2 LogWatch;Event Log Watch;"C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe" [2008-04-20 18:50]
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2002-06-06 12:14]
S3 CA_LIC_CLNT;Client de licence CA;"C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe" [2002-09-20 16:27]
S3 CA_LIC_SRVR;Serveur de licence CA;"C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe" [2002-09-20 16:41]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys []
S3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2004-12-01 15:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{978c632e-c920-11dc-b53f-00038a000015}]
\Shell\Auto\command - H:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-15 19:15:12 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-04-24 20:18:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 22:17:20
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-24 22:18:22
ComboFix-quarantined-files.txt 2008-04-24 20:18:07
ComboFix2.txt 2008-04-24 20:09:56
ComboFix3.txt 2008-04-22 19:25:23
ComboFix4.txt 2008-04-22 18:38:35
ComboFix5.txt 2008-04-21 19:15:01

Pre-Run: 93,186,338,816 octets libres
Post-Run: 93,173,186,560 octets libres

170 --- E O F --- 2008-04-22 18:31:47
24 Avril 2008 22:51:38

ça avance :) 
Reposte un Hijack'
28 Avril 2008 21:40:20

re re ..aie ... imùpossible d'ouvrir Hijackthis .... il m'indique : c:/ programfile .........hijackThis .exe n'est pas une application win32 valide ... que dois je faire ?, retelecharger hijackthis ??
merci encore
28 Avril 2008 21:54:44

Pas possible ça, on a pourtant enlevé Bagle ..
Tu dois avoir un crack :) 

On va vérifier ça :

Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer. (Tuto)
Autorise les active x.
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse. Enregistres sous le rapport en format .txt.
Colle son rapport ici.
28 Avril 2008 22:25:53

e re .. decidement il y a des soirs comme ca .. voici ce que kaspersky me dit ...
Initialize Kaspersky Online Scanner
(downloading and installing Kaspersky Online Scanner ActiveX from the server into your computer)
et j'ai bien sur instaler activeX et mis IE en securité moyene ;. merci encore et toujours
28 Avril 2008 22:34:04

bon de colere j'ai supprimé le dossier " trend micro " dans program file et re telechargé hijackthis .. et voici le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:33:25, on 28/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\pspvideo9\pspVideo9.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Hercules\Tunes Explorer\HTunesExplorerWireless.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/defaults/sb/ymsgr6/...*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Tunes Explorer.lnk = C:\Program Files\Hercules\Tunes Explorer\HTunesExplorerWireless.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version7/Applet/vchatsign.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.1.11/cfweb_a...
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://webmail.blm-technologies.fr/iNotes6W.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld....
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scann...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9588 bytes
29 Avril 2008 20:42:48

Je viens de comprendre, on se trouvait en effet avec l'hijackthis détérioré par Bagle.
Tu n'as pas d'antivirus ?

Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
Poste le rapport se trouve ici : C:\rapport_clean.txt

Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.

*******

Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le Nettoyage, puis fais Chercher des erreurs et sauvegardes si tu le souhaites.

Télécharge et installe Antivir. (tuto)
Vérifie qu’il soit bien à jour ! Ouvre Antivir; va dans l'onglet Scanner, active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur), lance le scan. Poste moi le rapport généré (qui se trouve dans l'onglet reports).
29 Avril 2008 21:40:22

29/04/2008 a 21:38:04,54

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\SpoonUninstall.exe FOUND

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Viewpoint\" FOUND
29 Avril 2008 21:46:23

Re,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées :
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.

    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    Toujours en mode sans échec, relance clean et fais l'option 2, poste le rapport.
    29 Avril 2008 23:26:42

    RE bonsoir ..; j'espere que tu vas bien ; bon j'en suis a antivir .; j'ai trouvé tout les trucs a cocher ..mais .... quand je lance le scan ..; "self test failed " et la mise a jour est un succes .. je vais passer à l'etape suivante que tu m'as indiqué .;merci encore une fois
    chris
    30 Avril 2008 21:31:16

    BONSOIR ;;.j'ai finalement reussis a faire passer MBAM et voici le rapport .; merci!!!!!
    +ram Files\JavaCore\JavaCore.exe.vir (Trojan.Insider) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Program Files\Messenger\wozecop89104.dll.vir (Adware.TTC) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Program Files\Network Monitor\netmon.exe.vir (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\tk58.exe.vir (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\Q0hSSVNUT1BIRQ\asappsrv.dll.vir (AdWare.CommAd) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\Q0hSSVNUT1BIRQ\command.exe.vir (AdWare.CommAd) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\akauehkx.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\emuhfigj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\erachava.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\jkkHArOH.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\lccjanpw.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\ltvhqqkx.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\mlJAqpmj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\oujgqflg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\pmnmmJca.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\pnkpicmd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\yayVNffE.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\aqVreo18\aqVreo182328.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\bharebio18\bharebio182328.exe.vir (Trojan.DownLoader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1067\A0140650.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1069\A0140887.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1070\A0140919.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1070\A0140946.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1070\A0140947.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1071\A0140992.exe (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1071\A0141015.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1071\A0141026.exe (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1072\A0141441.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1072\A0141660.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1072\A0141661.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1073\A0142747.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1073\A0142754.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1073\A0142755.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1074\A0142847.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1074\A0142860.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1076\A0142965.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1078\A0144002.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1080\A0145221.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1080\A0145222.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1080\A0145228.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1080\A0145229.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1081\A0145420.exe (Trojan.Insider) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1081\A0145422.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1081\A0146032.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1081\A0146035.exe (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1081\A0146040.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1081\A0146041.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1081\A0146042.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1081\A0146052.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1081\A0146053.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1081\A0146057.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1081\A0146062.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1081\A0146065.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1081\A0146066.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1081\A0146067.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1081\A0146073.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1081\A0146083.exe (AdWare.CommAd) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1081\A0146084.dll (Adware.TTC) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1081\A0146085.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1081\A0146086.dll (AdWare.CommAd) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1082\A0146232.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1082\A0146233.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1082\A0147221.exe (Trojan.Insider) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1082\A0147222.exe (Trojan.Insider) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1082\A0147223.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1082\A0147224.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1082\A0147246.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1082\A0147247.exe (Trojan.Insider) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1082\A0147256.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1082\A0147257.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1082\A0147304.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1082\A0147305.dll (Adware.TargetSaver) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1082\A0147306.vbs (Malware.Trace) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1082\A0147312.dll (Adware.TargetSaver) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1082\A0147313.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1082\A0147314.vbs (Malware.Trace) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1086\A0147871.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
    C:\WINDOWS\b138.MSNFix (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\b152.MSNFix (Trojan.Insider) -> Quarantined and deleted successfully.
    C:\WINDOWS\mrofinu1000106.MSNFix (Trojan.DownLoader) -> Quarantined and deleted successfully.
    C:\WINDOWS\mrofinu1188.exe.MSNFix (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\mrofinu1188.MSNFix (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\axs9\key89104.exe (Adware.TTC) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\md4\vomb33dll.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iDlo18\iDlo182328.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\CHRISTOPHE\lsass.MSNFix (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
    30 Avril 2008 21:47:21

    et voici le rapport clean ....
    j'espere que on s'approche de la bete de course!! lol
    Script execute en mode sans echec
    Rapport clean par Malekal_morte - http://www.malekal.com
    Script execute en mode sans echec 30/04/2008 a 21:36:05,15

    Microsoft Windows XP [version 5.1.2600]

    *** Suppression des fichiers dans C:

    *** Suppression des fichiers dans C:\WINDOWS\

    *** Suppression des fichiers dans C:\WINDOWS\system32

    *** Suppression des fichiers dans C:\Program Files

    *** Suppression des clefs du registre effectuee..
    *** Fin du rapport !
    30 Avril 2008 23:38:20

    Re,

    Manque le rapport AntiVir :) 

    Supprime :

  • C:\WINDOWS\system32\axs9
  • C:\WINDOWS\system32\md4
  • C:\WINDOWS\system32\iDlo18
    1 Mai 2008 09:53:56

    salut ..
    oui je sais pour le rapport antivir mais je n'arrive pas a le faire fonctionner ... j'ai trouvé tout les trucs a cocher ..mais .... quand je lance le scan ..; "self test failed " et la mise a jour est un succes
    merci beaucoup
    1 Mai 2008 12:25:28

    Tu peux le désinstaller/réinstaller pour voir ?
    Sinon essaie en mode sans échec.
    Sinon fais le scan qu'ils te proposent eux dans la fenêtre d'acceuil d'AntiVir.
    4 Mai 2008 19:52:27

    bonsoir .. j'ai trafiqué et voila le rapport de antivir .. merci ..


    Avira AntiVir Personal
    Report file date: dimanche 4 mai 2008 19:48

    Scanning for 1248213 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: NOM-86D0CDC22E1

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
    ANTIVIR2.VDF : 7.0.3.197 1260032 Bytes 22/04/2008 20:16:31
    ANTIVIR3.VDF : 7.0.3.243 276992 Bytes 02/05/2008 17:24:01
    Engineversion : 8.1.0.37
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.28 233851 Bytes 01/05/2008 08:04:27
    AESCN.DLL : 8.1.0.15 119157 Bytes 01/05/2008 08:04:26
    AERDL.DLL : 8.1.0.20 418165 Bytes 29/04/2008 20:16:38
    AEPACK.DLL : 8.1.1.4 364918 Bytes 29/04/2008 20:16:37
    AEOFFICE.DLL : 8.1.0.18 192890 Bytes 29/04/2008 20:16:36
    AEHEUR.DLL : 8.1.0.21 1196407 Bytes 01/05/2008 08:04:24
    AEHELP.DLL : 8.1.0.14 115063 Bytes 29/04/2008 20:16:34
    AEGEN.DLL : 8.1.0.18 299381 Bytes 29/04/2008 20:16:34
    AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:43
    AECORE.DLL : 8.1.0.27 168310 Bytes 29/04/2008 20:16:33
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:, E:, H:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: dimanche 4 mai 2008 19:48

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'jucheck.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'X10nets.exe' - '1' Module(s) have been scanned
    Scan process 'BlueSoleil VoIP Plugin.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
    Scan process 'wanmpsvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SiSWLSvc.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'BTNtService.exe' - '1' Module(s) have been scanned
    Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'HTunesExplorerWireless.exe' - '1' Module(s) have been scanned
    Scan process 'BlueSoleil.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Module is infected -> 'C:\Documents and Settings\CHRISTOPHE\lsass.exe'
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'pspVideo9.exe' - '1' Module(s) have been scanned
    Scan process 'issch.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'PCMService.exe' - '1' Module(s) have been scanned
    Scan process 'mHotkey.exe' - '1' Module(s) have been scanned
    Scan process 'Dit.exe' - '1' Module(s) have been scanned
    Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    Process 'lsass.exe' has been terminated
    C:\Documents and Settings\CHRISTOPHE\lsass.exe
    [DETECTION] Contains detection pattern of the dropper DR/IRCBot.ABUF
    [NOTE] The file was moved to '487ef785.qua'!

    44 processes with 43 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD4
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD5
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!
    Boot sector 'E:\'
    [INFO] No virus was found!
    Boot sector 'H:\'
    [INFO] No virus was found!

    Starting to scan the registry.

    The registry was scanned ( '41' files ).


    Starting the file scan:

    Begin scan in 'C:\' <BOOT>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!


    End of the scan: dimanche 4 mai 2008 19:49
    Used time: 00:30 min

    The scan has been canceled!

    1 Scanning directories
    103 Files were scanned
    2 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    1 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    101 Files not concerned
    1 Archives were scanned
    6 Warnings
    1 Notes

    4 Mai 2008 20:49:43

    et voici un deuxieme rapport qui me parait plus complet ...au fait j'ai coché " delete" lorsqu'il bloquait sur un fichier qui ne lui plaisiat pas .; j'espere avoir bien fait


    Avira AntiVir Personal
    Report file date: dimanche 4 mai 2008 19:57

    Scanning for 1248213 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: NOM-86D0CDC22E1

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
    ANTIVIR2.VDF : 7.0.3.197 1260032 Bytes 22/04/2008 20:16:31
    ANTIVIR3.VDF : 7.0.3.243 276992 Bytes 02/05/2008 17:24:01
    Engineversion : 8.1.0.37
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.28 233851 Bytes 01/05/2008 08:04:27
    AESCN.DLL : 8.1.0.15 119157 Bytes 01/05/2008 08:04:26
    AERDL.DLL : 8.1.0.20 418165 Bytes 29/04/2008 20:16:38
    AEPACK.DLL : 8.1.1.4 364918 Bytes 29/04/2008 20:16:37
    AEOFFICE.DLL : 8.1.0.18 192890 Bytes 29/04/2008 20:16:36
    AEHEUR.DLL : 8.1.0.21 1196407 Bytes 01/05/2008 08:04:24
    AEHELP.DLL : 8.1.0.14 115063 Bytes 29/04/2008 20:16:34
    AEGEN.DLL : 8.1.0.18 299381 Bytes 29/04/2008 20:16:34
    AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:43
    AECORE.DLL : 8.1.0.27 168310 Bytes 29/04/2008 20:16:33
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:, E:, H:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: dimanche 4 mai 2008 19:57

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'jucheck.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'X10nets.exe' - '1' Module(s) have been scanned
    Scan process 'BlueSoleil VoIP Plugin.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
    Scan process 'wanmpsvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SiSWLSvc.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'BTNtService.exe' - '1' Module(s) have been scanned
    Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'HTunesExplorerWireless.exe' - '1' Module(s) have been scanned
    Scan process 'BlueSoleil.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'pspVideo9.exe' - '1' Module(s) have been scanned
    Scan process 'issch.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'PCMService.exe' - '1' Module(s) have been scanned
    Scan process 'mHotkey.exe' - '1' Module(s) have been scanned
    Scan process 'Dit.exe' - '1' Module(s) have been scanned
    Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    44 processes with 44 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD4
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD5
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!
    Boot sector 'E:\'
    [INFO] No virus was found!
    Boot sector 'H:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '41' files ).


    Starting the file scan:

    Begin scan in 'C:\' <BOOT>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\upload_moi_NOM-86D0CDC22E1.tar.gz
    [0] Archive type: GZ
    --> upload_moi.tar
    [1] Archive type: TAR (tape archiver)
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/007_Google_PageRank
    [2] Archive type: ZIP
    --> 007_Google_PageRank_Checker_1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/3D_Decks_for_Everyo
    [2] Archive type: ZIP
    --> 3D_Decks_for_Everyone_2.0.003_(KeyGen).exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/4t_Calendar_Reminde
    [2] Archive type: ZIP
    --> 4t_Calendar_Reminder_MP3_2.21.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/9L0-611_Practice_Ex
    [2] Archive type: ZIP
    --> 9L0-611_Practice_Exam_Testing_Engine_Software_1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Accio_French-Englis
    [2] Archive type: ZIP
    --> Accio_French-English_Dictionary_(Mac)_1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Adarian_Money_3.8_(
    [2] Archive type: ZIP
    --> Adarian_Money_3.8_(Cracked).exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Ads_Filter_1.1.0.33
    [2] Archive type: ZIP
    --> Ads_Filter_1.1.0.33_(Patch).exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Allok_WMV_to_AVI_MP
    [2] Archive type: ZIP
    --> Allok_WMV_to_AVI_MPEG_DVD_WMV_Converter_3.2.0807_(Cracked).exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/AL_Pictures_Slidesh
    [2] Archive type: ZIP
    --> AL_Pictures_Slideshow_Studio_3.1_[KeyGen].exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Amazing_Desktop_2.0
    [2] Archive type: ZIP
    --> Amazing_Desktop_2.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/APassword_1.01_[Ser
    [2] Archive type: ZIP
    --> APassword_1.01_[Serial].exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Aplus_DVD_to_iPod_R
    [2] Archive type: ZIP
    --> Aplus_DVD_to_iPod_Ripper_8.28_[Cracked].exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Application_Acceler
    [2] Archive type: ZIP
    --> Application_Accelerator_1.7.1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/ArcaMania_2_2.0.zip
    [2] Archive type: ZIP
    --> ArcaMania_2_2.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Asian_Castle_Jigsaw
    [2] Archive type: ZIP
    --> Asian_Castle_Jigsaw_Puzzle_1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/AT_Screen_Thief_3.9
    [2] Archive type: ZIP
    --> AT_Screen_Thief_3.9.7_Cracked.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/avg-AntiSpyware-7.5
    [2] Archive type: ZIP
    --> avg-AntiSpyware-7.5.0.47(Full).by.miguelork&optimus.EDA.Team.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/AV_Voice_Changer_So
    [2] Archive type: ZIP
    --> AV_Voice_Changer_Software_Gold_Edition_6.0.10.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Backup-2006_Studio_
    [2] Archive type: ZIP
    --> Backup-2006_Studio_5.1.5.229.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/BBCNews_toolbar_for
    [2] Archive type: ZIP
    --> BBCNews_toolbar_for_Firefox_1.0.1.30.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/bitdefender.antivir
    [2] Archive type: ZIP
    --> bitdefender.antivirus.10.working.crack!!!.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Blog_Blaster_1.4.zi
    [2] Archive type: ZIP
    --> Blog_Blaster_1.4.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Brave_Plane_2.zip.v
    [2] Archive type: ZIP
    --> Brave_Plane_2.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/CalendarCan_2.4.zip
    [2] Archive type: ZIP
    --> CalendarCan_2.4.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Central_Library_Tri
    [2] Archive type: ZIP
    --> Central_Library_Trial_Edition_R1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/CocoaBench_1.2.2.zi
    [2] Archive type: ZIP
    --> CocoaBench_1.2.2.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/ComediClientServer_
    [2] Archive type: ZIP
    --> ComediClientServer_1.1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Command_&_Conquer_R
    [2] Archive type: ZIP
    --> Command_&_Conquer_Renegade_-_54th_Wildcards_model.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Contruction_Master_
    [2] Archive type: ZIP
    --> Contruction_Master_Pro_3.0.105.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Convert_Access_MDE_
    [2] Archive type: ZIP
    --> Convert_Access_MDE_1.1_[KeyGen].exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/CPUlight_1.0.44.9.z
    [2] Archive type: ZIP
    --> CPUlight_1.0.44.9.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Cubic_Inch_Converte
    [2] Archive type: ZIP
    --> Cubic_Inch_Converter_.a.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Cute_Album_2.zip.vi
    [2] Archive type: ZIP
    --> Cute_Album_2.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Delete_Duplicates_f
    [2] Archive type: ZIP
    --> Delete_Duplicates_for_Outlook_3.5.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/DesktopCoral_1.00.0
    [2] Archive type: ZIP
    --> DesktopCoral_1.00.07.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/DirectX_Toolkit_1.0
    [2] Archive type: ZIP
    --> DirectX_Toolkit_1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/DJ_Music_Mixer_1.8.
    [2] Archive type: ZIP
    --> DJ_Music_Mixer_1.8.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/DockSwap_2.1.zip.vi
    [2] Archive type: ZIP
    --> DockSwap_2.1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/docUment_1.03.zip.v
    [2] Archive type: ZIP
    --> docUment_1.03.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/DVDFab_Gold_3.1.6.2
    [2] Archive type: ZIP
    --> DVDFab_Gold_3.1.6.2_(Crack).exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Easyscreen_Screen_C
    [2] Archive type: ZIP
    --> Easyscreen_Screen_Capture_3.76_(Cracked).exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/EMF_Parser_1.0.2006
    [2] Archive type: ZIP
    --> EMF_Parser_1.0.20060727_(Patch).exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Erotic_Pics_Screens
    [2] Archive type: ZIP
    --> Erotic_Pics_Screensaver_1.00.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Excel_Import_Multip
    [2] Archive type: ZIP
    --> Excel_Import_Multiple_Access_Tables_Software_7.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/FLIP_Flash_Photo_Al
    [2] Archive type: ZIP
    --> FLIP_Flash_Photo_Album_Free_1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Floppy_Disk_Checker
    [2] Archive type: ZIP
    --> Floppy_Disk_Checker_1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Friday_Night_3D_Dar
    [2] Archive type: ZIP
    --> Friday_Night_3D_Darts_1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Gradebook_Power_8.0
    [2] Archive type: ZIP
    --> Gradebook_Power_8.01.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Guico_Word_of_the_D
    [2] Archive type: ZIP
    --> Guico_Word_of_the_Day_3.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Heart_of_Midlothian
    [2] Archive type: ZIP
    --> Heart_of_Midlothian_FC_RSS_Feed_1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Hellhog_XP_1.52.zip
    [2] Archive type: ZIP
    --> Hellhog_XP_1.52.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/HexBrowser_1.4_buil
    [2] Archive type: ZIP
    --> HexBrowser_1.4_build_62.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Hex_Toolbox_2.10_(S
    [2] Archive type: ZIP
    --> Hex_Toolbox_2.10_(Serial).exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Hit_Inspector_4.1_(
    [2] Archive type: ZIP
    --> Hit_Inspector_4.1_(Patch).exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/HTMLPack_2.5_build_
    [2] Archive type: ZIP
    --> HTMLPack_2.5_build_630.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/i5_iSeries_LPAR_Tec
    [2] Archive type: ZIP
    --> i5_iSeries_LPAR_Technical_Solutions_V5R3_Practice_Exam_Questions_1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Ideal_Body_Weight_C
    [2] Archive type: ZIP
    --> Ideal_Body_Weight_Calculator_1.0_Serial.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Idea_Magic_5.3.1_(K
    [2] Archive type: ZIP
    --> Idea_Magic_5.3.1_(KeyGen).exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/IPConvert_1.zip.vir
    [2] Archive type: ZIP
    --> IPConvert_1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Kaleider_4.zip.vir
    [2] Archive type: ZIP
    --> Kaleider_4.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Kaspersky.Anti-Viru
    [2] Archive type: ZIP
    --> Kaspersky.Anti-Virus.V.6.0.0.299.Final.-.Keys.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Kayala_EasyBackup_2
    [2] Archive type: ZIP
    --> Kayala_EasyBackup_2.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/KeyPress_1.zip.vir
    [2] Archive type: ZIP
    --> KeyPress_1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Kinati_MiniBQM_PC_P
    [2] Archive type: ZIP
    --> Kinati_MiniBQM_PC_Personality_Backup_and_Transfer_2.4.71.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Leaktest_1.2_(Crack
    [2] Archive type: ZIP
    --> Leaktest_1.2_(Crack).exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/LingvoSoft_Suite_20
    [2] Archive type: ZIP
    --> LingvoSoft_Suite_2007_English_-_Croatian_2.0.23_(Key+Serial).exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/LiveSync_1.2.zip.vi
    [2] Archive type: ZIP
    --> LiveSync_1.2.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Macrium_Reflect_3.0
    [2] Archive type: ZIP
    --> Macrium_Reflect_3.0.1726.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/MAPILab_NNTP_for_Ou
    [2] Archive type: ZIP
    --> MAPILab_NNTP_for_Outlook_1.50.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Math_Flash_3.7.zip.
    [2] Archive type: ZIP
    --> Math_Flash_3.7.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/MB_Free_Expression_
    [2] Archive type: ZIP
    --> MB_Free_Expression_Number_1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/MF_Encryption_Pad_2
    [2] Archive type: ZIP
    --> MF_Encryption_Pad_2.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/MHX_Homework_Helper
    [2] Archive type: ZIP
    --> MHX_Homework_Helper_1.1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Panzer_General_II_d
    [2] Archive type: ZIP
    --> Panzer_General_II_demo.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Penpower_for_Palm_2
    [2] Archive type: ZIP
    --> Penpower_for_Palm_2.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Personalised_Letter
    [2] Archive type: ZIP
    --> Personalised_Letters_2006_1.1.0.2.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Pharaoh's_Arrows_1.
    [2] Archive type: ZIP
    --> Pharaoh's_Arrows_1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/phoneCoder_1.0.zip.
    [2] Archive type: ZIP
    --> phoneCoder_1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/PHP_Designer_2007_5
    [2] Archive type: ZIP
    --> PHP_Designer_2007_5.4_[Crack].exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/PiaNotes_1.1.zip.vi
    [2] Archive type: ZIP
    --> PiaNotes_1.1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Plumeria_Image_Sort
    [2] Archive type: ZIP
    --> Plumeria_Image_Sorter_1.0.5.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/PPRecorder_1.7.zip.
    [2] Archive type: ZIP
    --> PPRecorder_1.7.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Print_Pilot_1.41.zi
    [2] Archive type: ZIP
    --> Print_Pilot_1.41.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Process_Them_1.2_(K
    [2] Archive type: ZIP
    --> Process_Them_1.2_(Key+Serial).exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Puppy_Toes_Dog_Reco
    [2] Archive type: ZIP
    --> Puppy_Toes_Dog_Records_3.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Puzzle_2.0.zip.vir
    [2] Archive type: ZIP
    --> Puzzle_2.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Quesa_Wrappers_0.6.
    [2] Archive type: ZIP
    --> Quesa_Wrappers_0.6.2f.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/QuickWallet_Bundle_
    [2] Archive type: ZIP
    --> QuickWallet_Bundle_2.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/ReadOnly_2.0_(Key+S
    [2] Archive type: ZIP
    --> ReadOnly_2.0_(Key+Serial).exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Recover_My_iPod_1.6
    [2] Archive type: ZIP
    --> Recover_My_iPod_1.64.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Remove_about_blank_
    [2] Archive type: ZIP
    --> Remove_about_blank_Buddy_4.89.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/ResScope_1.9.6.zip.
    [2] Archive type: ZIP
    --> ResScope_1.9.6.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/RoboGuilt_1.1.zip.v
    [2] Archive type: ZIP
    --> RoboGuilt_1.1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Rooming'it_2.0_Buil
    [2] Archive type: ZIP
    --> Rooming'it_2.0_Build_226_(Patch).exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/RS232_Stealth_Monit
    [2] Archive type: ZIP
    --> RS232_Stealth_Monitor_1.0_Serial.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/SearchTruth_Firefox
    [2] Archive type: ZIP
    --> SearchTruth_Firefox_Toolbar_for_Quran_and_Hadith_1.2.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/SetPwd_1.5.0.zip.vi
    [2] Archive type: ZIP
    --> SetPwd_1.5.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/SHARM_2.2_(With_Cra
    [2] Archive type: ZIP
    --> SHARM_2.2_(With_Crack).exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/ShowIP_0.8.05.zip.v
    [2] Archive type: ZIP
    --> ShowIP_0.8.05.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/SpeechHelper_Intona
    [2] Archive type: ZIP
    --> SpeechHelper_Intonation_Training_1.1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/SpyCatcher_Express_
    [2] Archive type: ZIP
    --> SpyCatcher_Express_4.5.2_Build_48.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Srego_CE_ToolPack_A
    [2] Archive type: ZIP
    --> Srego_CE_ToolPack_ActiveX_Control_1.0.0.57_Key+Serial.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Stunnix_Perl_Web_Se
    [2] Archive type: ZIP
    --> Stunnix_Perl_Web_Server_1.5_Cracked.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/SWF_Printer_1.10_Pa
    [2] Archive type: ZIP
    --> SWF_Printer_1.10_Patch.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Symantec.Antivirus.
    [2] Archive type: ZIP
    --> Symantec.Antivirus.Norton.Corporate.Edition.v10.+.Crack.&.Infos.2006.fr.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/SysImage_HTML2Image
    [2] Archive type: ZIP
    --> SysImage_HTML2Image_1.5.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/SysTrayMeter_0.2.5.
    [2] Archive type: ZIP
    --> SysTrayMeter_0.2.5.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/taskXpress_2005_bui
    [2] Archive type: ZIP
    --> taskXpress_2005_build_2151_[Crack].exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Teratrax_Performanc
    [2] Archive type: ZIP
    --> Teratrax_Performance_Monitor_3.0.1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Test_Constructor_2.
    [2] Archive type: ZIP
    --> Test_Constructor_2.5.4_(Cracked).exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/The_Air_Balls_Scree
    [2] Archive type: ZIP
    --> The_Air_Balls_Screensaver_1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/The_Core_Media_Play
    [2] Archive type: ZIP
    --> The_Core_Media_Player_4.11.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Tray_DB_1.2.1.zip.v
    [2] Archive type: ZIP
    --> Tray_DB_1.2.1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Tuesday_Girl_1.0.zi
    [2] Archive type: ZIP
    --> Tuesday_Girl_1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/uCertify_-_Security
    [2] Archive type: ZIP
    --> uCertify_-_Security+_Practice_Test_for_Exam_SY0-101_-_253+_Questions_8.00.05.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/UltraBrowser_9.022.
    [2] Archive type: ZIP
    --> UltraBrowser_9.022.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Unreal_Tournament_2
    [2] Archive type: ZIP
    --> Unreal_Tournament_2003_-_Life_Sentence_v2_deathmatch_map.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/VaBeach_Boardwalk_C
    [2] Archive type: ZIP
    --> VaBeach_Boardwalk_Cam_2.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/VB_&_VBA_Code_Print
    [2] Archive type: ZIP
    --> VB_&_VBA_Code_Printer_2.1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/VisualKii_Easy_1.0.
    [2] Archive type: ZIP
    --> VisualKii_Easy_1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/WB_Wandering_Horse_
    [2] Archive type: ZIP
    --> WB_Wandering_Horse_2.1_[Key+Serial].exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/webGobbler_1.2.6.zi
    [2] Archive type: ZIP
    --> webGobbler_1.2.6.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Whaddayagot_Pro_200
    [2] Archive type: ZIP
    --> Whaddayagot_Pro_2003.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Wimbledon_Screensav
    [2] Archive type: ZIP
    --> Wimbledon_Screensaver.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/WindowFX_3.0_[Key+S
    [2] Archive type: ZIP
    --> WindowFX_3.0_[Key+Serial].exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Windows_Kill_Tasks_
    [2] Archive type: ZIP
    --> Windows_Kill_Tasks_1.0.0.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/Windows_Partition_D
    [2] Archive type: ZIP
    --> Windows_Partition_Data_Recovery_Software_2.0.1.5.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/XML_Quik_Builder_1.
    [2] Archive type: ZIP
    --> XML_Quik_Builder_1.6.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/Documents and Settings/CHRISTOPHE/Application Data/m/shared/yourLive_1.1.1.3.zi
    [2] Archive type: ZIP
    --> yourLive_1.1.1.3.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    --> qoobox/Quarantine/C/WINDOWS/Fonts/a.zip.vir
    [2] Archive type: ZIP
    --> Setup.exe
    [DETECTION] Is the Trojan horse TR/Agent.VB.AQC
    --> qoobox/Quarantine/C/WINDOWS/Fonts/Setup.exe.vir
    [DETECTION] Is the Trojan horse TR/Agent.VB.AQC
    --> qoobox/Quarantine/C/WINDOWS/Fonts/svchost.exe.vir
    [DETECTION] Is the Trojan horse TR/Agent.VB.AQC
    --> qoobox/Quarantine/C/WINDOWS/Q0hSSVNUT1BIRQ/command.exe.vir
    [DETECTION] Is the Trojan horse TR/Spy.Banbra.df.199
    --> qoobox/Quarantine/C/WINDOWS/system32/1.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/akauehkx.dll.vir
    [DETECTION] Is the Trojan horse TR/Agent.3648.1
    --> qoobox/Quarantine/C/WINDOWS/system32/aqVreo18/aqVreo182328.exe.vir
    [DETECTION] Is the Trojan horse TR/Dldr.VB.dht
    --> qoobox/Quarantine/C/WINDOWS/system32/bdhnewqd.dll.vir
    [DETECTION] Is the Trojan horse TR/PCK.Monder.87616
    --> qoobox/Quarantine/C/WINDOWS/system32/bfurksib.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/bharebio18/bharebio182328.exe.vir
    [DETECTION] Is the Trojan horse TR/Dldr.VB.dsk
    --> qoobox/Quarantine/C/WINDOWS/system32/carvwibq.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/cbXRKDVp.dll.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/ddcYrPFy.dll.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/100156.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/101046.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/104453.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/107875.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/109796.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/111109.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/111437.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/111609.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/112671.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/114328.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/115296.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/115546.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/119593.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/120734.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/121562.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/124484.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/124765.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/125421.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/126453.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/132937.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/133875.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/139281.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/141250.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/142187.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/14617234.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/14644359.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/14648968.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/14656421.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/14657390.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/14678921.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/150359.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/151781.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/159812.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/16064968.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/16108484.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/16117218.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/163968.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/16496953.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/165046.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/171937.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/179375.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/198890.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/199859.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/210375.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/241812.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/2788921.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/29204218.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/32026265.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/32034421.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/32466375.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/364406.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/407562.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/43719093.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/43722812.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/43731078.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/47841984.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/47844375.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/47849531.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/58253328.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/58256875.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/602671.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/627125.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/631453.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/63689250.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/63692171.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/662250.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/714625.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/72780203.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/72829281.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/86921.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/down/89500.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/drivers/hldrrr.exe.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/emuhfigj.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/erachava.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/hrhknoye.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/iieppaoo.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/jrmtfomb.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/kqsekyhj.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/lccjanpw.dll.vir
    [DETECTION] Is the Trojan horse TR/Agent.3648.1
    --> qoobox/Quarantine/C/WINDOWS/system32/ltvhqqkx.dll.vir
    [DETECTION] Is the Trojan horse TR/Agent.3648.1
    --> qoobox/Quarantine/C/WINDOWS/system32/mdelk.exe.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/mlJAqpmj.dll.vir
    [DETECTION] Is the Trojan horse TR/Agent.37888
    --> qoobox/Quarantine/C/WINDOWS/system32/msgmkois.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/msxwrxcu.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/oujgqflg.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/pmnmmJca.dll.vir
    [DETECTION] Is the Trojan horse TR/Agent.37888
    --> qoobox/Quarantine/C/WINDOWS/system32/pnkpicmd.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/rqRLCRIA.dll.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/tyjyclrm.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/vidglloq.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/vtsqp.dll.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    --> qoobox/Quarantine/C/WINDOWS/system32/wintems.exe.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    --> qoobox/Quarantine/C/WINDOWS/tk58.exe.vir
    [DETECTION] Is the Trojan horse TR/BHO.AB.4
    --> qoobox/Quarantine/catchme2008-04-20_211758,31.zip
    [2] Archive type: ZIP
    --> srosa.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    --> vtsqp.dll
    [DETECTION] Is the Trojan horse TR/Vundo.AG
    --> wintems.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> mdelk.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> hldrrr.exe
    [DETECTION] Is the Trojan horse TR/Killav.NX.1
    [NOTE] The file was deleted!
    C:\Documents and Settings\CHRISTOPHE\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.17202
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\CHRISTOPHE\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.38674
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\CHRISTOPHE\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.61096
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\CHRISTOPHE\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.92158
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\CHRISTOPHE\Bureau\MSNFix\MSNFix\2008-04-21_194037.93.zip
    [0] Archive type: ZIP
    --> backup/b138.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.22016.4
    --> backup/lsass.exe
    [DETECTION] Contains detection pattern of the dropper DR/IRCBot.ABUF
    --> backup/mrofinu1000106.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/mrofinu1188.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/mrofinu1188.exe.tmp
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\CHRISTOPHE\Bureau\MSNFix\MSNFix\2008-04-21_194037.93\backup\lsass.exe
    [DETECTION] Contains detection pattern of the dropper DR/IRCBot.ABUF
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\catchme2008-04-20_211758,31.zip
    [0] Archive type: ZIP
    --> srosa.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    --> vtsqp.dll
    [DETECTION] Is the Trojan horse TR/Vundo.AG
    --> wintems.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> mdelk.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> hldrrr.exe
    [DETECTION] Is the Trojan horse TR/Killav.NX.1
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\CHRISTOPHE\Application Data\m\shared\007_Google_PageRank_Checker_1.0.zip.vir
    [0] Archive type: ZIP
    --> 007_Google_PageRank_Checker_1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\CHRISTOPHE\Application Data\m\shared\3D_Decks_for_Everyone_2.0.003_(KeyGen).zip.vir
    [0] Archive type: ZIP
    --> 3D_Decks_for_Everyone_2.0.003_(KeyGen).exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\CHRISTOPHE\Application Data\m\shared\4t_Calendar_Reminder_MP3_2.21.zip.vir
    [0] Archive type: ZIP
    --> 4t_Calendar_Reminder_MP3_2.21.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\CHRISTOPHE\Application Data\m\shared\9L0-611_Practice_Exam_Testing_Engine_Software_1.0.zip.vir
    [0] Archive type: ZIP
    --> 9L0-611_Practice_Exam_Testing_Engine_Software_1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Accio_French-English_Dictionary_(Mac)_1.zip.vir
    [0] Archive type: ZIP
    --> Accio_French-English_Dictionary_(Mac)_1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Adarian_Money_3.8_(Cracked).zip.vir
    [0] Archive type: ZIP
    --> Adarian_Money_3.8_(Cracked).exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Ads_Filter_1.1.0.33_(Patch).zip.vir
    [0] Archive type: ZIP
    --> Ads_Filter_1.1.0.33_(Patch).exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Allok_WMV_to_AVI_MPEG_DVD_WMV_Converter_3.2.0807_(Cracked).zip.vir
    [0] Archive type: ZIP
    --> Allok_WMV_to_AVI_MPEG_DVD_WMV_Converter_3.2.0807_(Cracked).exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\CHRISTOPHE\Application Data\m\shared\AL_Pictures_Slideshow_Studio_3.1_[KeyGen].zip.vir
    [0] Archive type: ZIP
    --> AL_Pictures_Slideshow_Studio_3.1_[KeyGen].exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Amazing_Desktop_2.0.zip.vir
    [0] Archive type: ZIP
    --> Amazing_Desktop_2.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\CHRISTOPHE\Application Data\m\shared\APassword_1.01_[Serial].zip.vir
    [0] Archive type: ZIP
    --> APassword_1.01_[Serial].exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Aplus_DVD_to_iPod_Ripper_8.28_[Cracked].zip.vir
    [0] Archive type: ZIP
    --> Aplus_DVD_to_iPod_Ripper_8.28_[Cracked].exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Application_Accelerator_1.7.1.zip.vir
    [0] Archive type: ZIP
    --> Application_Accelerator_1.7.1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\CHRISTOPHE\Application Data\m\shared\ArcaMania_2_2.0.zip.vir
    [0] Archive type: ZIP
    --> ArcaMania_2_2.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Asian_Castle_Jigsaw_Puzzle_1.0.zip.vir
    [0] Archive type: ZIP
    --> Asian_Castle_Jigsaw_Puzzle_1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\CHRISTOPHE\Application Data\m\shared\AT_Screen_Thief_3.9.7_Cracked.zip.vir
    [0] Archive type: ZIP
    --> AT_Screen_Thief_3.9.7_Cracked.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\CHRISTOPHE\Application Data\m\shared\avg-AntiSpyware-7.5.0.47(Full).by.miguelork&optimus.EDA.Team.zip.vir
    [0] Archive type: ZIP
    --> avg-AntiSpyware-7.5.0.47(Full).by.miguelork&optimus.EDA.Team.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\CHRISTOPHE\Application Data\m\shared\AV_Voice_Changer_Software_Gold_Edition_6.0.10.zip.vir
    [0] Archive type: ZIP
    --> AV_Voice_Changer_Software_Gold_Edition_6.0.10.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Backup-2006_Studio_5.1.5.229.zip.vir
    [0] Archive type: ZIP
    --> Backup-2006_Studio_5.1.5.229.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\CHRISTOPHE\Application Data\m\shared\BBCNews_toolbar_for_Firefox_1.0.1.30.zip.vir
    [0] Archive type: ZIP
    --> BBCNews_toolbar_for_Firefox_1.0.1.30.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\CHRISTOPHE\Application Data\m\shared\bitdefender.antivirus.10.working.crack!!!.zip.vir
    [0] Archive type: ZIP
    --> bitdefender.antivirus.10.working.crack!!!.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Blog_Blaster_1.4.zip.vir
    [0] Archive type: ZIP
    --> Blog_Blaster_1.4.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Brave_Plane_2.zip.vir
    [0] Archive type: ZIP
    --> Brave_Plane_2.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\CHRISTOPHE\Application Data\m\shared\CalendarCan_2.4.zip.vir
    [0] Archive type: ZIP
    --> CalendarCan_2.4.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Central_Library_Trial_Edition_R1.zip.vir
    [0] Archive type: ZIP
    --> Central_Library_Trial_Edition_R1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\CHRISTOPHE\Application Data\m\shared\CocoaBench_1.2.2.zip.vir
    [0] Archive type: ZIP
    --> CocoaBench_1.2.2.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\CHRISTOPHE\Application Data\m\shared\ComediClientServer_1.1.zip.vir
    [0] Archive type: ZIP
    --> ComediClientServer_1.1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Command_&_Conquer_Renegade_-_54th_Wildcards_model.zip.vir
    [0] Archive type: ZIP
    --> Command_&_Conquer_Renegade_-_54th_Wildcards_model.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\CHRISTOPHE\Application Data\m\shared\Contruction_Master_Pro_3.0.105.zip.vir
    [0] Archive type: ZIP
    --> Contruction_Master_Pro_3.0.105.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NL
    [NOTE] The file was deleted!
    C
    5 Mai 2008 18:12:38

    Refais un scan Antivir, poste-le, on y verra plus clair :) 
    5 Mai 2008 19:59:51

    bonsoir .. voici le nouveau rapport antivir :


    Avira AntiVir Personal
    Report file date: lundi 5 mai 2008 19:13

    Scanning for 1248213 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: NOM-86D0CDC22E1

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
    ANTIVIR2.VDF : 7.0.3.197 1260032 Bytes 22/04/2008 20:16:31
    ANTIVIR3.VDF : 7.0.3.243 276992 Bytes 02/05/2008 17:24:01
    Engineversion : 8.1.0.37
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.28 233851 Bytes 01/05/2008 08:04:27
    AESCN.DLL : 8.1.0.15 119157 Bytes 01/05/2008 08:04:26
    AERDL.DLL : 8.1.0.20 418165 Bytes 29/04/2008 20:16:38
    AEPACK.DLL : 8.1.1.4 364918 Bytes 29/04/2008 20:16:37
    AEOFFICE.DLL : 8.1.0.18 192890 Bytes 29/04/2008 20:16:36
    AEHEUR.DLL : 8.1.0.21 1196407 Bytes 01/05/2008 08:04:24
    AEHELP.DLL : 8.1.0.14 115063 Bytes 29/04/2008 20:16:34
    AEGEN.DLL : 8.1.0.18 299381 Bytes 29/04/2008 20:16:34
    AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:43
    AECORE.DLL : 8.1.0.27 168310 Bytes 29/04/2008 20:16:33
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:, E:, H:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: lundi 5 mai 2008 19:13

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'X10nets.exe' - '1' Module(s) have been scanned
    Scan process 'BlueSoleil VoIP Plugin.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
    Scan process 'wanmpsvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SiSWLSvc.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'BTNtService.exe' - '1' Module(s) have been scanned
    Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'HTunesExplorerWireless.exe' - '1' Module(s) have been scanned
    Scan process 'BlueSoleil.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'pspVideo9.exe' - '1' Module(s) have been scanned
    Scan process 'issch.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'PCMService.exe' - '1' Module(s) have been scanned
    Scan process 'mHotkey.exe' - '1' Module(s) have been scanned
    Scan process 'Dit.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    44 processes with 44 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD4
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD5
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!
    Boot sector 'E:\'
    [INFO] No virus was found!
    Boot sector 'H:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '41' files ).


    Starting the file scan:

    Begin scan in 'C:\' <BOOT>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1091\A0149269.dll
    [DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
    [NOTE] The file was moved to '48504464.qua'!
    C:\System Volume Information\_restore{B9E2A72D-1A55-435B-94E6-503D13FAC150}\RP1091\A0149270.exe
    [DETECTION] Is the Trojan horse TR/Dldr.VB.dht.3
    [NOTE] The file was moved to '48504468.qua'!
    Begin scan in 'D:\' <BACKUP>
    Begin scan in 'E:\' <RECOVER>
    Begin scan in 'H:\' <OneTouch4>


    End of the scan: lundi 5 mai 2008 19:55
    Used time: 42:19 min

    The scan has been done completely.

    8368 Scanning directories
    265119 Files were scanned
    2 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    2 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    265117 Files not concerned
    7736 Archives were scanned
    6 Warnings
    2 Notes

    5 Mai 2008 20:44:55

    Reposte un HijackThis ;) 
    5 Mai 2008 20:54:08

    bonsoir .. et encore et toujours merci pour tout ...
    voici le rapport hikackthis
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:52:52, on 05/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\mHotkey.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\pspvideo9\pspVideo9.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\Hercules\Tunes Explorer\HTunesExplorerWireless.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/defaults/sb/ymsgr6/...*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\CHRISTOPHE\lsass.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    O4 - Global Startup: Tunes Explorer.lnk = C:\Program Files\Hercules\Tunes Explorer\HTunesExplorerWireless.exe
    O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/
    O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
    O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version7/Applet/vchatsign.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.1.11/cfweb_a...
    O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://webmail.blm-technologies.fr/iNotes6W.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld....
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scann...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
    O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 10391 bytes
    5 Mai 2008 21:13:07

    Re,

    Relance HijackThis (clique droit -> lancer en tant qu'adminstrateur sous Vista), do a system scan only, coche ces lignes (si toujours présentes) :
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/i [...] earch.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\CHRISTOPHE\lsass.exe

    Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
    Puis Fix Checked !

    *******

    Si tu trouves C:\Documents and Settings\CHRISTOPHE\lsass.exe, supprime-le, puis reposte un Hij'ack'
    5 Mai 2008 21:30:46

    salut .. voici le tout dernier rapport hijackthis apres avoir effacé les lignes demandées.. merci encore et toujours
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:28:45, on 05/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\mHotkey.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\pspvideo9\pspVideo9.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\Hercules\Tunes Explorer\HTunesExplorerWireless.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    O4 - Global Startup: Tunes Explorer.lnk = C:\Program Files\Hercules\Tunes Explorer\HTunesExplorerWireless.exe
    O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/
    O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
    O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version7/Applet/vchatsign.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.1.11/cfweb_a...
    O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://webmail.blm-technologies.fr/iNotes6W.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld....
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scann...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
    O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 9012 bytes
    6 Mai 2008 07:01:27

    Le fichier à supprimer était présent ?
    Toujours des dysfonctionnements?
    6 Mai 2008 19:12:51

    bonsoir .. et encore et toujours merci merci .. vraiment c'etait super de m'aider ainsi et de sauver mon ordi.. alors le fichier a supprimer etait present dans la liste .. et apparement tout roule .. merci encore
    chris
    6 Mai 2008 22:00:31

    Re,

    Télécharge ToolsCleaner2( de A.Rothstein)

  • Installe le sur ton Bureau
  • Clique sur [Recherche] pour lancer le scan
  • Clique sur [Supprimer] pour nettoyer les outils utilisés
  • Clique sur [Quitter],
  • Poste ce rapport ~>C:\TCleaner.txt<~

  • Garde Ccleaner, Avg (ou MBAM) et AntiVir si nous les avons installés..
  • Désactive-réactive la restauration système
  • Rapporte ton infection sur Malware Complaints >Tuto<
  • Ton(tes) infection(s) : Bagle, Vundo
  • Si tu ne la trouves pas dans la liste, poste dans Autres infections,

  • Mets ton ordi correctement à jour >ici<
  • Si ce n'est pas fait, assure-toi que les Mises à jour Automatiques Windows soient activées !

    Puis regarde ces dossiers :

    - Sécurité/Prévention
    - Conséquences de la multi-protection
    - Toolbars : Inutilité et ralentissements

    Bonne journée/soirée :) 
    9 Mai 2008 19:46:22

    bonsoir .; voici le rapport tcleaner
    -->- Recherche:

    C:\SDFIX: trouvé !
    C:\Qoobox: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\SdFix.exe: trouvé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\HijackThis.lnk: trouvé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\Clean.zip: trouvé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\Msnfix.zip: trouvé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\ComboFix.exe: trouvé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\HJTInstall.exe: trouvé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\MsnFix: trouvé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\clean\clean\tar.exe: trouvé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\clean\clean\remove.reg: trouvé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\clean\clean\pskill.exe: trouvé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\clean\clean\LFiles.exe: trouvé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\clean\clean\gzip.exe: trouvé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\clean\clean\delsiri.cmd: trouvé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\clean\clean\delr.cmd: trouvé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\clean\clean\del3.cmd: trouvé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\clean\clean\del2.cmd: trouvé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\clean\clean\clean.cmd: trouvé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\clean\clean\cherche.cmd: trouvé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\MSNFix\MsnFix: trouvé !
    C:\Documents and Settings\CHRISTOPHE\Mes documents\divers\telecharg logici\HJTInstall.exe: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\SdFix.exe: supprimé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\HijackThis.lnk: supprimé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\Clean.zip: supprimé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\Msnfix.zip: supprimé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\ComboFix.exe: supprimé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\HJTInstall.exe: supprimé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\clean\clean\tar.exe: supprimé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\clean\clean\remove.reg: supprimé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\clean\clean\pskill.exe: supprimé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\clean\clean\LFiles.exe: supprimé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\clean\clean\gzip.exe: supprimé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\clean\clean\delsiri.cmd: supprimé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\clean\clean\delr.cmd: supprimé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\clean\clean\del3.cmd: supprimé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\clean\clean\del2.cmd: supprimé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\clean\clean\clean.cmd: supprimé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\clean\clean\cherche.cmd: supprimé !
    C:\Documents and Settings\CHRISTOPHE\Mes documents\divers\telecharg logici\HJTInstall.exe: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\SDFIX: supprimé !
    C:\Qoobox: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
    C:\Documents and Settings\CHRISTOPHE\Bureau\MsnFix: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !
        • 1 / 2
        • 2
        • Dernier
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS