Infection Analyse fichier Hijack

Bonjour piermor

Je te propose de t'aider à te débarrasser de ces soucis.

Il y aura peut-être un certain délai entre mes réponses.
Je suis en formation et ces réponses doivent être validées avant d'être postées.

Merci pour ta patience.

Bonjour Caliméro.

Voici le rapport de SDFix.

Je suis encore infecté. Je vais maintenant exécuter MalwareByte's Anti-Malware.


SDFix: Version 1.240
Run by arkema on 2009-03-14 at 09:19

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Rootkit Found :
C:\WINDOWS\system32\drivers\ATI7CBXX.sys - Rootkit Pandex/Cutwail - Protect.sys

Name :
ICF
tcpsr
ATI7CBXX

Path :
C:\WINDOWS\system32\svchost.exe:ext.exe
\??\C:\WINDOWS\System32\drivers\tcpsr.sys
System32\Drivers\ati7cbxx.sys

ICF - Deleted
tcpsr - Deleted
ATI7CBXX - Deleted



Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Service ATI7CBXX - Deleted after Reboot

Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\uzhwpktynwegkx.exe - Deleted
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\av2008xp.exe - Deleted
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080807215109037.log - Deleted
C:\WINDOWS\system32\rs32net.exe - Deleted
C:\WINDOWS\SYSTEM32\TDSSWEAT.dat - Deleted
C:\WINDOWS\SYSTEM32\TDSSQRWN.log - Deleted
C:\WINDOWS\system32\drivers\ATI7CBXX.sys - Deleted



Folder C:\Documents and Settings\All Users\Application Data\SoftLand Ltd - Removed
Folder C:\Program Files\AV9 - Removed


Removing Temp Files

ADS Check :


C:\WINDOWS\system32\svchost.exe
: ADS Found!
svchost.exe: deleted 32768 bytes in 1 streams.

Checking for remaining Streams

C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-14 10:12:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:47,31,1d,36,80,92,72,ce,4d,d0,68,94,bd,71,ce,55,81,cd,43,3c,16,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,c0,78,10,9e,f1,90,8e,96,b0,70,91,52,54,5f,40,a8,16,..
"khjeh"=hex:32,51,61,26,b8,9b,d1,15,b5,7a,fa,ce,cd,87,b4,30,e8,ad,e2,eb,74,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:18,0e,d3,0d,bf,c1,98,c7,c0,c4,53,c4,0c,e9,38,b6,c4,60,f0,be,c7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ec,f8,22,64,4b,49,af,9a,d8,4d,c1,0f,b0,19,90,2f,03,9e,6b,50,b0,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:f0,9d,7b,cb,3e,27,9d,3f,04,4a,dd,41,9b,2c,9b,88,b7,7f,03,57,40,..
"a0"=hex:20,01,00,00,29,33,eb,59,27,c8,ff,2d,81,de,6e,a0,97,93,db,10,1f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e2,27,f3,10,60,2d,2b,b7,18,e5,c7,a7,ca,61,17,24,60,97,df,1e,8e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:47,31,1d,36,80,92,72,ce,4d,d0,68,94,bd,71,ce,55,81,cd,43,3c,16,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,c0,78,10,9e,f1,90,8e,96,b0,70,91,52,54,5f,40,a8,16,..
"khjeh"=hex:32,51,61,26,b8,9b,d1,15,b5,7a,fa,ce,cd,87,b4,30,e8,ad,e2,eb,74,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:18,0e,d3,0d,bf,c1,98,c7,c0,c4,53,c4,0c,e9,38,b6,c4,60,f0,be,c7,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Electronic Arts\\Sports Car GT\\Spcar.exe"="C:\\Program Files\\Electronic Arts\\Sports Car GT\\Spcar.exe:*:Enabled:Sports Car GT"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\EA SPORTS\\NASCAR Thunder TM 2004\\NASCAR_Thunder_2004.exe"="C:\\Program Files\\EA SPORTS\\NASCAR Thunder TM 2004\\NASCAR_Thunder_2004.exe:*isabled:NASCAR Thunder TM 2004"
"C:\\Program Files\\NASCAR Racing 2005 Season\\NR2005.exe"="C:\\Program Files\\NASCAR Racing 2005 Season\\NR2005.exe:*isabled:NASCAR Racing 2005 Season"
"C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"="C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe:*:Enabled:winvnc4"
"C:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"="C:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe:*:Enabled:VNC Viewer Free Edition for Win32"
"C:\\Program Files\\IBM\\Lotus\\Notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.j2se.win32.x86_1.5.0.SR4-200707311521\\jre\\bin\\notes2w.exe"="C:\\Program Files\\IBM\\Lotus\\Notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.j2se.win32.x86_1.5.0.SR4-200707311521\\jre\\bin\\notes2w.exe:*:Enabled:Lotus Notes"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Microsoft Games\\Motocross Madness 2\\MCM2.ICD"="C:\\Program Files\\Microsoft Games\\Motocross Madness 2\\MCM2.ICD:*:Enabled:Microsoft® Motocross Madness 2"
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"="C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\\Nexon\\Combat Arms\\NMService.exe"="C:\\Nexon\\Combat Arms\\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:EnablednkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:EnablednkBstrB"
"C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"="C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"="C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"C:\\Program Files\\EA SPORTS\\NBA Live 2003\\nba2003.exe"="C:\\Program Files\\EA SPORTS\\NBA Live 2003\\nba2003.exe:*:Enabled:NBA Live 2003"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SH. --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 23 Oct 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 9 Dec 1999 1,112,576 A..H. --- "C:\Program Files\eGames\Mini Golf Special Edition\WCSUP.DLL"
Wed 12 Jan 2000 69,632 A..H. --- "C:\Program Files\eGames\Superball Challenge Special Edition\WCSUP.DLL"
Mon 8 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 27 Sep 2008 3,290,112 ...H. --- "C:\Documents and Settings\arkema\Mes documents\Xavier\secondaire\~WRL0386.tmp"
Thu 25 Sep 2008 357,376 ...H. --- "C:\Documents and Settings\arkema\Mes documents\Xavier\secondaire\~WRL0737.tmp"
Mon 2 Feb 2009 3,272,192 ...H. --- "C:\Documents and Settings\arkema\Mes documents\Xavier\secondaire\~WRL1571.tmp"
Tue 17 Feb 2009 4,536,320 ...H. --- "C:\Documents and Settings\arkema\Mes documents\Xavier\secondaire\~WRL1649.tmp"
Thu 25 Sep 2008 2,217,984 ...H. --- "C:\Documents and Settings\arkema\Mes documents\Xavier\secondaire\~WRL1959.tmp"
Tue 17 Feb 2009 3,601,408 ...H. --- "C:\Documents and Settings\arkema\Mes documents\Xavier\secondaire\~WRL2557.tmp"
Thu 25 Sep 2008 2,221,568 ...H. --- "C:\Documents and Settings\arkema\Mes documents\Xavier\secondaire\~WRL2702.tmp"
Tue 17 Feb 2009 3,602,944 ...H. --- "C:\Documents and Settings\arkema\Mes documents\Xavier\secondaire\~WRL2848.tmp"
Tue 17 Feb 2009 3,604,992 ...H. --- "C:\Documents and Settings\arkema\Mes documents\Xavier\secondaire\~WRL3115.tmp"
Tue 23 Sep 2008 189,440 ...H. --- "C:\Documents and Settings\arkema\Mes documents\Xavier\secondaire\~WRL3670.tmp"

Finished!

Merci Caliméro.

COmme il s'agit du PC de mes enfants je n'ai pas de problème avec le keylogger.

Vous trouverez ci-joint le fichier d'analyse de MalwareByte's Anti-Malware.
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1851
Windows 5.1.2600 Service Pack 3

2009-03-14 13:08:23
mbam-log-2009-03-14 (13-08-23).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 268825
Temps écoulé: 1 hour(s), 21 minute(s), 0 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 17

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\omvlqnf.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3732edf4-f591-4abf-a3d3-43d17d205544} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ogplwipo (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3732edf4-f591-4abf-a3d3-43d17d205544} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84483594-190c-48a1-8c9d-6ae24dc988d3} (Trojan.Downloader) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{84483594-190c-48a1-8c9d-6ae24dc988d3} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84483594-190c-48a1-8c9d-6ae24dc988d3} (Trojan.Downloader) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rkbylatr (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\rkbylatr (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rkbylatr (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3732edf4-f591-4abf-a3d3-43d17d205544} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0053836 (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\stahiseriyovuzik (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bqosuy (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digeste.dll -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\WINDOWS\system32\omvlqnf.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ILJNOEWE\nyfa32[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WLAJS9AV\nyfa32[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\btpanu.dll (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\jsnyim32.dll (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpv901236700842.cpx (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wtgdqpb.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090202224951953.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\Ukamogiceyiqama.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\ovowagurinazob.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpv461235998315.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\digeste.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0071EFA.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00A8989.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSxekj.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSpcuu.sys (Rootkit.Agent) -> Quarantined and deleted successf

Bonjour Caliméro.

J'ai terminé toutes les manoeuvres mais mon ordinateur est encore infecté car je ne suis pas capable d'activer mon logiciel Antivirus Symantec.

Tiens moi au courant des prochaines étapes.

Merci.

Bonjour à toi.

Voici le rapport de Combofix

ComboFix 09-03-15.01 - arkema 2009-03-15 20:16:44.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1364 [GMT -4:00]
Lancé depuis: c:\documents and settings\arkema\Bureau\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\DinerDash.1.0.0.80
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\customer_cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\heart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_down.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\plates.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\ticket.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\tray.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_bring_check_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_diner.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_food_ready_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_gain_heart_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pencil_write_2.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_rollover_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_seat_people_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\choosedifficulty.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\credits.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_lose.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_win.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help1.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help2.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\highscores.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradegrid.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradetitle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upsell.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalk.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalkup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancel.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancelup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\close.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\closeup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continueover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplay.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplayover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfoup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pause.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pauseover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgame.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgameover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegame.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegameover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submitup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagain.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagainover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobal.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobalup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscoreon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocal.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocalup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\comics\webcomic.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\career.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\customer.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\endless.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\global.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\powerups.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\stove.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\arrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\grab.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\open.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\arial.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\komikaaxis.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdown.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdownon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowleft.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowlefton.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowright.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowrighton.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowupon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\textedit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\title.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fifth_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\first_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fourth_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\second_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\playfirst_logo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\background.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\frames\upgrade_0001.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\upgrades.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\tableshadow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\choosedifficulty.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooseplayer.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooserestaurant.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\credits.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\game.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\gothighscore.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help2.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscore.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelintro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelover.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\loading.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainloop.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainmenu.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\style.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\tutorialintro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upgrade.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\webcomic.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\gamelabsplash.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\strings.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\check.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\checkmark.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\clock.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closed.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closingtime.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\dollar.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\coffee.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\tables.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\wallpaper.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expert.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expertscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\fork_timer.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\goalcompleted.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level_career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\score.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\sound.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staroff.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staron.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumberup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\traynumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorial_character.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialarrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialbox.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\drinks.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\maitred.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\oven.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\select.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\shoes.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\stereo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\table.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\dinerdash.exe
c:\windows\system32\ban_list.txt
c:\windows\system32\tmp.reg
c:\windows\system32\omvlqnf.dll . . . . impossible à supprimer

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RKBYLATR
-------\Service_rkbylatr


((((((((((((((((((((((((((((( Fichiers créés du 2009-02-16 au 2009-03-16 ))))))))))))))))))))))))))))))))))))
.

2009-03-15 13:38 . 2009-03-15 13:38 <REP> d-------- c:\documents and settings\arkema\Application Data\wfvhrssu
2009-03-14 11:40 . 2009-03-14 11:40 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-14 11:40 . 2009-03-14 11:40 <REP> d-------- c:\documents and settings\arkema\Application Data\Malwarebytes
2009-03-14 11:40 . 2009-03-14 11:40 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-14 11:40 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-14 11:40 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-14 11:36 . 2009-03-14 11:36 <REP> d-------- c:\documents and settings\NetworkService\Application Data\wfvhrssu
2009-03-14 09:18 . 2009-03-14 09:18 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-03-14 09:13 . 2009-03-14 09:14 <REP> d-------- c:\windows\ERUNT
2009-03-14 08:53 . 2009-03-14 10:16 <REP> d-------- C:\SDFix
2009-03-12 21:30 . 2008-04-13 22:33 96,256 --a------ c:\windows\system32\btpanu.dll
2009-03-07 16:20 . 2009-03-07 16:24 <REP> d-------- c:\documents and settings\arkema\Application Data\yoclient
2009-03-07 15:25 . 2009-03-07 15:25 <REP> d-------- c:\program files\Zylom Games
2009-03-07 15:25 . 2009-03-07 15:25 <REP> d-------- c:\documents and settings\All Users\Application Data\Zylom
2009-02-22 20:12 . 2009-02-22 20:12 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-22 19:42 . 2009-02-22 19:42 <REP> d-------- c:\program files\MSBuild
2009-02-22 19:42 . 2009-02-22 19:42 <REP> d-------- c:\program files\Microsoft Works
2009-02-22 19:41 . 2009-02-22 19:41 <REP> d-------- c:\program files\Microsoft.NET
2009-02-22 19:36 . 2009-02-22 19:36 <REP> d-------- c:\program files\Microsoft Visual Studio 8
2009-02-22 19:35 . 2009-03-10 03:00 <REP> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-22 19:30 . 2009-02-22 19:30 <REP> dr-h----- C:\MSOCache

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-13 22:00 --------- d-----w c:\program files\Norton Security Scan
2009-03-13 21:19 --------- d-----w c:\program files\Navilog1
2009-03-13 21:06 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-13 01:32 --------- d-----w c:\program files\Google
2009-03-13 01:27 --------- d-----w c:\program files\Symantec AntiVirus
2009-03-03 21:54 --------- d-----w c:\program files\Warcraft III
2009-02-27 14:52 --------- d-----w c:\program files\Microsoft Games
2009-02-23 00:12 --------- d-----w c:\program files\Java
2009-02-14 21:50 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-06 00:54 22,328 ----a-w c:\documents and settings\arkema\Application Data\PnkBstrK.sys
2008-10-06 17:01 24 ----a-w c:\documents and settings\arkema\jagex_runescape_preferences.dat
2007-08-15 22:29 47,360 ----a-w c:\documents and settings\arkema\Application Data\pcouffin.sys
2007-01-07 16:01 32 ----a-r c:\documents and settings\All Users\hash.dat
2008-12-19 01:45 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 01:45 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 01:45 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 01:45 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 01:45 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3732EDF4-F591-4ABF-A3D3-43D17D205544}]
2009-03-15 20:21 104960 --a------ c:\windows\system32\omvlqnf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84483594-190C-48A1-8C9D-6AE24DC988D3}]
2008-04-13 22:33 96256 --a------ c:\windows\system32\btpanu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-31 67128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="-" [X]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-22 136600]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"MaxtorOneTouch"="c:\program files\Maxtor\ManagerApp\Onetouch.exe" [2006-08-11 712704]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2006-08-11 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

c:\documents and settings\arkema\Menu D‚marrer\Programmes\D‚marrage\
PowerReg Scheduler.exe [2007-09-16 256000]
SpamPal.lnk - c:\program files\SpamPal\spampal.exe [2005-10-24 387616]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-01-08 221247]
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2007-01-16 102455]
D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-31 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-21 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 11:10 72208 c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\vio\dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1ksxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\EA SPORTS\\NASCAR Thunder TM 2004\\NASCAR_Thunder_2004.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"c:\\Program Files\\IBM\\Lotus\\Notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.j2se.win32.x86_1.5.0.SR4-200707311521\\jre\\bin\\notes2w.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Microsoft Games\\Motocross Madness 2\\MCM2.ICD"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\EA SPORTS\\NBA Live 2003\\nba2003.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:Azureus
"8217:TCP"= 8217:TCP:eMule

R0 xydxeuuo;xydxeuuo;c:\windows\system32\drivers\xydxeuuo.sys [2006-03-02 23424]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2007-01-08 6656]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-01-08 3712]
R2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [2007-01-08 28672]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-27 101936]
S0 ati1ksxx;ati1ksxx;c:\windows\system32\Drivers\ati1ksxx.sys --> c:\windows\system32\Drivers\ati1ksxx.sys [?]
S3 CEBDADTV;C&E DVB-T device;c:\windows\system32\DRIVERS\CEBDA150.sys --> c:\windows\system32\DRIVERS\CEBDA150.sys [?]
S3 iComp;Hauppauge WinTV PVR2 USB2 Encoder;c:\windows\system32\drivers\HCWUSB2.sys [2007-01-16 1458688]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ddc4b8f-bf7e-11dc-9282-0018e70af722}]
\Shell\AutoRun\command - g:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - g:\directx\dxsetup.exe
.
Contenu du dossier 'Tâches planifiées'

2009-03-13 c:\windows\Tasks\Norton Security Scan for arkema.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 05:18]

2009-03-15 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
Notify-__c0053836 - (no file)
SafeBoot-ati0qyxx.sys
SafeBoot-ati0yxxx.sys
SafeBoot-ati2fnxx.sys
SafeBoot-ati5nvxx.sys
SafeBoot-ati7rqxx.sys
SafeBoot-ati8baxx.sys


.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://www.freeworldgroup.com/games6/chocolatier/build/ChocolatierWeb.1.0.0.13.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://incredigamesfr.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab
FF - ProfilePath - c:\documents and settings\arkema\Application Data\Mozilla\Firefox\Profiles\7k6ivu6s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-15 20:21:57
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ccEvtMgr]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SNDSrvc]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SYMTDI]
"ImagePath"="-"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\mnmsrvc.exe
c:\program files\Maxtor\Utils\SyncServices.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\program files\Netropa\Multimedia Keyboard\Traymon.exe
c:\program files\Netropa\Onscreen Display\osd.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\HPZinw12.exe
.
**************************************************************************
.
Heure de fin: 2009-03-15 20:30:56 - La machine a redémarré [arkema]
ComboFix-quarantined-files.txt 2009-03-16 00:30:53
ComboFix2.txt 2008-03-03 17:27:35
ComboFix3.txt 2008-03-03 17:24:38
ComboFix4.txt 2008-03-03 16:55:27

Avant-CF: 215 162 613 760 octets libres
Après-CF: 215,043,223,552 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
580 --- E O F --- 2009-03-10 07:01:34

Merci de me donner les instructions suivantes.

À +.

Désactive toute protection résidente ( antivirus…) ! <------- Pense-y !

Copie le texte se situant dans le cadre ci-dessous : ( Ctrl + C )

=> Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

- Colles y le texte (CTRL + V)
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer
- Quitte le Bloc Notes

Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



* Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
* Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Copie/Colle son contenue sur le forum.
Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
* Poste un nouveau rapport hijackthis.

Les éléments en gras te disent-ils quelque chose ?

J'ai trouvé des fichiers Autorun associés à EA Sports, Nasacar 2007 et à ma carte réseau sans fil WG311v2/1.2B6

J'ai trouvé des fichiers dXsetup associé à directx et Nascar Racing.

Au besoin je peux tous les enlever si requis.

Le rapport est sorti en format html.
Suivra à la fin le contenu du fichier attach.



Wednesday, March 18, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, March 19, 2009 12:07:10
Records in database: 1933727
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\
Scan statistics
Files scanned 189860
Threat name 42
Infected objects 664
Suspicious objects 0
Duration of the scan 02:06:21

File name Threat name Threats count
C:\Program Files\RealVNC\VNC4\WinVNC4.exe/C:\Program Files\RealVNC\VNC4\WinVNC4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300003.VBN Infected: Trojan-Downloader.Win32.Agent.mba 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300004.VBN Infected: Trojan-Downloader.Win32.Bagle.cq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300005.VBN Infected: Trojan-Downloader.Win32.Bagle.cs 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300006.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300007.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300008.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300009.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230000A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230000B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230000C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230000D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230000E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230000F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300010.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300011.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300012.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300013.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300014.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300015.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300016.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300017.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300018.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300019.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230001A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230001B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230001C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230001D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230001E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230001F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300020.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300021.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300022.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300023.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300024.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300025.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300026.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300027.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300028.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300029.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230002A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230002B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230002C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230002D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230002E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230002F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300030.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300031.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300032.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300033.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300034.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300035.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300036.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300037.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300038.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300039.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230003A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230003B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230003C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230003D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230003E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230003F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300040.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300041.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300042.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300043.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300044.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300045.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300046.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300047.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300048.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300049.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230004A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230004B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230004C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230004D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230004E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230004F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300050.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300051.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300052.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300053.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300054.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300055.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300056.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300057.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300058.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300059.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230005A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230005B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230005C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230005D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230005E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230005F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300060.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300061.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300062.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300063.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300064.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300065.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300066.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300067.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300068.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300069.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230006A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230006B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230006C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230006D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230006E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230006F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300070.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300071.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300072.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300073.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300074.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300075.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300076.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300077.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300078.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300079.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230007A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230007B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230007C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230007D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230007E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230007F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300080.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300081.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300082.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300083.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300084.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300085.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300086.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300087.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300088.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300089.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230008A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230008B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230008C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230008D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230008E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230008F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300090.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300091.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300092.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300093.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300094.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300095.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300096.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300097.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300098.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02300099.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230009A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230009B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230009C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230009D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230009E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0230009F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000A0.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000A1.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000A2.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000A3.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000A4.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000A5.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000A6.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000A7.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000A8.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000A9.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000AA.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000AB.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000AC.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000AD.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000AE.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000AF.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000B0.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000B1.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000B2.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000B3.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000B4.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000B5.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000B6.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000B7.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000B8.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000B9.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000BA.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000BB.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000BC.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000BD.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000BE.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000BF.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000C0.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000C1.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000C2.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000C3.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\023000C4.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02680000\4AF84808.VBN Infected: Trojan-Downloader.Win32.Zlob.aago 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02680001\4AF84A47.VBN Infected: Trojan-Downloader.Win32.Zlob.aago 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02880000\4BABF177.VBN Infected: Trojan-Downloader.Win32.Small.jer 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02EC0000.VBN Infected: Backdoor.Win32.TDSS.blh 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02EC0001.VBN Infected: Backdoor.Win32.TDSS.atb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02EC0002\4BFC7C7D.VBN Infected: Rootkit.Win32.TDSS.dbg 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02EC0003.VBN Infected: Backdoor.Win32.TDSS.asz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02EC0004\4BFC7D09.VBN Infected: Rootkit.Win32.Protector.cd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140000\4FDEB8C0.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140001\4FDEB900.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140002\4FDEB90D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140003\4FDEB91B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140004\4FDEB929.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140005\4FDEB935.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140006\4FDEB942.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140007\4FDEB953.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140008\4FDEB95F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140009\4FDEB96C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814000A\4FDEB978.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814000B\4FDEB985.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814000C\4FDEB994.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814000D\4FDEB9A1.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814000E\4FDEB9AE.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814000F\4FDEB9BA.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140010\4FDEB9C7.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140011\4FDEB9D3.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140012\4FDEB9E3.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140013\4FDEB9F0.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140014\4FDEB9FD.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140015\4FDEBA09.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140016\4FDEBA15.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140017\4FDEBA22.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140018\4FDEBA2F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140019\4FDEBA3D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814001A\4FDEBA49.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814001B\4FDEBA55.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814001C\4FDEBA61.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814001D\4FDEBA6F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814001E\4FDEBA8E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814001F\4FDEBA9A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140020\4FDEBAA8.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140021\4FDEBAB5.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140022\4FDEBAC2.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140023\4FDEBACD.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140024\4FDEBADA.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140025\4FDEBAE7.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140026\4FDEBAF3.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140027\4FDEBB04.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140028\4FDEBB13.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140029\4FDEBB22.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814002A\4FDEBB30.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814002B\4FDEBB3F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814002C\4FDEBB4C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814002D\4FDEBB59.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814002E\4FDEBB65.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814002F\4FDEBB72.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140030\4FDEBB7F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140031\4FDEBB8D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140032\4FDEBB9A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140033\4FDEBBA7.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140034\4FDEBBB5.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140035\4FDEBBC2.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140036\4FDEBBCF.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140037\4FDEBBDB.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140038\4FDEBBE9.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140039\4FDEBBF7.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814003A\4FDEBC04.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814003B\4FDEBC11.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814003C\4FDEBC1F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814003D\4FDEBC2E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814003E\4FDEBC3C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814003F\4FDEBC4B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140040\4FDEBC5A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140041\4FDEBC68.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140042\4FDEBC75.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140043\4FDEBC85.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140044\4FDEBC93.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140045\4FDEBCA3.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140046\4FDEBCB5.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140047\4FDEBCC6.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140048\4FDEBCD6.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140049\4FDEBCE5.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814004A\4FDEBCF9.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814004B\4FDEBD07.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814004C\4FDEBD15.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814004D\4FDEBD22.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814004E\4FDEBD30.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814004F\4FDEBD40.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140050\4FDEBD4F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140051\4FDEBD61.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140052\4FDEBD6F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140053\4FDEBD7D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140054\4FDEBD8B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140055\4FDEBD9A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140056\4FDEBDAE.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140057\4FDEBDBB.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140058\4FDEBDCB.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140059\4FDEBDE0.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814005A\4FDEBDF3.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814005B\4FDEBE02.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814005C\4FDEBE11.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814005D\4FDEBE1F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814005E\4FDEBE32.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814005F\4FDEBE3E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140060\4FDEBE4B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140061\4FDEBE5A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140062\4FDEBE6A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140063\4FDEBE76.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140064\4FDEBE84.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140065\4FDEBE9B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140066\4FDEBEAB.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140067\4FDEBEBD.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140068\4FDEBECF.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140069\4FDEBEDF.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814006A\4FDEBEEF.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814006B\4FDEBF01.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814006C\4FDEBF0E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814006D\4FDEBF1A.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814006E\4FDEBF27.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814006F\4FDEBF33.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140070\4FDEBF41.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140071\4FDEBF4E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140072\4FDEBF5C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140073\4FDEBF69.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140074\4FDEBF76.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140075\4FDEBF83.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140076\4FDEBF92.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140077\4FDEBF9E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140078\4FDEBFAA.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140079\4FDEBFB7.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814007A\4FDEBFC5.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814007B\4FDEBFD6.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814007C\4FDEBFE6.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814007D\4FDEBFF5.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814007E\4FDEC003.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814007F\4FDEC011.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140080\4FDEC01F.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140081\4FDEC02D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140082\4FDEC03D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140083\4FDEC04C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140084\4FDEC059.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140085\4FDEC065.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140086\4FDEC072.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140087\4FDEC081.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140088\4FDEC097.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140089\4FDEC0A4.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814008A\4FDEC0B0.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814008B\4FDEC0BC.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814008C\4FDEC0C9.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814008D\4FDEC0D6.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814008E\4FDEC0E5.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814008F\4FDEC0F2.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140090\4FDEC100.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140091\4FDEC112.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140092\4FDEC11E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140093\4FDEC12D.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140094\4FDEC139.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140095\4FDEC145.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140096\4FDEC152.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140097\4FDEC15E.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140098\4FDEC16B.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08140099\4FDEC178.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814009A\4FDEC184.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814009B\4FDEC190.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814009C\4FDEC19C.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814009D\4FDEC1A8.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814009E\4FDEC1B4.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0814009F\4FDEC1C1.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\081400A0\4FDEC1CD.VBN Infected: Trojan-Downloader.Win32.Bagle.du 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\

Re,

Le rapport de Kaspersky est trop long.

Uploade-le sur mediafire :

• Rends-toi sur ce lien : http://www.mediafire.com/
• Clique en haut sur "Upload files To Media fire". Choisis ensuite "I want to upload without an account"
• Une fenêtre de ton explorateur windows va s'ouvrir. Navigue jusqu'au rapport que je te demande d'uploader, sélectionne-le puis clique sur "ouvrir".
• Clique ensuite sur "Upload".
• A droite de l'écran, choisis : "upload to a new folder". Laisse le nom par défaut ( = la date )
• Valide et laisse l'upload se faire.
• Clique sur "Vieuw uploaded file" et copie-moi l'url ( = le lien ) du nouvel onglet ou de la nouvelle fenêtre qui va s'ouvrir dans ton prochain message. Ainsi, je pourrais télécharger le rapport demandé.

Bonjour Egwene.

J'imagine que tu es bien occupé.

J'attends toujours ton analyse du fichier que j'ai mis sur mediafire.

Merci de me donner suite pour éliminer les virus qui ont envahi mon ordinateur.

Merci.

Heureux de te revoir.

Je te joins d'abord mon dernier fichier COmboFIx et dans une réponse subséquente je vais te donner l'adresse url de mon fichier sur mediafire.

ComboFix 09-03-15.01 - arkema 2009-03-17 6:54:07.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1367 [GMT -4:00]
Lancé depuis: c:\documents and settings\arkema\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\arkema\Bureau\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé

FILE ::
c:\windows\system32\btpanu.dll
c:\windows\system32\Drivers\ati1ksxx.sys
c:\windows\system32\drivers\xydxeuuo.sys
c:\windows\system32\omvlqnf.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\btpanu.dll
c:\windows\system32\drivers\xydxeuuo.sys
c:\windows\system32\omvlqnf.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XYDXEUUO
-------\Service_ati1ksxx
-------\Service_xydxeuuo


((((((((((((((((((((((((((((( Fichiers créés du 2009-02-17 au 2009-03-17 ))))))))))))))))))))))))))))))))))))
.

2009-03-15 13:38 . 2009-03-15 13:38 <REP> d-------- c:\documents and settings\arkema\Application Data\wfvhrssu
2009-03-14 11:40 . 2009-03-14 11:40 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-14 11:40 . 2009-03-14 11:40 <REP> d-------- c:\documents and settings\arkema\Application Data\Malwarebytes
2009-03-14 11:40 . 2009-03-14 11:40 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-14 11:40 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-14 11:40 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-14 11:36 . 2009-03-14 11:36 <REP> d-------- c:\documents and settings\NetworkService\Application Data\wfvhrssu
2009-03-14 09:18 . 2009-03-14 09:18 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-03-14 09:13 . 2009-03-14 09:14 <REP> d-------- c:\windows\ERUNT
2009-03-14 08:53 . 2009-03-14 10:16 <REP> d-------- C:\SDFix
2009-03-07 16:20 . 2009-03-07 16:24 <REP> d-------- c:\documents and settings\arkema\Application Data\yoclient
2009-03-07 15:25 . 2009-03-07 15:25 <REP> d-------- c:\program files\Zylom Games
2009-03-07 15:25 . 2009-03-07 15:25 <REP> d-------- c:\documents and settings\All Users\Application Data\Zylom
2009-02-22 20:12 . 2009-02-22 20:12 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-22 19:42 . 2009-02-22 19:42 <REP> d-------- c:\program files\MSBuild
2009-02-22 19:42 . 2009-02-22 19:42 <REP> d-------- c:\program files\Microsoft Works
2009-02-22 19:41 . 2009-02-22 19:41 <REP> d-------- c:\program files\Microsoft.NET
2009-02-22 19:36 . 2009-02-22 19:36 <REP> d-------- c:\program files\Microsoft Visual Studio 8
2009-02-22 19:35 . 2009-03-10 03:00 <REP> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-22 19:30 . 2009-02-22 19:30 <REP> dr-h----- C:\MSOCache

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-13 22:00 --------- d-----w c:\program files\Norton Security Scan
2009-03-13 21:19 --------- d-----w c:\program files\Navilog1
2009-03-13 21:06 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-13 01:32 --------- d-----w c:\program files\Google
2009-03-13 01:27 --------- d-----w c:\program files\Symantec AntiVirus
2009-03-03 21:54 --------- d-----w c:\program files\Warcraft III
2009-02-27 14:52 --------- d-----w c:\program files\Microsoft Games
2009-02-23 00:12 --------- d-----w c:\program files\Java
2009-02-14 21:50 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-06 00:54 22,328 ----a-w c:\documents and settings\arkema\Application Data\PnkBstrK.sys
2008-10-06 17:01 24 ----a-w c:\documents and settings\arkema\jagex_runescape_preferences.dat
2007-08-15 22:29 47,360 ----a-w c:\documents and settings\arkema\Application Data\pcouffin.sys
2007-01-07 16:01 32 ----a-r c:\documents and settings\All Users\hash.dat
2008-12-19 01:45 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 01:45 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 01:45 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 01:45 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 01:45 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.


---- c:\windows\system32\dllcache\user32.dll ----
Company: Microsoft Corporation
File Description: DLL client de l'API Utilisateur de Windows XP
File Version: 5.1.2600.5512 (xpsp.080413-2105)
Product Name: SystŠme d'exploitation Microsoft© Windows©
Copyright: ¸ Microsoft Corporation. Tous droits r‚serv‚s.
Original file name: user32
MD5: e853f84d3ce2faa2a802e33cf89ac023

---- Directory of c:\documents and settings\arkema\Application Data\wfvhrssu ----

2009-03-15 13:39 65536 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\cert8.db
2009-03-15 13:39 2048 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\cookies.sqlite
2009-03-15 13:39 0 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\places.sqlite-journal
2009-03-15 13:38 96185 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\xpti.dat
2009-03-15 13:38 8296 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\pluginreg.dat
2009-03-15 13:38 569 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\localstore.rdf
2009-03-15 13:38 4096 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\formhistory.sqlite
2009-03-15 13:38 367 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\prefs.js
2009-03-15 13:38 215 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\compatibility.ini
2009-03-15 13:38 2048 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\webappsstore.sqlite
2009-03-15 13:38 2048 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\permissions.sqlite
2009-03-15 13:38 16384 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\secmod.db
2009-03-15 13:38 16384 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\key3.db
2009-03-15 13:38 131072 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\places.sqlite
2009-03-15 13:38 127820 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\Profiles\h6od7dpj.default\compreg.dat
2009-03-15 13:38 111 --a------ c:\documents and settings\arkema\Application Data\wfvhrssu\profiles.ini


((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-31 67128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="-" [X]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-22 136600]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"MaxtorOneTouch"="c:\program files\Maxtor\ManagerApp\Onetouch.exe" [2006-08-11 712704]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2006-08-11 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

c:\documents and settings\arkema\Menu D‚marrer\Programmes\D‚marrage\
PowerReg Scheduler.exe [2007-09-16 256000]
SpamPal.lnk - c:\program files\SpamPal\spampal.exe [2005-10-24 387616]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-01-08 221247]
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2007-01-16 102455]
D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-31 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-21 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 11:10 72208 c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\vio\dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0qyxx.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0yxxx.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1ksxx.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2fnxx.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5nvxx.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7rqxx.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8baxx.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\EA SPORTS\\NASCAR Thunder TM 2004\\NASCAR_Thunder_2004.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"c:\\Program Files\\IBM\\Lotus\\Notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.j2se.win32.x86_1.5.0.SR4-200707311521\\jre\\bin\\notes2w.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Microsoft Games\\Motocross Madness 2\\MCM2.ICD"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\EA SPORTS\\NBA Live 2003\\nba2003.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2007-01-08 6656]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-01-08 3712]
R2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [2007-01-08 28672]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-27 101936]
S3 CEBDADTV;C&E DVB-T device;c:\windows\system32\DRIVERS\CEBDA150.sys --> c:\windows\system32\DRIVERS\CEBDA150.sys [?]
S3 iComp;Hauppauge WinTV PVR2 USB2 Encoder;c:\windows\system32\drivers\HCWUSB2.sys [2007-01-16 1458688]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - XYDXEUUO

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ddc4b8f-bf7e-11dc-9282-0018e70af722}]
\Shell\AutoRun\command - g:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - g:\directx\dxsetup.exe
.
Contenu du dossier 'Tâches planifiées'

2009-03-13 c:\windows\Tasks\Norton Security Scan for arkema.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 05:18]

2009-03-17 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{3732EDF4-F591-4ABF-A3D3-43D17D205544} - (no file)
BHO-{84483594-190C-48A1-8C9D-6AE24DC988D3} - (no file)


.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://www.freeworldgroup.com/games6/chocolatier/build/ChocolatierWeb.1.0.0.13.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://incredigamesfr.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab
FF - ProfilePath - c:\documents and settings\arkema\Application Data\Mozilla\Firefox\Profiles\7k6ivu6s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-17 06:57:30
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ccEvtMgr]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SNDSrvc]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SYMTDI]
"ImagePath"="-"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll
c:\windows\system32\ACTIVEDS.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\mnmsrvc.exe
c:\program files\Maxtor\Utils\SyncServices.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\program files\Netropa\Multimedia Keyboard\Traymon.exe
c:\program files\Netropa\Onscreen Display\osd.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
.
**************************************************************************
.
Heure de fin: 2009-03-17 7:06:46 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-17 11:06:43
ComboFix2.txt 2009-03-16 00:30:57
ComboFix3.txt 2008-03-03 17:27:35
ComboFix4.txt 2008-03-03 17:24:38
ComboFix5.txt 2009-03-17 10:53:18

Avant-CF: 214 910 308 352 octets libres
Après-CF: 214,908,444,672 octets libres

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
319 --- E O F --- 2009-03-16 07:01:56

Bonjour Egwene.

J'ai été hors du pays depuis 5 jours et je constate que je n'ai pas reçu de tes nouvelles.

Peux-tu me faire part de la suite des démaraches.

Merci.

Rebonjour.

Tu trouveras ci-joint le nouveau rapport Combofix.

J'attends de tes nouvelles.


Merci.

ComboFix 09-04-03.01 - arkema 2009-04-03 6:44:47.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1411 [GMT -4:00]
Lancé depuis: C:\Documents and Settings\arkema\Bureau\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-03-03 au 2009-04-03 ))))))))))))))))))))))))))))))))))))
.

2009-03-28 16:52 . 2009-03-28 16:53 <REP> d-------- C:\Program Files\Euro Truck Simulator
2009-03-15 13:38 . 2009-03-15 13:38 <REP> d-------- C:\Documents and Settings\arkema\Application Data\wfvhrssu
2009-03-14 11:40 . 2009-03-14 11:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-14 11:40 . 2009-03-14 11:40 <REP> d-------- C:\Documents and Settings\arkema\Application Data\Malwarebytes
2009-03-14 11:40 . 2009-03-14 11:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-14 11:40 . 2009-02-11 10:19 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-03-14 11:40 . 2009-02-11 10:19 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2009-03-14 11:36 . 2009-03-14 11:36 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\wfvhrssu
2009-03-14 09:18 . 2009-03-14 09:18 579,584 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2009-03-14 09:13 . 2009-03-14 09:14 <REP> d-------- C:\WINDOWS\ERUNT
2009-03-14 08:53 . 2009-03-14 10:16 <REP> d-------- C:\SDFix
2009-03-07 16:20 . 2009-03-07 16:24 <REP> d-------- C:\Documents and Settings\arkema\Application Data\yoclient
2009-03-07 15:25 . 2009-03-07 15:25 <REP> d-------- C:\Program Files\Zylom Games
2009-03-07 15:25 . 2009-03-07 15:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Zylom

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-01 23:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-04-01 22:00 --------- d-----w C:\Program Files\Norton Security Scan
2009-03-28 19:00 34 ----a-w C:\Documents and Settings\arkema\jagex_runescape_preferences.dat
2009-03-16 00:21 104,960 ----a-w C:\WINDOWS\system32\wtgdqpb.dll
2009-03-14 13:02 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2009-03-13 21:19 --------- d-----w C:\Program Files\Navilog1
2009-03-13 21:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-13 01:32 --------- d-----w C:\Program Files\Google
2009-03-13 01:27 --------- d-----w C:\Program Files\Symantec AntiVirus
2009-03-03 21:54 --------- d-----w C:\Program Files\Warcraft III
2009-02-27 14:52 --------- d-----w C:\Program Files\Microsoft Games
2009-02-23 00:12 410,984 ----a-w C:\WINDOWS\system32\deploytk.dll
2009-02-23 00:12 --------- d-----w C:\Program Files\Java
2009-02-22 23:42 --------- d-----w C:\Program Files\MSBuild
2009-02-22 23:42 --------- d-----w C:\Program Files\Microsoft Works
2009-02-22 23:41 --------- d-----w C:\Program Files\Microsoft.NET
2009-02-22 23:36 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2009-02-14 21:50 138,464 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2009-02-14 21:50 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2009-02-09 14:05 1,846,912 ----a-w C:\WINDOWS\system32\win32k.sys
2009-01-06 00:54 682,280 ----a-w C:\WINDOWS\system32\pbsvc.exe
2009-01-06 00:54 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2009-01-06 00:54 22,328 ----a-w C:\Documents and Settings\arkema\Application Data\PnkBstrK.sys
2007-08-15 22:29 47,360 ----a-w C:\Documents and Settings\arkema\Application Data\pcouffin.sys
2007-01-07 16:01 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
2008-12-19 01:45 67,688 ----a-w C:\Program Files\mozilla firefox\components\jar50.dll
2008-12-19 01:45 54,368 ----a-w C:\Program Files\mozilla firefox\components\jsd3250.dll
2008-12-19 01:45 34,944 ----a-w C:\Program Files\mozilla firefox\components\myspell.dll
2008-12-19 01:45 46,712 ----a-w C:\Program Files\mozilla firefox\components\spellchk.dll
2008-12-19 01:45 172,136 ----a-w C:\Program Files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 04:12 68856]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-31 08:18 67128]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 22:33 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-12-29 06:40 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="-" [X]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 21:33 125168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-02-22 20:12 136600]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 06:07 843776]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 08:09 425984]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 04:45 385024]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41 196608]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07 69632]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"MaxtorOneTouch"="C:\Program Files\Maxtor\ManagerApp\Onetouch.exe" [2006-08-11 08:45 712704]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2006-08-11 11:15 81920]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 18:35 32768]
"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 22:33 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]

C:\Documents and Settings\arkema\Menu D‚marrer\Programmes\D‚marrage\
PowerReg Scheduler.exe [2007-09-16 09:22:32 256000]
SpamPal.lnk - C:\Program Files\SpamPal\spampal.exe [2005-10-24 21:08:06 387616]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2007-01-08 16:21:52 221247]
AutoStart IR.lnk - C:\Program Files\WinTV\Ir.exe [2007-01-16 22:12:35 102455]
D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20 73728]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-31 08:18:44 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-21 21:10:27 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 11:10 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\vio\dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0qyxx.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0yxxx.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1ksxx.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2fnxx.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5nvxx.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7rqxx.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8baxx.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\EA SPORTS\\NASCAR Thunder TM 2004\\NASCAR_Thunder_2004.exe"=
"C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"C:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"C:\\Program Files\\IBM\\Lotus\\Notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.j2se.win32.x86_1.5.0.SR4-200707311521\\jre\\bin\\notes2w.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Microsoft Games\\Motocross Madness 2\\MCM2.ICD"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\\Nexon\\Combat Arms\\NMService.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"C:\\Program Files\\EA SPORTS\\NBA Live 2003\\nba2003.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\EA SPORTS\\Madden NFL 08\\mainapp.exe"=
"C:\\Program Files\\EA SPORTS\\NHL08\\nhl2008.exe"=

R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\drivers\Msikbd2k.sys [2007-01-08 16:03:35 6656]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\drivers\LBeepKE.sys [2007-01-08 15:13:19 3712]
R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2007-01-08 16:03:36 28672]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-27 21:01:23 101936]
S3 CEBDADTV;C&E DVB-T device;C:\WINDOWS\system32\DRIVERS\CEBDA150.sys --> C:\WINDOWS\system32\DRIVERS\CEBDA150.sys [?]
S3 iComp;Hauppauge WinTV PVR2 USB2 Encoder;C:\WINDOWS\system32\drivers\HCWUSB2.sys [2007-01-16 22:00:22 1458688]
S3 SavRoam;SAVRoam;C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-09-27 21:33:38 116464]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ddc4b8f-bf7e-11dc-9282-0018e70af722}]
\Shell\AutoRun\command - G:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - G:\Directx\dxsetup.exe
.
Contenu du dossier 'Tâches planifiées'

2009-04-01 C:\WINDOWS\Tasks\Norton Security Scan for arkema.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-09-19 05:18]

2009-04-03 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://www.freeworldgroup.com/games6/chocolatier/build/ChocolatierWeb.1.0.0.13.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://incredigamesfr.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab
FF - ProfilePath - C:\Documents and Settings\arkema\Application Data\Mozilla\Firefox\Profiles\7k6ivu6s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: C:\Program Files\Mozilla Firefox\components\xpinstal.dll
.

Voici le premier rapport.


Fichier wtgdqpb.dll reçu le 2009.04.04 21:58:50 (CET)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.04.04 -
AhnLab-V3 5.0.0.2 2009.04.04 -
AntiVir 7.9.0.129 2009.04.03 TR/Drop.Softomat.AN
Antiy-AVL 2.0.3.1 2009.04.04 -
Authentium 5.1.2.4 2009.04.04 -
Avast 4.8.1335.0 2009.04.04 -
AVG 8.5.0.285 2009.04.04 -
BitDefender 7.2 2009.04.04 -
CAT-QuickHeal 10.00 2009.04.04 -
ClamAV 0.94.1 2009.04.04 -
Comodo 1099 2009.04.04 -
DrWeb 4.44.0.09170 2009.04.04 -
eSafe 7.0.17.0 2009.04.02 -
eTrust-Vet 31.6.6435 2009.04.03 -
F-Prot 4.4.4.56 2009.04.03 -
F-Secure 8.0.14470.0 2009.04.04 -
Fortinet 3.117.0.0 2009.04.04 -
GData 19 2009.04.04 -
Ikarus T3.1.1.49.0 2009.04.04 -
K7AntiVirus 7.10.692 2009.04.03 -
Kaspersky 7.0.0.125 2009.04.04 -
McAfee 5574 2009.04.04 -
McAfee+Artemis 5574 2009.04.04 -
McAfee-GW-Edition 6.7.6 2009.04.03 Trojan.Drop.Softomat.AN
Microsoft 1.4502 2009.04.04 -
NOD32 3988 2009.04.04 -
Norman 6.00.06 2009.04.03 -
nProtect 2009.1.8.0 2009.04.04 -
Panda 10.0.0.14 2009.04.04 -
PCTools 4.4.2.0 2009.04.04 -
Prevx1 V2 2009.04.04 -
Rising 21.23.41.00 2009.04.03 -
Sophos 4.40.0 2009.04.04 -
Sunbelt 3.2.1858.2 2009.04.04 -
Symantec 1.4.4.12 2009.04.04 -
TheHacker 6.3.4.0.302 2009.04.04 -
TrendMicro 8.700.0.1004 2009.04.03 -
VBA32 3.12.10.2 2009.04.03 -
ViRobot 2009.4.4.1678 2009.04.04 -
VirusBuster 4.6.5.0 2009.04.04 -
Information additionnelle
File size: 104960 bytes
MD5...: b168e648aa1f30bcadf0df5d0ca1d3d8
SHA1..: 8860059c6ce8e4c756a9b62c98a03085bad63275
SHA256: 7917d7508a346608ab8ffb1c514007b3ade6f9b550e8ae39a8d9620d9cae1f19
SHA512: d57e754fb9a041404be101d471daa65c515e0b926b131721f19b11116d15e12e<br>add4aa5023017734f0e68b40df95210141b3ebe3570dd3488ea1922272712fcf
ssdeep: 1536:r91FgyYlm8CEfOeK6hrMuiU8HaypLgjqlzaHFsB0LGcraMditOL7hQqaDYm<br>vznOL:ju5lm6O8rzypLpkFZrt0O/EYmDO<br>
PEiD..: -
TrID..: File type identification<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (100.0%)
PEInfo: -
RDS...: NSRL Reference Data Set<br>-

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.04.04 -
AhnLab-V3 5.0.0.2 2009.04.04 -
AntiVir 7.9.0.129 2009.04.03 TR/Drop.Softomat.AN
Antiy-AVL 2.0.3.1 2009.04.04 -
Authentium 5.1.2.4 2009.04.04 -
Avast 4.8.1335.0 2009.04.04 -
AVG 8.5.0.285 2009.04.04 -
BitDefender 7.2 2009.04.04 -
CAT-QuickHeal 10.00 2009.04.04 -
ClamAV 0.94.1 2009.04.04 -
Comodo 1099 2009.04.04 -
DrWeb 4.44.0.09170 2009.04.04 -
eSafe 7.0.17.0 2009.04.02 -
eTrust-Vet 31.6.6435 2009.04.03 -
F-Prot 4.4.4.56 2009.04.03 -
F-Secure 8.0.14470.0 2009.04.04 -
Fortinet 3.117.0.0 2009.04.04 -
GData 19 2009.04.04 -
Ikarus T3.1.1.49.0 2009.04.04 -
K7AntiVirus 7.10.692 2009.04.03 -
Kaspersky 7.0.0.125 2009.04.04 -
McAfee 5574 2009.04.04 -
McAfee+Artemis 5574 2009.04.04 -
McAfee-GW-Edition 6.7.6 2009.04.03 Trojan.Drop.Softomat.AN
Microsoft 1.4502 2009.04.04 -
NOD32 3988 2009.04.04 -
Norman 6.00.06 2009.04.03 -
nProtect 2009.1.8.0 2009.04.04 -
Panda 10.0.0.14 2009.04.04 -
PCTools 4.4.2.0 2009.04.04 -
Prevx1 V2 2009.04.04 -
Rising 21.23.41.00 2009.04.03 -
Sophos 4.40.0 2009.04.04 -
Sunbelt 3.2.1858.2 2009.04.04 -
Symantec 1.4.4.12 2009.04.04 -
TheHacker 6.3.4.0.302 2009.04.04 -
TrendMicro 8.700.0.1004 2009.04.03 -
VBA32 3.12.10.2 2009.04.03 -
ViRobot 2009.4.4.1678 2009.04.04 -
VirusBuster 4.6.5.0 2009.04.04 -

Information additionnelle
File size: 104960 bytes
MD5...: b168e648aa1f30bcadf0df5d0ca1d3d8
SHA1..: 8860059c6ce8e4c756a9b62c98a03085bad63275
SHA256: 7917d7508a346608ab8ffb1c514007b3ade6f9b550e8ae39a8d9620d9cae1f19
SHA512: d57e754fb9a041404be101d471daa65c515e0b926b131721f19b11116d15e12e<br>add4aa5023017734f0e68b40df95210141b3ebe3570dd3488ea1922272712fcf
ssdeep: 1536:r91FgyYlm8CEfOeK6hrMuiU8HaypLgjqlzaHFsB0LGcraMditOL7hQqaDYm<br>vznOL:ju5lm6O8rzypLpkFZrt0O/EYmDO<br>
PEiD..: -
TrID..: File type identification<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (100.0%)
PEInfo: -
RDS...: NSRL Reference Data Set<br>-

Bonjour Egwene.

As-tu eu le temps de prendre connaissance des rapports que je t'ai envoyés. Je crois que tu t'aproches car j'ai des fichiers contaminés dans ce rapport.

Merci de me donner des nouvelles.

Bonjour à tous.

Je fais appel à la collectivité pour prendre le relais de Egwene. Celui-ci doit être complètement débordé car malgré des messages personnels je n'ai pas eu aucune réponse depuis deux semaines.

Est-ce que quelqu'un peut prendre le relais s.v.p.

Merci de votre aide.