aider moi je suis bloquer je sais pas quoi faRésolu/Fermé

Question

Bonjour,
voila j'ai un message qui s'affiche et qui me dit :
Processus hote windows (Rundll32) a cessè de fonctionner
j'ai aussi internet explorer qui ne vas plus quand je double clik sur le logo la page s'ouvre et me dit internet explorer a cessè de fonctionner et il se ferme
Et j'ai aussi un problème avec antivir personnal edition il n'ètait plus affichè dans ma barre en bas du bureau donc j'ai voulu le rèinstallè mais sa ne fonctionne pas g donc voulu le dèsinstallè et le supprimè de mon disk dur et le rèinstallè mais sa ne marche pas aider moi svp merci

laurent54 · Answer

réponse simple : scan de ton ordinateur complet avec un antivirus extérieur à jour....
possible infection par un virus de type brontok....

Wolfman59760 · Answer

comment je fait ? aide moi s'il te plait merci

Wolfman59760 · Answer

je suis là

Wolfman59760 · Answer

je suis la j'espére que tu as trouvé

Utilisateur anonyme · Answer

Re , tu aurais pu envoyer le lien ;)

Je regarde ce qui a été fait précédemment et je reviens pour te donner une procédure.

++

Utilisateur anonyme · Answer

Re , Bon ok. → Télécharge TrendMicro™ HijackThis™ ' Place le dans ' C:\programmes\ ' Une fois cela fait , merci de renommer l'icône ( clique droit > renommer )' Hijackthis.exe 'situé dans le dossier dans C:\ , en 'HJT.exe' <<<<<<<<< Important !!! <<<<<<< Le chemin d'accés du programme doit être ressemblant à celui-ci : C:\Programme\Trend Micro\Hijackthis\HJT.exe → Ne pas renommer l'icône du raccourci sur le bureau bien entendu ... /!\ Ferme toute les fenêtres encore ouvertes , et déconnecte toi du web /!\ Clique droit sur l'icône -> '' Executer en tant qu'administrateur '' , et choisi l'option '' do a system scan and save a logfile '' et poste moi le rapport ( qui apparait sur le bloc-note ) (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) Tuto si tu n'y arrive pas : http://pageperso.aol.fr/balltrap34/demohijack.htm ++

Wolfman59760 · Answer

ok alors tu en pense quoi de ce que je dit plus haut dans cet discussion
tu croit que sa peu ètre quoi dit moi?

Utilisateur anonyme · Answer

Re , 

Je sais pas encore , j'attends de voir le rapport HJT.

++

Wolfman59760 · Answer

voila le rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:33, on 2008-04-04
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - Default URLSearchHook is missing
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [C:\Windows\system32\V0350Cvw.dll] C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0350Cvw.dll
O4 - HKLM\..\Run: [V0350Mon.exe] C:\Windows\V0350Mon.exe
O4 - HKLM\..\Run: [LXDDCATS] rundll32 \3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\Its Label\ItsTV\ItsTV.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O13 - Gopher Prefix: 
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxdd_device -   - C:\Windows\system32\lxddcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Utilisateur anonyme · Answer

Rapport en mode normal stp.

++

Wolfman59760 · Answer

sa ne vas pas il me dit que se n'est pas une application win 32 je doit faire quoi?

Utilisateur anonyme · Answer

Re , 

Il aurais fallu le dire dès le début.

Tu as téléchargé un crack récemment ?

Si oui supprime le.

Puis fait ceci :

Va sur ce site :

http://www.zonavirus.com/datos/descargas/95/elibagla.asp

En bas de cette page tu trouveras un outil à télécharger, clique sur "Descargar Elibagla" (le numéro de version change au fur et à mesure des mises à jour)
installe ce fichier sur le bureau.
ensuite double-clic sur Elibagla.exe

Vérifie que la case "eliminar ficheros automaticamente" est cochée

Clique sur  "explorar"  puis laisse-le travailler.
                     
Puis poste moi le rapport situé dans C:\infosat.txt

(CTRL+A Pour tout selectionner  , CTRL+C pour copier et CTRL+V pour coller )









Fait Elibagla en mode sans echec , 3 fois et poste moi les rapports.

+++

Wolfman59760 · Answer

non je n'ai pas prit de crack rècemment , je doit le faire quand mème?
ce que tu dit avec Elibagla ?

Utilisateur anonyme · Answer

Oui.

Wolfman59760 · Answer

voila le premier rapport : 

	  Sat Apr 05 00:14:54 2008
EliBagle v11.21  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle.dldr

	  Sat Apr 05 00:15:43 2008
EliBagle v11.21  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\MDELK.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\148809.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\15415737.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\212254.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\215312.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\252908.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\29388404.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\29414425.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\29516449.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\43872192.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\43988366.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\44057833.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\44575554.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\58585130.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\59119106.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\73121241.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\786043282.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\88281854.EXE --> Eliminado Bagle

Nº Total de Directorios:   12728
Nº Total de Ficheros:      94441
Nº de Ficheros Analizados: 12327
Nº de Ficheros Infectados: 18
Nº de Ficheros Limpiados:  18

Utilisateur anonyme · Answer

Re , 

Encore une seule fois stp.

++

Wolfman59760 · Answer

voila le deuxième rapport :

	  Sat Apr 05 00:25:47 2008
EliBagle v11.21  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios:   12729
Nº Total de Ficheros:      94427
Nº de Ficheros Analizados: 12309
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados:  0

Utilisateur anonyme · Answer

Re ,

Parfait.

Redémarre en mode normal et poste moi un rapport Hijackthis.

tu dois pouvoir normalement.
++

Wolfman59760 · Answer

et voila le rapport hijacthis : 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:35, on 2008-04-05
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32	askeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32undll32.exe
C:\Program Files\USB Disk Win98 Driver\Res.exe
C:\Windows\FixCamera.exe
C:\Windows\V0350Mon.exe
C:\Program Files\Adobe\Reader 8.0\Readereader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe
C:\Users\daniel\AppData\Roaming\m\flec006.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Users\daniel\Desktop\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [C:\Windows\system32\V0350Cvw.dll] C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0350Cvw.dll
O4 - HKLM\..\Run: [V0350Mon.exe] C:\Windows\V0350Mon.exe
O4 - HKLM\..\Run: [LXDDCATS] rundll32 \3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\Its Label\ItsTV\ItsTV.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Philips Intelligent Agent] NOT_IN_USE_DUMMY_PATH
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe
O4 - HKCU\..\Run: [drvsyskit] C:\Windows\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [german.exe] C:\Windows\system32\wintems.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Users\daniel\AppData\Roaming\m\flec006.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O13 - Gopher Prefix: 
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxdd_device -   - C:\Windows\system32\lxddcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Utilisateur anonyme · Answer

Re ,

/!\ Outils très puissant , ne pas reproduire la manip ci-dessous sur son pc sans y avoir été autorisé par une personne compétente /!\


Télécharge ComboFix ici &#8594; http://download.bleepingcomputer.com/sUBs/ComboFix.exe  

Et enregistre le sur le bureau >>> /!\ IMPORTANT /!\

Regardes ici, si tu souhaites te familiariser avec son utilisation: https://www.google.fr/?gws_rd=ssl

 AVANT d'utiliser ComboFix :
&#8594; Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours.   /!\
&#8594; Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection !!!, (activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil). /!\

Sur ton bureau double clic sur Combofix.exe.
Appuies sur la touche 1, pour que le programme commence à s'exécuter et suis les instructions à l'écran.

/!\ PENDANT TOUTE la durée (ça peut être assez long si le pc est très infecté) du scan de ComboFix, n'ouvres aucun programme, ne touche pas à ta souris et ne surfe pas sur le net /!\

Soit patient (même si tu penses que le PC est arrêté) ; les temps « d'arrêt apparent » sont parfois de plusieurs minutes (il y a ± 40 étapes d’analyse).

En cours de nettoyage il est possible, que tu reçoives un avertissement te disant que le pc va redémarrer, laisse le faire.

Après le redemarrage du pc, un rapport s'ouvrira dans le Bloc notes en fin d'analyse, copie et colle tout son contenu dans ton prochain message.

(Le fichier rapport Combofix.txt , est ensuite automatiquement sauvegardé dans C:\Combofix.txt)

Tutorial ( aide ): https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix



bonne chance
A+

Wolfman59760 · Answer

voila le rapport : 
ComboFix 08-04-03.5 - daniel 2008-04-05  0:49:06.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6000.0.1252.1.1036.18.395 [GMT 2:00]
Endroit: C:\Users\daniel\Desktop\ComboFix.exe
 * Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\daniel\AppData\Roaming\m
C:\Users\daniel\AppData\Roaming\m\data.oct
C:\Users\daniel\AppData\Roaming\m\flec006.exe
C:\Users\daniel\AppData\Roaming\m\list.oct
C:\Users\daniel\AppData\Roaming\m\shared\.!!!.Crack.Norton.AntiVirus.2006.Multilanguage.!!!.zip
C:\Users\daniel\AppData\Roaming\m\shared\.NET Encryption Library 1.05.zip
C:\Users\daniel\AppData\Roaming\m\shared\[APP.-.ITA].AVG.7.1.+.Licenza.fino.a.2112.zip
C:\Users\daniel\AppData\Roaming\m\shared\1 Click Safe PC 1.6.zip
C:\Users\daniel\AppData\Roaming\m\shared\1st Look! 2.0.1 [Key+Serial].zip
C:\Users\daniel\AppData\Roaming\m\shared\3Com Etherlink XL 3C90x Adapter Driver 5.4.zip
C:\Users\daniel\AppData\Roaming\m\shared\3D Visioner 2.3.zip
C:\Users\daniel\AppData\Roaming\m\shared\A Christmas Reflection Screensaver 1.0 [Key+Serial].zip
C:\Users\daniel\AppData\Roaming\m\shared\A9CAD Pro 2.3.2 [Key].zip
C:\Users\daniel\AppData\Roaming\m\shared\Advanced Log Monitor 2.1.21.zip
C:\Users\daniel\AppData\Roaming\m\shared\AllWebMenus Lite 3.1.128.zip
C:\Users\daniel\AppData\Roaming\m\shared\Altostorm Rectilinear Panorama Pro 1.2.zip
C:\Users\daniel\AppData\Roaming\m\shared\AS HDGET WIN32 DLL 2.1 Cracked.zip
C:\Users\daniel\AppData\Roaming\m\shared\ASP Printer COM 2.1 [Serial].zip
C:\Users\daniel\AppData\Roaming\m\shared\AutoCAD Version Explorer 1.9.zip
C:\Users\daniel\AppData\Roaming\m\shared\AVD Batch Converter 1.5.1.zip
C:\Users\daniel\AppData\Roaming\m\shared\AVDP 1.1 (Serial).zip
C:\Users\daniel\AppData\Roaming\m\shared\BabyShield 2.5 (Cracked).zip
C:\Users\daniel\AppData\Roaming\m\shared\Back to Baghdad demo.zip
C:\Users\daniel\AppData\Roaming\m\shared\Basic HTML Editor 1.zip
C:\Users\daniel\AppData\Roaming\m\shared\BeClean 1.4.zip
C:\Users\daniel\AppData\Roaming\m\shared\Betty Boop Moon Clock Demo Screensaver 1.0 (With Crack).zip
C:\Users\daniel\AppData\Roaming\m\shared\Big Rigs Over the Road Racing Patch 1.0.zip
C:\Users\daniel\AppData\Roaming\m\shared\BigSpeed Zipper 4.00.zip
C:\Users\daniel\AppData\Roaming\m\shared\Blueframe Pack 3.zip
C:\Users\daniel\AppData\Roaming\m\shared\Bonny Clock 1.5.zip
C:\Users\daniel\AppData\Roaming\m\shared\BPS WinTrace Remover 6.2.0.0.zip
C:\Users\daniel\AppData\Roaming\m\shared\BPS YouTube Google Video Grabber 1.0.0.0.zip
C:\Users\daniel\AppData\Roaming\m\shared\BrainStreamer 1.2 build 100.zip
C:\Users\daniel\AppData\Roaming\m\shared\BrightCar Car Maintenance Software 1.0.74.3 (Crack).zip
C:\Users\daniel\AppData\Roaming\m\shared\Butterfly Garden Screensaver 01.zip
C:\Users\daniel\AppData\Roaming\m\shared\Cat 2.0.3.zip
C:\Users\daniel\AppData\Roaming\m\shared\CDBF Shell 1.10.03.zip
C:\Users\daniel\AppData\Roaming\m\shared\Celebdaq RSS News 1.0.zip
C:\Users\daniel\AppData\Roaming\m\shared\Chinese Calendrics 7.22.zip
C:\Users\daniel\AppData\Roaming\m\shared\Click MusicalKeys 3.21.zip
C:\Users\daniel\AppData\Roaming\m\shared\CmosPwd 4.8.zip
C:\Users\daniel\AppData\Roaming\m\shared\Color Finder 1.0 (Key).zip
C:\Users\daniel\AppData\Roaming\m\shared\Command & Conquer Generals - Gravel Maze map.zip
C:\Users\daniel\AppData\Roaming\m\shared\Command Finder 1.0.zip
C:\Users\daniel\AppData\Roaming\m\shared\Cool Paint Pro Image Editing 2.6.0.1.zip
C:\Users\daniel\AppData\Roaming\m\shared\CPU-Speedflash 1.21 1.21.zip
C:\Users\daniel\AppData\Roaming\m\shared\Custom Internet Explorer Toolbar Builder 2.0.zip
C:\Users\daniel\AppData\Roaming\m\shared\CyberFlash 2.2 With Crack.zip
C:\Users\daniel\AppData\Roaming\m\shared\CyberSense Search Center 3.0.zip
C:\Users\daniel\AppData\Roaming\m\shared\Cyrillic Starter Kit 5.0.zip
C:\Users\daniel\AppData\Roaming\m\shared\CZ-Doc2Pdf COM 2.0.zip
C:\Users\daniel\AppData\Roaming\m\shared\D2MP 3.8.zip
C:\Users\daniel\AppData\Roaming\m\shared\Desert Combat (Battlefield 1942) - Lost Jungle map.zip
C:\Users\daniel\AppData\Roaming\m\shared\Desktop Flash Template 1.0 build 2007.02.21 With Crack.zip
C:\Users\daniel\AppData\Roaming\m\shared\DiaryOne 6.66.zip
C:\Users\daniel\AppData\Roaming\m\shared\DiDaPro HTML Editor 5.60a With Crack.zip
C:\Users\daniel\AppData\Roaming\m\shared\Digigenius DVD to iPhone Converter 3.6 [Key+Serial].zip
C:\Users\daniel\AppData\Roaming\m\shared\DolphinSS Screensaver 1.0.zip
C:\Users\daniel\AppData\Roaming\m\shared\Dreadlock Privacy 5.0 [Serial].zip
C:\Users\daniel\AppData\Roaming\m\shared\DV MPEG4 Maker 2.6.0.zip
C:\Users\daniel\AppData\Roaming\m\shared\Earthsim browser 1.5.zip
C:\Users\daniel\AppData\Roaming\m\shared\Ease123 Video Splitter 1.0.1 (With Crack).zip
C:\Users\daniel\AppData\Roaming\m\shared\EasyDesk Helpdesk 1.2.7 (KeyGen).zip
C:\Users\daniel\AppData\Roaming\m\shared\EasyViewOrcl 1.5.zip
C:\Users\daniel\AppData\Roaming\m\shared\Ecora Documentor for Unix 4.0.6212.19170.zip
C:\Users\daniel\AppData\Roaming\m\shared\Editable JavaScript TreeGrid 3.3.zip
C:\Users\daniel\AppData\Roaming\m\shared\EF Duplicate Files Manager Xp 3.40 [KeyGen].zip
C:\Users\daniel\AppData\Roaming\m\shared\Enigma 0.92.zip
C:\Users\daniel\AppData\Roaming\m\shared\Ergo Romanian 1 1.2.zip
C:\Users\daniel\AppData\Roaming\m\shared\ESXManager 7.5.2.zip
C:\Users\daniel\AppData\Roaming\m\shared\Expert Debugger 3.1.zip
C:\Users\daniel\AppData\Roaming\m\shared\Explorer View - File Viewer 3.40.zip
C:\Users\daniel\AppData\Roaming\m\shared\ExtremePlanner Starter Edition 2.1.zip
C:\Users\daniel\AppData\Roaming\m\shared\EZ Backup Photoshop Premium 4.7 Serial.zip
C:\Users\daniel\AppData\Roaming\m\shared\ezConverter 2.0 [Crack].zip
C:\Users\daniel\AppData\Roaming\m\shared\FilePackager Professional Edition 4.1 (Key).zip
C:\Users\daniel\AppData\Roaming\m\shared\FindinSite-MS 1.18.zip
C:\Users\daniel\AppData\Roaming\m\shared\Free CD Replicator 2.1.0.0.zip
C:\Users\daniel\AppData\Roaming\m\shared\Free PC Boost Fix 2.1.zip
C:\Users\daniel\AppData\Roaming\m\shared\Freedom Force Blue Streak Skin.zip
C:\Users\daniel\AppData\Roaming\m\shared\GeoDataSource World Cities Database (Gold Edition) July 2006.zip
C:\Users\daniel\AppData\Roaming\m\shared\Gradebook 3.01.zip
C:\Users\daniel\AppData\Roaming\m\shared\gView 1.1.zip
C:\Users\daniel\AppData\Roaming\m\shared\HDC Pop 1.zip
C:\Users\daniel\AppData\Roaming\m\shared\Hide Files & Folders 2.82 With Crack.zip
C:\Users\daniel\AppData\Roaming\m\shared\Hpmbcalc Hex Calculator 4.1 [Cracked].zip
C:\Users\daniel\AppData\Roaming\m\shared\i.Disk 1.7.zip
C:\Users\daniel\AppData\Roaming\m\shared\ICQ 5.1.zip
C:\Users\daniel\AppData\Roaming\m\shared\ICQ Monitor 1.1 [Crack].zip
C:\Users\daniel\AppData\Roaming\m\shared\IDAutomation Interleaved 2 of 5 Font Advantage 6.08.zip
C:\Users\daniel\AppData\Roaming\m\shared\ImTOO DVD Audio Ripper 4.0.84.0802.zip
C:\Users\daniel\AppData\Roaming\m\shared\Instant Video Streamer 1.0.zip
C:\Users\daniel\AppData\Roaming\m\shared\International Rally Championship regular demo.zip
C:\Users\daniel\AppData\Roaming\m\shared\Internet Policy and Authentication 1.1.zip
C:\Users\daniel\AppData\Roaming\m\shared\iPod shuffle DP 2.1.0.0.zip
C:\Users\daniel\AppData\Roaming\m\shared\Iraq A'tak 1.zip
C:\Users\daniel\AppData\Roaming\m\shared\JavaScript Newsflash Composer LITE 1.0.zip
C:\Users\daniel\AppData\Roaming\m\shared\JetPhoto Studio for Mac 2.3.zip
C:\Users\daniel\AppData\Roaming\m\shared\Kaspersky.Anti-Virus.Personal.2006.6.0.12.167.Beta.Keys(1).updated-fixed.12-2006.zip
C:\Users\daniel\AppData\Roaming\m\shared\Key.Kaspersky.2006.Y.2007.zip
C:\Users\daniel\AppData\Roaming\m\shared\Key_Kaspersky_6.0.0.303.zip
C:\Users\daniel\AppData\Roaming\m\shared\Keyboard Explorer 1.1.3.zip
C:\Users\daniel\AppData\Roaming\m\shared\KidzLog 1.3 (Serial).zip
C:\Users\daniel\AppData\Roaming\m\shared\LetterMerger for MS Access 1.2.63.zip
C:\Users\daniel\AppData\Roaming\m\shared\Liatro SWF Tools 1.0.zip
C:\Users\daniel\AppData\Roaming\m\shared\Linren MP3 CD Burner 2.00 With Crack.zip
C:\Users\daniel\AppData\Roaming\m\shared\LMD-Tools Special Edition (Delphi 8) 7.05.zip
C:\Users\daniel\AppData\Roaming\m\shared\Lock On Modern Air Combat v1.01 to v1.02 patch.zip
C:\Users\daniel\AppData\Roaming\m\shared\Lowney Math Flash 2.1.zip
C:\Users\daniel\AppData\Roaming\m\shared\Ls 4.2.169.zip
C:\Users\daniel\AppData\Roaming\m\shared\Mail Direct 2.1.5.zip
C:\Users\daniel\AppData\Roaming\m\shared\Mail Server Pro 1.74 With Crack.zip
C:\Users\daniel\AppData\Roaming\m\shared\MailCOPA 8.01 (With Crack).zip
C:\Users\daniel\AppData\Roaming\m\shared\MailSniff 1.0 KeyGen.zip
C:\Users\daniel\AppData\Roaming\m\shared\MarketBlast 1.10.zip
C:\Users\daniel\AppData\Roaming\m\shared\Marx NTFS Alternate Data Streams Viewer 2.zip
C:\Users\daniel\AppData\Roaming\m\shared\MathGV 3.1.zip
C:\Users\daniel\AppData\Roaming\m\shared\moreTunes 2.04.zip
C:\Users\daniel\AppData\Roaming\m\shared\Mortgage Mantra 1.0 [With Crack].zip
C:\Users\daniel\AppData\Roaming\m\shared\MovieClip Transition Effect V3 (Serial).zip
C:\Users\daniel\AppData\Roaming\m\shared\MSDict Viewer (Symbian UIQ) 2.30.zip
C:\Users\daniel\AppData\Roaming\m\shared\myJournal 2.0.zip
C:\Users\daniel\AppData\Roaming\m\shared\NAIC Club Accounting 2.5.zip
C:\Users\daniel\AppData\Roaming\m\shared\Nikon Coolpix 990 (USB) 1.1.zip
C:\Users\daniel\AppData\Roaming\m\shared\Number Press 1.1.zip
C:\Users\daniel\AppData\Roaming\m\shared\OCX DTMF Keyboard 1.0.zip
C:\Users\daniel\AppData\Roaming\m\shared\OHTrader 5.zip
C:\Users\daniel\AppData\Roaming\m\shared\Operation Flashpoint Resistance GOTY patch 1.96.zip
C:\Users\daniel\AppData\Roaming\m\shared\OraMuLas9i+ 5.1.zip
C:\Users\daniel\AppData\Roaming\m\shared\Orca 3.1.4000.1830.zip
C:\Users\daniel\AppData\Roaming\m\shared\Outlook Loader 1.4.1001.zip
C:\Users\daniel\AppData\Roaming\m\shared\PackPal Photo to Movie Converter 2.00.zip
C:\Users\daniel\AppData\Roaming\m\shared\Painkiller demo.zip
C:\Users\daniel\AppData\Roaming\m\shared\Palette 2.6 With Crack.zip
C:\Users\daniel\AppData\Roaming\m\shared\PDF In-The-Box for Delphi 2.2.zip
C:\Users\daniel\AppData\Roaming\m\shared\PDFtypewriter with PDF Printer Driver 5.2.594.zip
C:\Users\daniel\AppData\Roaming\m\shared\PhotoPaster 1.zip
C:\Users\daniel\AppData\Roaming\m\shared\Picasa Photo Organizer 2.7 Build 36.60.zip
C:\Users\daniel\AppData\Roaming\m\shared\Pimp My Meal 1.zip
C:\Users\daniel\AppData\Roaming\m\shared\PopUp Killer v1.45.3.zip
C:\Users\daniel\AppData\Roaming\m\shared\PornCleanser 1.zip
C:\Users\daniel\AppData\Roaming\m\shared\Presto Transfer Outlook Express 1.7.zip
C:\Users\daniel\AppData\Roaming\m\shared\PS AVI To Zune Converter 1.00 [KeyGen].zip
C:\Users\daniel\AppData\Roaming\m\shared\Quick ‘n Easy Web Server Professional 3.1.2 (KeyGen).zip
C:\Users\daniel\AppData\Roaming\m\shared\Quick Measure 2.1.40.zip
C:\Users\daniel\AppData\Roaming\m\shared\R-Studio Data Recovery 3.zip
C:\Users\daniel\AppData\Roaming\m\shared\Radio Zenwaw 1.0 (Crack).zip
C:\Users\daniel\AppData\Roaming\m\shared\RAR Recovery Toolbox 1.1.4 (Patch).zip
C:\Users\daniel\AppData\Roaming\m\shared\Real 3D Matrix 3.0.zip
C:\Users\daniel\AppData\Roaming\m\shared\Recovery for Backup 1.7.zip
C:\Users\daniel\AppData\Roaming\m\shared\Remote Administration Tool 1.2.zip
C:\Users\daniel\AppData\Roaming\m\shared\Return to Castle Wolfenstein Enemy Territory Forum Damage Competition Map Pack.zip
C:\Users\daniel\AppData\Roaming\m\shared\Rosoft Media Player 4.1.3.zip
C:\Users\daniel\AppData\Roaming\m\shared\scViewerX 2.0 Build 161 (Key).zip
C:\Users\daniel\AppData\Roaming\m\shared\Serious Sam The Second Encounter demo.zip
C:\Users\daniel\AppData\Roaming\m\shared\ShowDirector for PowerPoint 2.0 [Key].zip
C:\Users\daniel\AppData\Roaming\m\shared\Sidekick for NetMeeting 1.0.zip
C:\Users\daniel\AppData\Roaming\m\shared\Slide-In Ads Generator 1.1.1.zip
C:\Users\daniel\AppData\Roaming\m\shared\Softinabox Batch Registry 1.4.0 Build 32.zip
C:\Users\daniel\AppData\Roaming\m\shared\SOHO Printing Toolbar For Firefox 1.5.0.6.zip
C:\Users\daniel\AppData\Roaming\m\shared\Spam Sleuth Lite 4.4.zip
C:\Users\daniel\AppData\Roaming\m\shared\Spell It Out Loud 1.0.zip
C:\Users\daniel\AppData\Roaming\m\shared\Spheresoft Zip Code Demographics for Microsoft Excel 1.0.zip
C:\Users\daniel\AppData\Roaming\m\shared\Star Downloader Pro 1.52 [KeyGen].zip
C:\Users\daniel\AppData\Roaming\m\shared\Stealth Dupecheck 2.4.212.zip
C:\Users\daniel\AppData\Roaming\m\shared\StorXit 2.0.8 [Cracked].zip
C:\Users\daniel\AppData\Roaming\m\shared\Symantec.Enterprise.Firewall.VPN.v7.04-FULL.zip
C:\Users\daniel\AppData\Roaming\m\shared\Symantec.Norton.Ghost.2001.zip
C:\Users\daniel\AppData\Roaming\m\shared\System Protector 1.9 [Cracked].zip
C:\Users\daniel\AppData\Roaming\m\shared\TDB 1.52.zip
C:\Users\daniel\AppData\Roaming\m\shared\The Big Talker 1210 WPHT 1.0.zip
C:\Users\daniel\AppData\Roaming\m\shared\The Insidious Dr. Fu Manchu 1.0.zip
C:\Users\daniel\AppData\Roaming\m\shared\The PC Detective Pro 2.9.8 Key+Serial.zip
C:\Users\daniel\AppData\Roaming\m\shared\TheWorld Browser 2.0.5.6.zip
C:\Users\daniel\AppData\Roaming\m\shared\Time Sync Pro 1.2 Crack.zip
C:\Users\daniel\AppData\Roaming\m\shared\tooLAME 0.2k.zip
C:\Users\daniel\AppData\Roaming\m\shared\TrayIconsOK! 1.1 (Patch).zip
C:\Users\daniel\AppData\Roaming\m\shared\Trivia Quiz Shell 2.5.zip
C:\Users\daniel\AppData\Roaming\m\shared\TwinGrid 7.0 (With Crack).zip
C:\Users\daniel\AppData\Roaming\m\shared\Unreal Tournament 2003 - Misty Mountain][ deathmatch map.zip
C:\Users\daniel\AppData\Roaming\m\shared\VersyPDF 2.4.zip
C:\Users\daniel\AppData\Roaming\m\shared\VideoEdit ActiveX Control 2.3.zip
C:\Users\daniel\AppData\Roaming\m\shared\Warcraft III MP3 pack.zip
C:\Users\daniel\AppData\Roaming\m\shared\Webcalng 3.1p2.zip
C:\Users\daniel\AppData\Roaming\m\shared\WebDelegator 1.0 build 47 (Patch).zip
C:\Users\daniel\AppData\Roaming\m\shared\What-If Creator 1.4.1 (With Crack).zip
C:\Users\daniel\AppData\Roaming\m\shared\What-If Creator 1.4.1.zip
C:\Users\daniel\AppData\Roaming\m\shared\WildSavers Screensaver - Flowers ws-0001 1.0.zip
C:\Users\daniel\AppData\Roaming\m\shared\WinDirLister 2.0.zip
C:\Users\daniel\AppData\Roaming\m\shared\Windows Text Copyer 1.0.0.1.zip
C:\Users\daniel\AppData\Roaming\m\shared\WinFax Pro Automator for Word 2.0 Serial.zip
C:\Users\daniel\AppData\Roaming\m\shared\WinRescue 2000 2.08.zip
C:\Users\daniel\AppData\Roaming\m\shared\WinSafe 2001 3.2.03.zip
C:\Users\daniel\AppData\Roaming\m\shared\Xceed Backup Library 1.0 [Patch].zip
C:\Users\daniel\AppData\Roaming\m\shared\xFerret 0.56.zip
C:\Users\daniel\AppData\Roaming\m\shared\Xftp 1.3 Build 0018.zip
C:\Users\daniel\AppData\Roaming\m\shared\Xilisoft Apple TV Video Converter 3.1.29.0419b.zip
C:\Users\daniel\AppData\Roaming\m\shared\Xylograph 1.2.zip
C:\Users\daniel\AppData\Roaming\m\shared\Yahoo Messenger Monitor Sniffer 3.zip
C:\Users\daniel\AppData\Roaming\m\shared\Yellowpipe Lynx Viewer Tool 1.2.1.zip
C:\Users\daniel\AppData\Roaming\m\shared\Zoner GIF Animator 5 [Key].zip
C:\Users\daniel\AppData\Roaming\m\shared\Zuma Deluxe.zip
C:\Users\daniel\AppData\Roaming\m\srvlist.oct
C:\Windows\system32\drivers\down
C:\Windows\system32\drivers\down\122429.exe
C:\Windows\system32\drivers\down\133427.exe
C:\Windows\system32\drivers\down\136142.exe
C:\Windows\system32\drivers\down\141820.exe
C:\Windows\system32\drivers\down\145892.exe
C:\Windows\system32\drivers\down\14745635.exe
C:\Windows\system32\drivers\down\14746228.exe
C:\Windows\system32\drivers\down\14748225.exe
C:\Windows\system32\drivers\down\14748989.exe
C:\Windows\system32\drivers\down\14753934.exe
C:\Windows\system32\drivers\down\14765697.exe
C:\Windows\system32\drivers\down\14766196.exe
C:\Windows\system32\drivers\down\14769347.exe
C:\Windows\system32\drivers\down\14770159.exe
C:\Windows\system32\drivers\down\14775104.exe
C:\Windows\system32\drivers\down\14775572.exe
C:\Windows\system32\drivers\down\14777147.exe
C:\Windows\system32\drivers\down\14784838.exe
C:\Windows\system32\drivers\down\14787053.exe
C:\Windows\system32\drivers\down\14793512.exe
C:\Windows\system32\drivers\down\14795852.exe
C:\Windows\system32\drivers\down\14796382.exe
C:\Windows\system32\drivers\down\14803980.exe
C:\Windows\system32\drivers\down\14804666.exe
C:\Windows\system32\drivers\down\14806990.exe
C:\Windows\system32\drivers\down\14808036.exe
C:\Windows\system32\drivers\down\14811577.exe
C:\Windows\system32\drivers\down\14814603.exe
C:\Windows\system32\drivers\down\14814946.exe
C:\Windows\system32\drivers\down\14819470.exe
C:\Windows\system32\drivers\down\14821186.exe
C:\Windows\system32\drivers\down\14821561.exe
C:\Windows\system32\drivers\down\14825523.exe
C:\Windows\system32\drivers\down\14830079.exe
C:\Windows\system32\drivers\down\14836537.exe
C:\Windows\system32\drivers\down\14837785.exe
C:\Windows\system32\drivers\down\14838471.exe
C:\Windows\system32\drivers\down\14842122.exe
C:\Windows\system32\drivers\down\14844571.exe
C:\Windows\system32\drivers\down\14847488.exe
C:\Windows\system32\drivers\down\14854774.exe
C:\Windows\system32\drivers\down\14870015.exe
C:\Windows\system32\drivers\down\14872932.exe
C:\Windows\system32\drivers\down\14882167.exe
C:\Windows\system32\drivers\down\14886161.exe
C:\Windows\system32\drivers\down\14888766.exe
C:\Windows\system32\drivers\down\14900685.exe
C:\Windows\system32\drivers\down\14904975.exe
C:\Windows\system32\drivers\down\14907549.exe
C:\Windows\system32\drivers\down\14909015.exe
C:\Windows\system32\drivers\down\14912197.exe
C:\Windows\system32\drivers\down\14920122.exe
C:\Windows\system32\drivers\down\14922696.exe
C:\Windows\system32\drivers\down\14922774.exe
C:\Windows\system32\drivers\down\14923835.exe
C:\Windows\system32\drivers\down\14930808.exe
C:\Windows\system32\drivers\down\14932914.exe
C:\Windows\system32\drivers\down\14933304.exe
C:\Windows\system32\drivers\down\14937438.exe
C:\Windows\system32\drivers\down\14938515.exe
C:\Windows\system32\drivers\down\14943039.exe
C:\Windows\system32\drivers\down\14944084.exe
C:\Windows\system32\drivers\down\14947110.exe
C:\Windows\system32\drivers\down\14951401.exe
C:\Windows\system32\drivers\down\14953647.exe
C:\Windows\system32\drivers\down\14956767.exe
C:\Windows\system32\drivers\down\14963319.exe
C:\Windows\system32\drivers\down\14964926.exe
C:\Windows\system32\drivers\down\14974348.exe
C:\Windows\system32\drivers\down\14976532.exe
C:\Windows\system32\drivers\down\14979637.exe
C:\Windows\system32\drivers\down\14982148.exe
C:\Windows\system32\drivers\down\14985315.exe
C:\Windows\system32\drivers\down\14990058.exe
C:\Windows\system32\drivers\down\14993224.exe
C:\Windows\system32\drivers\down\15011991.exe
C:\Windows\system32\drivers\down\15016437.exe
C:\Windows\system32\drivers\down\15017982.exe
C:\Windows\system32\drivers\down\15021414.exe
C:\Windows\system32\drivers\down\15025517.exe
C:\Windows\system32\drivers\down\15034003.exe
C:\Windows\system32\drivers\down\15082410.exe
C:\Windows\system32\drivers\down\15086685.exe
C:\Windows\system32\drivers\down\15088869.exe
C:\Windows\system32\drivers\down\152256.exe
C:\Windows\system32\drivers\down\15295835.exe
C:\Windows\system32\drivers\down\15296334.exe
C:\Windows\system32\drivers\down\15311732.exe
C:\Windows\system32\drivers\down\15318876.exe
C:\Windows\system32\drivers\down\15319656.exe
C:\Windows\system32\drivers\down\15341777.exe
C:\Windows\system32\drivers\down\15347705.exe
C:\Windows\system32\drivers\down\15349718.exe
C:\Windows\system32\drivers\down\15361356.exe
C:\Windows\system32\drivers\down\15364647.exe
C:\Windows\system32\drivers\down\15393008.exe
C:\Windows\system32\drivers\down\15397501.exe
C:\Windows\system32\drivers\down\15397860.exe
C:\Windows\system32\drivers\down\15398265.exe
C:\Windows\system32\drivers\down\15398515.exe
C:\Windows\system32\drivers\down\15399108.exe
C:\Windows\system32\drivers\down\15401370.exe
C:\Windows\system32\drivers\down\15408515.exe
C:\Windows\system32\drivers\down\15412040.exe
C:\Windows\system32\drivers\down\15413148.exe
C:\Windows\system32\drivers\down\15419232.exe
C:\Windows\system32\drivers\down\15421260.exe
C:\Windows\system32\drivers\down\15435128.exe
C:\Windows\system32\drivers\down\15439793.exe
C:\Windows\system32\drivers\down\15442585.exe
C:\Windows\system32\drivers\down\15445643.exe
C:\Windows\system32\drivers\down\15452367.exe
C:\Windows\system32\drivers\down\15454878.exe
C:\Windows\system32\drivers\down\15457468.exe
C:\Windows\system32\drivers\down\15460213.exe
C:\Windows\system32\drivers\down\15491538.exe
C:\Windows\system32\drivers\down\15496702.exe
C:\Windows\system32\drivers\down\15501756.exe
C:\Windows\system32\drivers\down\15502817.exe
C:\Windows\system32\drivers\down\15505547.exe
C:\Windows\system32\drivers\down\15513067.exe
C:\Windows\system32\drivers\down\15540413.exe
C:\Windows\system32\drivers\down\15544672.exe
C:\Windows\system32\drivers\down\15546903.exe
C:\Windows\system32\drivers\down\158637.exe
C:\Windows\system32\drivers\down\159651.exe
C:\Windows\system32\drivers\down\166468.exe
C:\Windows\system32\drivers\down\191460.exe
C:\Windows\system32\drivers\down\193191.exe
C:\Windows\system32\drivers\down\198480.exe
C:\Windows\system32\drivers\down\204080.exe
C:\Windows\system32\drivers\down\205890.exe
C:\Windows\system32\drivers\down\207465.exe
C:\Windows\system32\drivers\down\207730.exe
C:\Windows\system32\drivers\down\208152.exe
C:\Windows\system32\drivers\down\209228.exe
C:\Windows\system32\drivers\down\209509.exe
C:\Windows\system32\drivers\down\209587.exe
C:\Windows\system32\drivers\down\209868.exe
C:\Windows\system32\drivers\down\210570.exe
C:\Windows\system32\drivers\down\212067.exe
C:\Windows\system32\drivers\down\213440.exe
C:\Windows\system32\drivers\down\214797.exe
C:\Windows\system32\drivers\down\216622.exe
C:\Windows\system32\drivers\down\220476.exe
C:\Windows\system32\drivers\down\220507.exe
C:\Windows\system32\drivers\down\221193.exe
C:\Windows\system32\drivers\down\224719.exe
C:\Windows\system32\drivers\down\226014.exe
C:\Windows\system32\drivers\down\227355.exe
C:\Windows\system32\drivers\down\230101.exe
C:\Windows\system32\drivers\down\233471.exe
C:\Windows\system32\drivers\down\233642.exe
C:\Windows\system32\drivers\down\236544.exe
C:\Windows\system32\drivers\down\238322.exe
C:\Windows\system32\drivers\down\240725.exe
C:\Windows\system32\drivers\down\245795.exe
C:\Windows\system32\drivers\down\248057.exe
C:\Windows\system32\drivers\down\248259.exe
C:\Windows\system32\drivers\down\249929.exe
C:\Windows\system32\drivers\down\250475.exe
C:\Windows\system32\drivers\down\251099.exe
C:\Windows\system32\drivers\down\252362.exe
C:\Windows\system32\drivers\down\252659.exe
C:\Windows\system32\drivers\down\254219.exe
C:\Windows\system32\drivers\down\254687.exe
C:\Windows\system32\drivers\down\257994.exe
C:\Windows\system32\drivers\down\259273.exe
C:\Windows\system32\drivers\down\261785.exe
C:\Windows\system32\drivers\down\266153.exe
C:\Windows\system32\drivers\down\267760.exe
C:\Windows\system32\drivers\down\270271.exe
C:\Windows\system32\drivers\down\272564.exe
C:\Windows\system32\drivers\down\272861.exe
C:\Windows\system32\drivers\down\274218.exe
C:\Windows\system32\drivers\down\274702.exe
C:\Windows\system32\drivers\down\276932.exe
C:\Windows\system32\drivers\down\278711.exe
C:\Windows\system32\drivers\down\278851.exe
C:\Windows\system32\drivers\down\279943.exe
C:\Windows\system32\drivers\down\280193.exe
C:\Windows\system32\drivers\down\281784.exe
C:\Windows\system32\drivers\down\283672.exe
C:\Windows\system32\drivers\down\285981.exe
C:\Windows\system32\drivers\down\286215.exe
C:\Windows\system32\drivers\down\287759.exe
C:\Windows\system32\drivers\down\288321.exe
C:\Windows\system32\drivers\down\289054.exe
C:\Windows\system32\drivers\down\290645.exe
C:\Windows\system32\drivers\down\291628.exe
C:\Windows\system32\drivers\down\292595.exe
C:\Windows\system32\drivers\down\29300825.exe
C:\Windows\system32\drivers\down\29303633.exe
C:\Windows\system32\drivers\down\29304429.exe
C:\Windows\system32\drivers\down\29306862.exe
C:\Windows\system32\drivers\down\29311573.exe
C:\Windows\system32\drivers\down\29356361.exe
C:\Windows\system32\drivers\down\29357984.exe
C:\Windows\system32\drivers\down\29364676.exe
C:\Windows\system32\drivers\down\29366002.exe
C:\Windows\system32\drivers\down\29366501.exe
C:\Windows\system32\drivers\down\29366923.exe
C:\Windows\system32\drivers\down\29369575.exe
C:\Windows\system32\drivers\down\29372258.exe
C:\Windows\system32\drivers\down\293812.exe
C:\Windows\system32\drivers\down\29384972.exe
C:\Windows\system32\drivers\down\29385830.exe
C:\Windows\system32\drivers\down\29386157.exe
C:\Windows\system32\drivers\down\29390869.exe
C:\Windows\system32\drivers\down\29391539.exe
C:\Windows\system32\drivers\down\29391664.exe
C:\Windows\system32\drivers\down\29392054.exe
C:\Windows\system32\drivers\down\29395221.exe
C:\Windows\system32\drivers\down\29407155.exe
C:\Windows\system32\drivers\down\29408965.exe
C:\Windows\system32\drivers\down\29409495.exe
C:\Windows\system32\drivers\down\29410837.exe
C:\Windows\system32\drivers\down\29411648.exe
C:\Windows\system32\drivers\down\29411773.exe
C:\Windows\system32\drivers\down\29413302.exe
C:\Windows\system32\drivers\down\29418325.exe
C:\Windows\system32\drivers\down\29418684.exe
C:\Windows\system32\drivers\down\294280.exe
C:\Windows\system32\drivers\down\29434097.exe
C:\Windows\system32\drivers\down\29438355.exe
C:\Windows\system32\drivers\down\29439042.exe
C:\Windows\system32\drivers\down\29440134.exe
C:\Windows\system32\drivers\down\29440571.exe
C:\Windows\system32\drivers\down\29443566.exe
C:\Windows\system32\drivers\down\29446233.exe
C:\Windows\system32\drivers\down\29446421.exe
C:\Windows\system32\drivers\down\29448636.exe
C:\Windows\system32\drivers\down\29451366.exe
C:\Windows\system32\drivers\down\29453721.exe
C:\Windows\system32\drivers\down\29456951.exe
C:\Windows\system32\drivers\down\29458604.exe
C:\Windows\system32\drivers\down\29459494.exe
C:\Windows\system32\drivers\down\29459868.exe
C:\Windows\system32\drivers\down\29463097.exe
C:\Windows\system32\drivers\down\29470414.exe
C:\Windows\system32\drivers\down\29497355.exe
C:\Windows\system32\drivers\down\29499352.exe
C:\Windows\system32\drivers\down\29500179.exe
C:\Windows\system32\drivers\down\29501614.exe
C:\Windows\system32\drivers\down\29503611.exe
C:\Windows\system32\drivers\down\29509133.exe
C:\Windows\system32\drivers\down\29513002.exe
C:\Windows\system32\drivers\down\29513953.exe
C:\Windows\system32\drivers\down\29514281.exe
C:\Windows\system32\drivers\down\29516886.exe
C:\Windows\system32\drivers\down\29517245.exe
C:\Windows\system32\drivers\down\29520006.exe
C:\Windows\system32\drivers\down\29520568.exe
C:\Windows\system32\drivers\down\29528072.exe
C:\Windows\system32\drivers\down\29540598.exe
C:\Windows\system32\drivers\down\29542314.exe
C:\Windows\system32\drivers\down\29548102.exe
C:\Windows\system32\drivers\down\29550567.exe
C:\Windows\system32\drivers\down\29553391.exe
C:\Windows\system32\drivers\down\29555216.exe
C:\Windows\system32\drivers\down\29556089.exe
C:\Windows\system32\drivers\down\29559475.exe
C:\Windows\system32\drivers\down\29561300.exe
C:\Windows\system32\drivers\down\29566713.exe
C:\Windows\system32\drivers\down\29573499.exe
C:\Windows\system32\drivers\down\29574326.exe
C:\Windows\system32\drivers\down\29574763.exe
C:\Windows\system32\drivers\down\29577789.exe
C:\Windows\system32\drivers\down\29585152.exe
C:\Windows\system32\drivers\down\29612749.exe
C:\Windows\system32\drivers\down\29617569.exe
C:\Windows\system32\drivers\down\29619551.exe
C:\Windows\system32\drivers\down\296589.exe
C:\Windows\system32\drivers\down\297306.exe
C:\Windows\system32\drivers\down\298102.exe
C:\Windows\system32\drivers\down\29970475.exe
C:\Windows\system32\drivers\down\29971224.exe
C:\Windows\system32\drivers\down\29995653.exe
C:\Windows\system32\drivers\down\29996480.exe
C:\Windows\system32\drivers\down\30011316.exe
C:\Windows\system32\drivers\down\30032626.exe
C:\Windows\system32\drivers\down\30041658.exe
C:\Windows\system32\drivers\down\30043670.exe
C:\Windows\system32\drivers\down\30047243.exe
C:\Windows\system32\drivers\down\30049942.exe
C:\Windows\system32\drivers\down\30060612.exe
C:\Windows\system32\drivers\down\30064996.exe
C:\Windows\system32\drivers\down\30067039.exe
C:\Windows\system32\drivers\down\30073342.exe
C:\Windows\system32\drivers\down\30075697.exe
C:\Windows\system32\drivers\down\30084137.exe
C:\Windows\system32\drivers\down\301050.exe
C:\Windows\system32\drivers\down\30112576.exe
C:\Windows\system32\drivers\down\30117833.exe
C:\Windows\system32\drivers\down\30119503.exe
C:\Windows\system32\drivers\down\304357.exe
C:\Windows\system32\drivers\down\305200.exe
C:\Windows\system32\drivers\down\307696.exe
C:\Windows\system32\drivers\down\312126.exe
C:\Windows\system32\drivers\down\313874.exe
C:\Windows\system32\drivers\down\317321.exe
C:\Windows\system32\drivers\down\318944.exe
C:\Windows\system32\drivers\down\322953.exe
C:\Windows\system32\drivers\down\323249.exe
C:\Windows\system32\drivers\down\323717.exe
C:\Windows\system32\drivers\down\324294.exe
C:\Windows\system32\drivers\down\324528.exe
C:\Windows\system32\drivers\down\325137.exe
C:\Windows\system32\drivers\down\327695.exe
C:\Windows\system32\drivers\down\328678.exe
C:\Windows\system32\drivers\down\329536.exe
C:\Windows\system32\drivers\down\330456.exe
C:\Windows\system32\drivers\down\331829.exe
C:\Windows\system32\drivers\down\333452.exe
C:\Windows\system32\drivers\down\337086.exe
C:\Windows\system32\drivers\down\339021.exe
C:\Windows\system32\drivers\down\339099.exe
C:\Windows\system32\drivers\down\339239.exe
C:\Windows\system32\drivers\down\339723.exe
C:\Windows\system32\drivers\down\339832.exe
C:\Windows\system32\drivers\down\344107.exe
C:\Windows\system32\drivers\down\344902.exe
C:\Windows\system32\drivers\down\346899.exe
C:\Windows\system32\drivers\down\356961.exe
C:\Windows\system32\drivers\down\366820.exe
C:\Windows\system32\drivers\down\368318.exe
C:\Windows\system32\drivers\down\368583.exe
C:\Windows\system32\drivers\down\370315.exe
C:\Windows\system32\drivers\down\371375.exe
C:\Windows\system32\drivers\down\372655.exe
C:\Windows\system32\drivers\down\373559.exe
C:\Windows\system32\drivers\down\375385.exe
C:\Windows\system32\drivers\down\375400.exe
C:\Windows\system32\drivers\down\402373.exe
C:\Windows\system32\drivers\down\405446.exe
C:\Windows\system32\drivers\down\418472.exe
C:\Windows\system32\drivers\down\422856.exe
C:\Windows\system32\drivers\down\424073.exe
C:\Windows\system32\drivers\down\424743.exe
C:\Windows\system32\drivers\down\429018.exe
C:\Windows\system32\drivers\down\43851709.exe
C:\Windows\system32\drivers\down\43852629.exe
C:\Windows\system32\drivers\down\43867543.exe
C:\Windows\system32\drivers\down\43869368.exe
C:\Windows\system32\drivers\down\43875624.exe
C:\Windows\system32\drivers\down\43896200.exe
C:\Windows\system32\drivers\down\43897979.exe
C:\Windows\system32\drivers\down\43903439.exe
C:\Windows\system32\drivers\down\43905919.exe
C:\Windows\system32\drivers\down\43909180.exe
C:\Windows\system32\drivers\down\43914921.exe
C:\Windows\system32\drivers\down\43915170.exe
C:\Windows\system32\drivers\down\43915810.exe
C:\Windows\system32\drivers\down\43932517.exe
C:\Windows\system32\drivers\down\43932767.exe
C:\Windows\system32\drivers\down\43934218.exe
C:\Windows\system32\drivers\down\43936761.exe
C:\Windows\system32\drivers\down\43938024.exe
C:\Windows\system32\drivers\down\43938570.exe
C:\Windows\system32\drivers\down\43939304.exe
C:\Windows\system32\drivers\down\43941316.exe
C:\Windows\system32\drivers\down\43949100.exe
C:\Windows\system32\drivers\down\43959053.exe
C:\Windows\system32\drivers\down\43960535.exe
C:\Windows\system32\drivers\down\43966697.exe
C:\Windows\system32\drivers\down\43975745.exe
C:\Windows\system32\drivers\down\43980644.exe
C:\Windows\system32\drivers\down\43980940.exe
C:\Windows\system32\drivers\down\43982344.exe
C:\Windows\system32\drivers\down\43983577.exe
C:\Windows\system32\drivers\down\43985215.exe
C:\Windows\system32\drivers\down\43992125.exe
C:\Windows\system32\drivers\down\43992905.exe
C:\Windows\system32\drivers\down\43996181.exe
C:\Windows\system32\drivers\down\44006400.exe
C:\Windows\system32\drivers\down\44010846.exe
C:\Windows\system32\drivers\down\44012952.exe
C:\Windows\system32\drivers\down\44013498.exe
C:\Windows\system32\drivers\down\44013607.exe
C:\Windows\system32\drivers\down\44015463.exe
C:\Windows\system32\drivers\down\44016212.exe
C:\Windows\system32\drivers\down\44020268.exe
C:\Windows\system32\drivers\down\44022717.exe
C:\Windows\system32\drivers\down\44024184.exe
C:\Windows\system32\drivers\down\44025307.exe
C:\Windows\system32\drivers\down\44028583.exe
C:\Windows\system32\drivers\down\44038692.exe
C:\Windows\system32\drivers\down\44039831.exe
C:\Windows\system32\drivers\down\44051702.exe
C:\Windows\system32\drivers\down\44052545.exe
C:\Windows\system32\drivers\down\44054261.exe
C:\Windows\system32\drivers\down\44056320.exe
C:\Windows\system32\drivers\down\44058098.exe
C:\Windows\system32\drivers\down\44061905.exe
C:\Windows\system32\drivers\down\44081436.exe
C:\Windows\system32\drivers\down\44083417.exe
C:\Windows\system32\drivers\down\44090110.exe
C:\Windows\system32\drivers\down\44093230.exe
C:\Windows\system32\drivers\down\44096397.exe
C:\Windows\system32\drivers\down\44100047.exe
C:\Windows\system32\drivers\down\44106630.exe
C:\Windows\system32\drivers\down\44111263.exe
C:\Windows\system32\drivers\down\44112199.exe
C:\Windows\system32\drivers\down\44112808.exe
C:\Windows\system32\drivers\down\44114025.exe
C:\Windows\system32\drivers\down\44115585.exe
C:\Windows\system32\drivers\down\44118424.exe
C:\Windows\system32\drivers\down\44119329.exe
C:\Windows\system32\drivers\down\44119890.exe
C:\Windows\system32\drivers\down\44122651.exe
C:\Windows\system32\drivers\down\44123463.exe
C:\Windows\system32\drivers\down\44132324.exe
C:\Windows\system32\drivers\down\44150279.exe
C:\Windows\system32\drivers\down\44155318.exe
C:\Windows\system32\drivers\down\44157190.exe
C:\Windows\system32\drivers\down\44162307.exe
C:\Windows\system32\drivers\down\44168797.exe
C:\Windows\system32\drivers\down\44170481.exe
C:\Windows\system32\drivers\down\44545804.exe
C:\Windows\system32\drivers\down\44550890.exe
C:\Windows\system32\drivers\down\44580873.exe
C:\Windows\system32\drivers\down\44602292.exe
C:\Windows\system32\drivers\down\44607393.exe
C:\Windows\system32\drivers\down\44610170.exe
C:\Windows\system32\drivers\down\44612931.exe
C:\Windows\system32\drivers\down\44616426.exe
C:\Windows\system32\drivers\down\44623727.exe
C:\Windows\system32\drivers\down\44627564.exe
C:\Windows\system32\drivers\down\44628407.exe
C:\Windows\system32\drivers\down\44629062.exe
C:\Windows\system32\drivers\down\44632744.exe
C:\Windows\system32\drivers\down\44643679.exe
C:\Windows\system32\drivers\down\44670714.exe
C:\Windows\system32\drivers\down\44677391.exe
C:\Windows\system32\drivers\down\44678577.exe
C:\Windows\system32\drivers\down\448690.exe
C:\Windows\system32\drivers\down\475241.exe
C:\Windows\system32\drivers\down\485787.exe
C:\Windows\system32\drivers\down\488345.exe
C:\Windows\system32\drivers\down\58470360.exe
C:\Windows\system32\drivers\down\58471046.exe
C:\Windows\system32\drivers\down\58485461.exe
C:\Windows\system32\drivers\down\58486381.exe
C:\Windows\system32\drivers\down\58492169.exe
C:\Windows\system32\drivers\down\58516645.exe
C:\Windows\system32\drivers\down\58518502.exe
C:\Windows\system32\drivers\down\58524664.exe
C:\Windows\system32\drivers\down\58550061.exe
C:\Windows\system32\drivers\down\58552838.exe
C:\Windows\system32\drivers\down\58579280.exe
C:\Windows\system32\drivers\down\58581698.exe
C:\Windows\system32\drivers\down\58582649.exe
C:\Windows\system32\drivers\down\58583024.exe
C:\Windows\system32\drivers\down\58588094.exe
C:\Windows\system32\drivers\down\58590325.exe
C:\Windows\system32\drivers\down\58590746.exe
C:\Windows\system32\drivers\down\58591401.exe
C:\Windows\system32\drivers\down\58594240.exe
C:\Windows\system32\drivers\down\58602368.exe
C:\Windows\system32\drivers\down\58611307.exe
C:\Windows\system32\drivers\down\58613226.exe
C:\Windows\system32\drivers\down\58618717.exe
C:\Windows\system32\drivers\down\58621369.exe
C:\Windows\system32\drivers\down\58624239.exe
C:\Windows\system32\drivers\down\58626751.exe
C:\Windows\system32\drivers\down\58629044.exe
C:\Windows\system32\drivers\down\58635580.exe
C:\Windows\system32\drivers\down\58635736.exe
C:\Windows\system32\drivers\down\58637437.exe
C:\Windows\system32\drivers\down\58639761.exe
C:\Windows\system32\drivers\down\58642257.exe
C:\Windows\system32\drivers\down\58642647.exe
C:\Windows\system32\drivers\down\58645549.exe
C:\Windows\system32\drivers\down\58653739.exe
C:\Windows\system32\drivers\down\58680556.exe
C:\Windows\system32\drivers\down\58684986.exe
C:\Windows\system32\drivers\down\58686952.exe
C:\Windows\system32\drivers\down\59098092.exe
C:\Windows\system32\drivers\down\59099059.exe
C:\Windows\system32\drivers\down\59111540.exe
C:\Windows\system32\drivers\down\59116594.exe
C:\Windows\system32\drivers\down\59123271.exe
C:\Windows\system32\drivers\down\59124066.exe
C:\Windows\system32\drivers\down\59146343.exe
C:\Windows\system32\drivers\down\59150883.exe
C:\Windows\system32\drivers\down\59153270.exe
C:\Windows\system32\drivers\down\59156515.exe
C:\Windows\system32\drivers\down\59159307.exe
C:\Windows\system32\drivers\down\59167216.exe
C:\Windows\system32\drivers\down\59176202.exe
C:\Windows\system32\drivers\down\59177918.exe
C:\Windows\system32\drivers\down\59178308.exe
C:\Windows\system32\drivers\down\59180757.exe
C:\Windows\system32\drivers\down\59188198.exe
C:\Windows\system32\drivers\down\59215467.exe
C:\Windows\system32\drivers\down\59220054.exe
C:\Windows\system32\drivers\down\59221349.exe
C:\Windows\system32\drivers\down\727385.exe
C:\Windows\system32\drivers\down\73101834.exe
C:\Windows\system32\drivers\down\73102567.exe
C:\Windows\system32\drivers\down\73116779.exe
C:\Windows\system32\drivers\down\73118027.exe
C:\Windows\system32\drivers\down\73123846.exe
C:\Windows\system32\drivers\down\73145545.exe
C:\Windows\system32\drivers\down\73147261.exe
C:\Windows\system32\drivers\down\73154734.exe
C:\Windows\system32\drivers\down\73157589.exe
C:\Windows\system32\drivers\down\73164110.exe
C:\Windows\system32\drivers\down\73173158.exe
C:\Windows\system32\drivers\down\73190708.exe
C:\Windows\system32\drivers\down\73194842.exe
C:\Windows\system32\drivers\down\73198570.exe
C:\Windows\system32\drivers\down\73198976.exe
C:\Windows\system32\drivers\down\73201690.exe
C:\Windows\system32\drivers\down\73209865.exe
C:\Windows\system32\drivers\down\73237570.exe
C:\Windows\system32\drivers\down\73242297.exe
C:\Windows\system32\drivers\down\73244154.exe
C:\Windows\system32\drivers\down\73646824.exe
C:\Windows\system32\drivers\down\73648898.exe
C:\Windows\system32\drivers\down\73654390.exe
C:\Windows\system32\drivers\down\73656964.exe
C:\Windows\system32\drivers\down\73662127.exe
C:\Windows\system32\drivers\down\73663016.exe
C:\Windows\system32\drivers\down\73743544.exe
C:\Windows\system32\drivers\down\73749004.exe
C:\Windows\system32\drivers\down\73751079.exe
C:\Windows\system32\drivers\down\73754230.exe
C:\Windows\system32\drivers\down\73756757.exe
C:\Windows\system32\drivers\down\73780735.exe
C:\Windows\system32\drivers\down\73784588.exe
C:\Windows\system32\drivers\down\73785930.exe
C:\Windows\system32\drivers\down\73792435.exe
C:\Windows\system32\drivers\down\73795508.exe
C:\Windows\system32\drivers\down\73802778.exe
C:\Windows\system32\drivers\down\73829735.exe
C:\Windows\system32\drivers\down\73834228.exe
C:\Windows\system32\drivers\down\73835382.exe
C:\Windows\system32\drivers\down\75145.exe
C:\Windows\system32\drivers\down\760489.exe
C:\Windows\system32\drivers\down\786026668.exe
C:\Windows\system32\drivers\down\786027526.exe
C:\Windows\system32\drivers\down\786038743.exe
C:\Windows\system32\drivers\down\786040287.exe
C:\Windows\system32\drivers\down\786048446.exe
C:\Windows\system32\drivers\down\786073547.exe
C:\Windows\system32\drivers\down\786077337.exe
C:\Windows\system32\drivers\down\786082751.exe
C:\Windows\system32\drivers\down\786085637.exe
C:\Windows\system32\drivers\down\786095699.exe
C:\Windows\system32\drivers\down\786098725.exe
C:\Windows\system32\drivers\down\786133155.exe
C:\Windows\system32\drivers\down\786138178.exe
C:\Windows\system32\drivers\down\786140190.exe
C:\Windows\system32\drivers\down\786140908.exe
C:\Windows\system32\drivers\down\786144901.exe
C:\Windows\system32\drivers\down\790347.exe
C:\Windows\system32\drivers\down\794450.exe
C:\Windows\system32\drivers\down\797804.exe
C:\Windows\system32\drivers\down\801657.exe
C:\Windows\system32\drivers\down\81650.exe
C:\Windows\system32\drivers\down\818256.exe
C:\Windows\system32\drivers\down\826508.exe
C:\Windows\system32\drivers\down\827928.exe
C:\Windows\system32\drivers\down\829394.exe
C:\Windows\system32\drivers\down\833809.exe
C:\Windows\system32\drivers\down\841921.exe
C:\Windows\system32\drivers\down\84474.exe
C:\Windows\system32\drivers\down\87662203.exe
C:\Windows\system32\drivers\down\87674262.exe
C:\Windows\system32\drivers\down\87676992.exe
C:\Windows\system32\drivers\down\87695962.exe
C:\Windows\system32\drivers\down\87746974.exe
C:\Windows\system32\drivers\down\87750702.exe
C:\Windows\system32\drivers\down\87763214.exe
C:\Windows\system32\drivers\down\87769064.exe
C:\Windows\system32\drivers\down\87780686.exe
C:\Windows\system32\drivers\down\87797191.exe
C:\Windows\system32\drivers\down\87819171.exe
C:\Windows\system32\drivers\down\87826831.exe
C:\Windows\system32\drivers\down\87832119.exe
C:\Windows\system32\drivers\down\87837501.exe
C:\Windows\system32\drivers\down\87842712.exe
C:\Windows\system32\drivers\down\87869684.exe
C:\Windows\system32\drivers\down\878816.exe
C:\Windows\system32\drivers\down\87902975.exe
C:\Windows\system32\drivers\down\87909605.exe
C:\Windows\system32\drivers\down\87912741.exe
C:\Windows\system32\drivers\down\88254086.exe
C:\Windows\system32\drivers\down\88255069.exe
C:\Windows\system32\drivers\down\88276207.exe
C:\Windows\system32\drivers\down\88279218.exe
C:\Windows\system32\drivers\down\88284241.exe
C:\Windows\system32\drivers\down\88285162.exe
C:\Windows\system32\drivers\down\88308671.exe
C:\Windows\system32\drivers\down\88312.exe
C:\Windows\system32\drivers\down\88319856.exe
C:\Windows\system32\drivers\down\883449.exe
C:\Windows\system32\drivers\down\88345675.exe
C:\Windows\system32\drivers\down\88348841.exe
C:\Windows\system32\drivers\down\88365034.exe
C:\Windows\system32\drivers\down\88368107.exe
C:\Windows\system32\drivers\down\88368950.exe
C:\Windows\system32\drivers\down\88375705.exe
C:\Windows\system32\drivers\down\88380120.exe
C:\Windows\system32\drivers\down\88390260.exe
C:\Windows\system32\drivers\down\88417591.exe
C:\Windows\system32\drivers\down\88422380.exe
C:\Windows\system32\drivers\down\88423878.exe
C:\Windows\system32\drivers\down\884478.exe
C:\Windows\system32\drivers\down\89014.exe
C:\Windows\system32\drivers\down\937628.exe
C:\Windows\system32\drivers\down\945834.exe
C:\Windows\system32\drivers\down\954492.exe
C:\Windows\system32\drivers\down\96049.exe

.
(((((((((((((((((((((((((((((   Fichiers créés 2008-03-04 to 2008-04-04  ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 22:31	---------	d-----w	C:\Program Files\Packard Bell Data Secure
2008-04-04 11:03	---------	d-----w	C:\Program Files\Trend Micro
2008-04-03 08:33	---------	d-----w	C:\PROGRA~2\Playrix Entertainment
2008-04-02 20:14	---------	d-----w	C:\PROGRA~2\Gogii
2008-04-02 20:02	---------	d-----w	C:\Program Files\Google
2008-04-02 19:50	---------	d-----w	C:\Program Files\iWin
2008-04-02 19:50	---------	d-----w	C:\Program Files\Around the World in 80 Days
2008-04-02 16:41	---------	d-----w	C:\PROGRA~2\Avira
2008-04-01 15:55	---------	d-----w	C:\Program Files\Navilog1
2008-03-31 14:23	---------	d-----w	C:\Program Files\Beach Volleyball
2008-03-31 13:34	---------	d-----w	C:\PROGRA~2\Trymedia
2008-03-31 13:34	---------	d-----w	C:\PROGRA~2\Arcade Lab
2008-03-31 09:40	---------	d-----w	C:\PROGRA~2\Zylom
2008-03-30 13:18	---------	d-----w	C:\Users\daniel\AppData\Roaming\fretsonfire
2008-03-30 12:45	---------	d-----w	C:\Users\daniel\AppData\Roaming\EoRezo
2008-03-30 12:17	---------	d-----w	C:\Users\daniel\AppData\Roaming\ItsLabel
2008-03-30 11:47	---------	d-----w	C:\Users\daniel\AppData\Roaming\GetRightToGo
2008-03-30 08:41	74,752	----a-w	C:\Windows\ST6UNST.EXE
2008-03-30 08:41	290,816	------w	C:\Windows\Setup1.exe
2008-03-29 17:50	---------	d-----w	C:\PROGRA~2\RapidSolution
2008-03-28 15:30	---------	d-----w	C:\Program Files\Lx_cats
2008-03-28 12:20	---------	d-----w	C:\Program Files\Messenger Plus! Live
2008-03-25 15:58	---------	d-----w	C:\PROGRA~2\BOONTY
2008-03-18 18:57	---------	d-----w	C:\Program Files\SecondLife
2008-03-18 18:56	---------	d-----w	C:\Users\daniel\AppData\Roaming\SecondLife
2008-03-18 13:57	---------	d-----w	C:\Users\daniel\AppData\Roaming\Todae
2008-03-16 20:28	---------	d-----w	C:\Users\daniel\AppData\Roaming\PlayFirst
2008-03-16 20:28	---------	d-----w	C:\PROGRA~2\PlayFirst
2008-03-16 20:27	---------	d-----w	C:\Program Files\Common Files\BOONTY Shared
2008-03-16 08:19	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-03-13 22:02	---------	d-----w	C:\Program Files\a-squared Free
2008-03-13 11:09	---------	d-----w	C:\Program Files\Windows Mail
2008-03-12 14:18	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2008-03-11 17:39	---------	d-----w	C:\PROGRA~2\Lavasoft
2008-03-11 17:38	---------	d-----w	C:\Program Files\Lavasoft
2008-03-11 17:08	174	--sha-w	C:\Program Files\desktop.ini
2008-03-11 15:14	---------	d-----w	C:\PROGRA~2\Kaspersky Lab Setup Files
2008-03-10 21:42	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-03-10 21:31	---------	d-----w	C:\Program Files\splus
2008-03-10 12:57	---------	d-----w	C:\Program Files\Windows Sidebar
2008-03-10 12:50	194,560	----a-w	C:\Windows\System32\WebClnt.dll
2008-03-10 12:50	110,080	----a-w	C:\Windows\system32\drivers\mrxdav.sys
2008-03-10 12:45	803,328	----a-w	C:\Windows\system32\drivers\tcpip.sys
2008-03-10 12:45	537,600	----a-w	C:\Windows\AppPatch\AcLayers.dll
2008-03-10 12:45	449,536	----a-w	C:\Windows\AppPatch\AcSpecfc.dll
2008-03-10 12:45	4,247,552	----a-w	C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-10 12:45	24,064	----a-w	C:\Windows\System32\netcfg.exe
2008-03-10 12:45	22,016	----a-w	C:\Windows\System32\netiougc.exe
2008-03-10 12:45	216,632	----a-w	C:\Windows\system32\drivers\netio.sys
2008-03-10 12:45	2,144,256	----a-w	C:\Windows\AppPatch\AcGenral.dll
2008-03-10 12:45	173,056	----a-w	C:\Windows\AppPatch\AcXtrnal.dll
2008-03-10 12:45	167,424	----a-w	C:\Windows\System32\tcpipcfg.dll
2008-03-10 12:45	1,686,528	----a-w	C:\Windows\System32\gameux.dll
2008-03-10 12:43	11,776	----a-w	C:\Windows\System32\sbunattend.exe
2008-03-10 12:41	824,832	----a-w	C:\Windows\System32\wininet.dll
2008-03-10 12:41	56,320	----a-w	C:\Windows\System32\iesetup.dll
2008-03-10 12:41	52,736	----a-w	C:\Windows\AppPatch\iebrshim.dll
2008-03-10 12:41	26,624	----a-w	C:\Windows\System32\ieUnatt.exe
2008-03-10 12:39	1,244,672	----a-w	C:\Windows\System32\mcmde.dll
2008-03-09 15:04	---------	d-----w	C:\Program Files\photoview3.0
2008-03-02 12:11	---------	d-----w	C:\Program Files\Common Files\Panda Software
2008-03-01 08:59	---------	d-----w	C:\PROGRA~2\Symantec
2008-02-29 20:30	---------	d-----w	C:\Program Files\Picasa2
2008-02-29 16:30	---------	d-----w	C:\Program Files\Windows Live Safety Center
2008-02-29 13:07	---------	d-----w	C:\Users\daniel\AppData\Roaming\Creative
2008-02-29 13:07	---------	d-----w	C:\PROGRA~2\Creative
2008-02-29 12:02	---------	dcsh--w	C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-29 12:00	---------	d-----w	C:\Program Files\Windows Live
2008-02-29 11:58	---------	d-----w	C:\PROGRA~2\WLInstaller
2008-02-29 11:13	---------	d-----w	C:\PROGRA~2\Messenger Plus!
2008-02-29 08:53	---------	d-----w	C:\Users\daniel\AppData\Roaming\Skype
2008-02-28 17:12	---------	d-----w	C:\Program Files\Creative
2008-02-28 17:10	---------	d-----w	C:\PROGRA~2\muvee Technologies
2008-02-28 17:09	---------	d-----w	C:\Program Files\SightSpeed
2008-02-14 08:27	45,112	----a-w	C:\Windows\system32\drivers\pciidex.sys
2008-02-14 08:27	21,560	----a-w	C:\Windows\system32\drivers\atapi.sys
2008-02-14 08:27	154,624	----a-w	C:\Windows\system32\drivers\nwifi.sys
2008-02-14 08:27	15,928	----a-w	C:\Windows\system32\drivers\pciide.sys
2008-02-14 08:27	109,624	----a-w	C:\Windows\system32\drivers\ataport.sys
2008-02-11 08:39	---------	d-----w	C:\PROGRA~2\DFX
2007-10-31 20:55	16,384	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-31 20:55	32,768	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-30 09:49	16,384	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
2007-12-30 09:49	32,768	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat
2007-12-30 09:49	16,384	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
2007-10-31 20:55	16,384	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-12-31 09:04	16,384	--sha-w	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-31 09:04	32,768	--sha-w	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-07 06:52	16,384	--sha-w	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
2007-11-07 06:52	32,768	--sha-w	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat
2007-11-07 06:52	16,384	--sha-w	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
2007-12-31 09:04	16,384	--sha-w	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-10 14:43 1232896]
"Philips Intelligent Agent"="NOT_IN_USE_DUMMY_PATH" []
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 15:01 155648]
"Packard Bell Data Secure"="C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe" [2006-06-20 15:15 2361856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 17:10 4468736 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-05-07 18:51 1826816 C:\Windows\SkyTel.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 21:25 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 21:25 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 21:25 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 11:40 232184]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-06-02 11:24 243200]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 21:44 65536]
"FixCamera"="C:\Windows\FixCamera.exe" [2007-02-12 15:50 20480]
"C:\Windows\system32\V0350Cvw.dll"="C:\Windows\system32\RegSvr32.exe" [2006-11-02 11:45 14336]
"V0350Mon.exe"="C:\Windows\V0350Mon.exe" [2007-06-04 19:02 32768]
"LXDDCATS"="\3\LXDDtime.dll" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"EoEngine"="" []
"EoWeather"="" []
"ItsTV"="C:\Program Files\Its Label\ItsTV\ItsTV.exe" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-02 20:43 1006264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.wmv3"= wmv9vcm.dll
"MSVideo8"= VfWWDM32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-433937116-2697689707-203461057-1002]
"EnableNotificationsRef"=dword:00000015

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{12C0A142-E744-4D53-AAE2-E71FFD6C6294}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{ECA029AD-387C-43B3-862E-53DD05AFBA8D}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{6DF13730-72C5-4E5D-9CD9-4B472AE4717E}"= UDP:C:\Windows\System32\lxddcoms.exe:2500 Series Server
"{59C277E6-A963-445C-8B03-5D14C3A31D01}"= TCP:C:\Windows\System32\lxddcoms.exe:2500 Series Server
"{E2722DA4-67F8-4583-80CF-F74016EFF5F1}"= Profile=Public|C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{EAAD3F1F-69F6-42DD-9B13-3F65FB938183}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{C4DB5AC5-73F1-4734-93FE-9815236220A7}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{46EAFFEC-7FA6-46ED-B1E6-7856BBB52BF1}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{FAA9BCDB-6DA5-4DB4-8769-633052971FF7}C:\program files\club-internet\assistance\updatehitachi\maj_hitachi.exe"= UDP:C:\program files\club-internet\assistance\updatehitachi\maj_hitachi.exe:Firmware Upgrader Hitachi
"UDP Query User{D9E308B9-9FEE-48E6-951A-E8CE7D5C5650}C:\program files\club-internet\assistance\updatehitachi\maj_hitachi.exe"= TCP:C:\program files\club-internet\assistance\updatehitachi\maj_hitachi.exe:Firmware Upgrader Hitachi
"TCP Query User{99D9C6DE-B5BD-402E-AB15-DF3181153FED}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7A127F9C-314B-40FC-A756-C4DCA1130A8C}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{55DEA0DF-C77C-4130-A8BC-312A506281E1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2F78F547-340E-403F-9138-B35DE59098A8}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{9905847C-41F6-42D2-ACC1-C19EA3282C9F}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{7D2B2DF1-A826-417D-B7C0-66A0BDBCC711}C:\windows\system32\wintems.exe"= UDP:C:\windows\system32\wintems.exe:wintems
"UDP Query User{19578F6B-05DD-46E6-9CEF-664BA5E1CF7D}C:\windows\system32\wintems.exe"= TCP:C:\windows\system32\wintems.exe:wintems
"TCP Query User{C6DEE819-81FC-4868-95F9-408EDB27F324}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 7.0
"UDP Query User{35C5A464-AFED-436C-A8FB-C8C109678542}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 7.0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 ShldDrv;Panda File Shield Driver;C:\Windows\system32\DRIVERS\ShlDrv51.sys [2007-05-23 16:40]
R2 lxdd_device;lxdd_device;C:\Windows\system32\lxddcoms.exe [2007-02-13 01:59]
R3 VF0350Vfx;VF0350 Video FX;C:\Windows\system32\DRIVERS\V0350VFx.sys [2007-03-05 12:45]
R3 VF0350Vid;Live! Cam Video IM (VF0350);C:\Windows\system32\DRIVERS\V0350Vid.sys [2007-05-10 19:02]
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2008-03-16 22:27]
S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 11:34]
S3 scramby

Utilisateur anonyme · Answer

Re ,

Pas de cracks hein ??

tu te fous de qui ? 


ça t'a pas suffit la dernière fois que je t'ai désinfecté ?

Crack.Norton.AntiVirus.2006.Multilanguage.!!­!.zip 
Kaspersky.Anti-Virus.Personal.2006.6.0.12.167.Bet­a.Keys(1).updated-fixed.12-2006.zip
Keyboard Explorer 1.1.3.zip 
Lock On Modern Air Combat v1.01 to v1.02 patch.zip
Et j'en passe...

Nan mais c'est de l'inconscience à ce niveau la !!!

Des dizaines de cracks , clé d'activation , patch  ...


Pour quoi ?

Pour des anti-virus payants alors que des gratuits très bien existent !!!

Et après tu viens implorer de l'aide sur le forum virus/sécurité  ???!!

'tain mais c'est pas vrai ça !
Et en plus tu me mens ...

Pfff je me demande même si je dois pas te laisser te demmerder ...


Mais non , trop bon trop con , je vais finir.

Sache que si tu te refais infecté , compte pas sur moi.

********************************************************

/!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\

Ouvre le Bloc-Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)

Copie ce texte ( en gras )d'une traite ( CTRL+C pour copier ) puis colle-le ( CTRL+V dans le bloc-note ) 



Folder::
C:\Program Files\Navilog1
C:\PROGRA~2\BOONTY
C:\PROGRA~2\Kaspersky Lab Setup Files 
C:\Program Files\Common Files\BOONTY Shared
C:\PROGRA~2\Symantec




Sauvegarde ce fichier sur ton bureau sous le nom de CFScript.txt.



Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

Wolfman59760 · Answer

excuse moi pour les cracks mais je savais pas que j'avais sa mais c'est surement un de mes amis qui est passer dans la semaine et il voulait utiliser mon ordi pour soit disant faire une recherche sur le net , je me suis bien fait avoir excuse moi encore je ne sais mème pas se que sait 
voila le rapport combofix :
ComboFix 08-04-03.5 - daniel 2008-04-05  1:23:29.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6000.0.1252.1.1036.18.351 [GMT 2:00]
Endroit: C:\Users\daniel\Desktop\ComboFix.exe
Command switches used :: C:\Users\daniel\Desktop\CFScript.txt..txt
 * Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\PROGRA~2\BOONTY
C:\PROGRA~2\BOONTY\Licenses\B4567000.dat
C:\PROGRA~2\Kaspersky Lab Setup Files
C:\PROGRA~2\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\French\kav.fr.msi
C:\PROGRA~2\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\French\setup.exe
C:\PROGRA~2\Symantec
C:\PROGRA~2\Symantec\LiveUpdate\Settings.LiveUpdate
C:\Program Files\Common Files\BOONTY Shared
C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
C:\Program Files\Navilog1
C:\Program Files\Navilog1\catchme.exe
C:\Program Files\Navilog1\GetPaths.exe
C:\Program Files\Navilog1\gnc.exe
C:\Program Files\Navilog1
avilog1.bat
C:\Program Files\Navilog1\oem2ansi.exe
C:\Program Files\Navilog1echerok.txt
C:\Program Files\Navilog1eg.exe
C:\Program Files\Navilog1egnavi.reg
C:\Program Files\Navilog1	raite.bat
C:\Program Files\Navilog1	raite2.bat
C:\Program Files\Navilog1\unins000.dat
C:\Program Files\Navilog1\unins000.exe

.
(((((((((((((((((((((((((((((   Fichiers créés 2008-03-04 to 2008-04-04  ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 22:31	---------	d-----w	C:\Program Files\Packard Bell Data Secure
2008-04-04 11:03	---------	d-----w	C:\Program Files\Trend Micro
2008-04-03 08:33	---------	d-----w	C:\PROGRA~2\Playrix Entertainment
2008-04-02 20:14	---------	d-----w	C:\PROGRA~2\Gogii
2008-04-02 20:02	---------	d-----w	C:\Program Files\Google
2008-04-02 19:50	---------	d-----w	C:\Program Files\iWin
2008-04-02 19:50	---------	d-----w	C:\Program Files\Around the World in 80 Days
2008-04-02 16:41	---------	d-----w	C:\PROGRA~2\Avira
2008-03-31 14:23	---------	d-----w	C:\Program Files\Beach Volleyball
2008-03-31 13:34	---------	d-----w	C:\PROGRA~2\Trymedia
2008-03-31 13:34	---------	d-----w	C:\PROGRA~2\Arcade Lab
2008-03-31 09:40	---------	d-----w	C:\PROGRA~2\Zylom
2008-03-30 13:18	---------	d-----w	C:\Users\daniel\AppData\Roaming\fretsonfire
2008-03-30 12:45	---------	d-----w	C:\Users\daniel\AppData\Roaming\EoRezo
2008-03-30 12:17	---------	d-----w	C:\Users\daniel\AppData\Roaming\ItsLabel
2008-03-30 11:47	---------	d-----w	C:\Users\daniel\AppData\Roaming\GetRightToGo
2008-03-30 08:41	74,752	----a-w	C:\Windows\ST6UNST.EXE
2008-03-30 08:41	290,816	------w	C:\Windows\Setup1.exe
2008-03-29 17:50	---------	d-----w	C:\PROGRA~2\RapidSolution
2008-03-28 15:30	---------	d-----w	C:\Program Files\Lx_cats
2008-03-28 12:20	---------	d-----w	C:\Program Files\Messenger Plus! Live
2008-03-18 18:57	---------	d-----w	C:\Program Files\SecondLife
2008-03-18 18:56	---------	d-----w	C:\Users\daniel\AppData\Roaming\SecondLife
2008-03-18 13:57	---------	d-----w	C:\Users\daniel\AppData\Roaming\Todae
2008-03-16 20:28	---------	d-----w	C:\Users\daniel\AppData\Roaming\PlayFirst
2008-03-16 20:28	---------	d-----w	C:\PROGRA~2\PlayFirst
2008-03-16 08:19	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-03-13 22:02	---------	d-----w	C:\Program Files\a-squared Free
2008-03-13 11:09	---------	d-----w	C:\Program Files\Windows Mail
2008-03-12 14:18	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2008-03-11 17:39	---------	d-----w	C:\PROGRA~2\Lavasoft
2008-03-11 17:38	---------	d-----w	C:\Program Files\Lavasoft
2008-03-11 17:08	174	--sha-w	C:\Program Files\desktop.ini
2008-03-10 21:42	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-03-10 21:31	---------	d-----w	C:\Program Files\splus
2008-03-10 12:57	---------	d-----w	C:\Program Files\Windows Sidebar
2008-03-10 12:50	194,560	----a-w	C:\Windows\System32\WebClnt.dll
2008-03-10 12:50	110,080	----a-w	C:\Windows\system32\drivers\mrxdav.sys
2008-03-10 12:45	803,328	----a-w	C:\Windows\system32\drivers	cpip.sys
2008-03-10 12:45	537,600	----a-w	C:\Windows\AppPatch\AcLayers.dll
2008-03-10 12:45	449,536	----a-w	C:\Windows\AppPatch\AcSpecfc.dll
2008-03-10 12:45	4,247,552	----a-w	C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-10 12:45	24,064	----a-w	C:\Windows\System32
etcfg.exe
2008-03-10 12:45	22,016	----a-w	C:\Windows\System32
etiougc.exe
2008-03-10 12:45	216,632	----a-w	C:\Windows\system32\drivers
etio.sys
2008-03-10 12:45	2,144,256	----a-w	C:\Windows\AppPatch\AcGenral.dll
2008-03-10 12:45	173,056	----a-w	C:\Windows\AppPatch\AcXtrnal.dll
2008-03-10 12:45	167,424	----a-w	C:\Windows\System32	cpipcfg.dll
2008-03-10 12:45	1,686,528	----a-w	C:\Windows\System32\gameux.dll
2008-03-10 12:43	11,776	----a-w	C:\Windows\System32\sbunattend.exe
2008-03-10 12:41	824,832	----a-w	C:\Windows\System32\wininet.dll
2008-03-10 12:41	56,320	----a-w	C:\Windows\System32\iesetup.dll
2008-03-10 12:41	52,736	----a-w	C:\Windows\AppPatch\iebrshim.dll
2008-03-10 12:41	26,624	----a-w	C:\Windows\System32\ieUnatt.exe
2008-03-10 12:39	1,244,672	----a-w	C:\Windows\System32\mcmde.dll
2008-03-09 15:04	---------	d-----w	C:\Program Files\photoview3.0
2008-03-02 12:11	---------	d-----w	C:\Program Files\Common Files\Panda Software
2008-02-29 20:30	---------	d-----w	C:\Program Files\Picasa2
2008-02-29 16:30	---------	d-----w	C:\Program Files\Windows Live Safety Center
2008-02-29 13:07	---------	d-----w	C:\Users\daniel\AppData\Roaming\Creative
2008-02-29 13:07	---------	d-----w	C:\PROGRA~2\Creative
2008-02-29 12:02	---------	dcsh--w	C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-29 12:00	---------	d-----w	C:\Program Files\Windows Live
2008-02-29 11:58	---------	d-----w	C:\PROGRA~2\WLInstaller
2008-02-29 11:13	---------	d-----w	C:\PROGRA~2\Messenger Plus!
2008-02-29 08:53	---------	d-----w	C:\Users\daniel\AppData\Roaming\Skype
2008-02-28 17:12	---------	d-----w	C:\Program Files\Creative
2008-02-28 17:10	---------	d-----w	C:\PROGRA~2\muvee Technologies
2008-02-28 17:09	---------	d-----w	C:\Program Files\SightSpeed
2008-02-14 08:27	45,112	----a-w	C:\Windows\system32\drivers\pciidex.sys
2008-02-14 08:27	21,560	----a-w	C:\Windows\system32\drivers\atapi.sys
2008-02-14 08:27	154,624	----a-w	C:\Windows\system32\drivers
wifi.sys
2008-02-14 08:27	15,928	----a-w	C:\Windows\system32\drivers\pciide.sys
2008-02-14 08:27	109,624	----a-w	C:\Windows\system32\drivers\ataport.sys
2008-02-11 08:39	---------	d-----w	C:\PROGRA~2\DFX
2007-10-31 20:55	16,384	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-31 20:55	32,768	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-30 09:49	16,384	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
2007-12-30 09:49	32,768	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat
2007-12-30 09:49	16,384	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
2007-10-31 20:55	16,384	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-12-31 09:04	16,384	--sha-w	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-31 09:04	32,768	--sha-w	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-07 06:52	16,384	--sha-w	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
2007-11-07 06:52	32,768	--sha-w	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat
2007-11-07 06:52	16,384	--sha-w	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
2007-12-31 09:04	16,384	--sha-w	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-10 14:43 1232896]
"Philips Intelligent Agent"="NOT_IN_USE_DUMMY_PATH" []
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 15:01 155648]
"Packard Bell Data Secure"="C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe" [2006-06-20 15:15 2361856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 17:10 4468736 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-05-07 18:51 1826816 C:\Windows\SkyTel.exe]
"NvSvc"="C:\Windows\system32
vsvc.dll" [2006-12-07 21:25 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 21:25 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 21:25 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 11:40 232184]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-06-02 11:24 243200]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 21:44 65536]
"FixCamera"="C:\Windows\FixCamera.exe" [2007-02-12 15:50 20480]
"C:\Windows\system32\V0350Cvw.dll"="C:\Windows\system32\RegSvr32.exe" [2006-11-02 11:45 14336]
"V0350Mon.exe"="C:\Windows\V0350Mon.exe" [2007-06-04 19:02 32768]
"LXDDCATS"="\3\LXDDtime.dll" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"EoEngine"="" []
"EoWeather"="" []
"ItsTV"="C:\Program Files\Its Label\ItsTV\ItsTV.exe" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-02 20:43 1006264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.wmv3"= wmv9vcm.dll
"MSVideo8"= VfWWDM32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-433937116-2697689707-203461057-1002]
"EnableNotificationsRef"=dword:00000015

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{12C0A142-E744-4D53-AAE2-E71FFD6C6294}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{ECA029AD-387C-43B3-862E-53DD05AFBA8D}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{6DF13730-72C5-4E5D-9CD9-4B472AE4717E}"= UDP:C:\Windows\System32\lxddcoms.exe:2500 Series Server
"{59C277E6-A963-445C-8B03-5D14C3A31D01}"= TCP:C:\Windows\System32\lxddcoms.exe:2500 Series Server
"{E2722DA4-67F8-4583-80CF-F74016EFF5F1}"= Profile=Public|C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{EAAD3F1F-69F6-42DD-9B13-3F65FB938183}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{C4DB5AC5-73F1-4734-93FE-9815236220A7}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{46EAFFEC-7FA6-46ED-B1E6-7856BBB52BF1}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{FAA9BCDB-6DA5-4DB4-8769-633052971FF7}C:\program files\club-internet\assistance\updatehitachi\maj_hitachi.exe"= UDP:C:\program files\club-internet\assistance\updatehitachi\maj_hitachi.exe:Firmware Upgrader Hitachi
"UDP Query User{D9E308B9-9FEE-48E6-951A-E8CE7D5C5650}C:\program files\club-internet\assistance\updatehitachi\maj_hitachi.exe"= TCP:C:\program files\club-internet\assistance\updatehitachi\maj_hitachi.exe:Firmware Upgrader Hitachi
"TCP Query User{99D9C6DE-B5BD-402E-AB15-DF3181153FED}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7A127F9C-314B-40FC-A756-C4DCA1130A8C}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{55DEA0DF-C77C-4130-A8BC-312A506281E1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2F78F547-340E-403F-9138-B35DE59098A8}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{9905847C-41F6-42D2-ACC1-C19EA3282C9F}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{7D2B2DF1-A826-417D-B7C0-66A0BDBCC711}C:\windows\system32\wintems.exe"= UDP:C:\windows\system32\wintems.exe:wintems
"UDP Query User{19578F6B-05DD-46E6-9CEF-664BA5E1CF7D}C:\windows\system32\wintems.exe"= TCP:C:\windows\system32\wintems.exe:wintems
"TCP Query User{C6DEE819-81FC-4868-95F9-408EDB27F324}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 7.0
"UDP Query User{35C5A464-AFED-436C-A8FB-C8C109678542}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 7.0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 ShldDrv;Panda File Shield Driver;C:\Windows\system32\DRIVERS\ShlDrv51.sys [2007-05-23 16:40]
R2 lxdd_device;lxdd_device;C:\Windows\system32\lxddcoms.exe [2007-02-13 01:59]
R3 VF0350Vfx;VF0350 Video FX;C:\Windows\system32\DRIVERS\V0350VFx.sys [2007-03-05 12:45]
R3 VF0350Vid;Live! Cam Video IM (VF0350);C:\Windows\system32\DRIVERS\V0350Vid.sys [2007-05-10 19:02]
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" []
S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 11:34]
S3 scramby_out;Scramby Output;C:\Windows\system32\drivers\scramby_out.sys [2007-08-08 09:31]
S3 VF0350Afx;VF0350 Audio FX;C:\Windows\system32\Drivers\V0350Afx.sys [2007-06-10 19:01]
S4 PavProc;Panda Process Protection Driver;C:\Windows\system32\DRIVERS\PavProc.sys [2007-07-12 14:49]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 01:25:21
Windows 6.0.6000  NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès 
Les fichiers cachés: 0 

**************************************************************************
.
Temps d'accomplissement: 2008-04-05  1:25:56
ComboFix-quarantined-files.txt  2008-04-04 23:25:50
ComboFix2.txt  2008-04-04 22:54:34
      Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
      Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
.
2008-03-13 11:03:51	--- E O F ---

Wolfman59760 · Answer

voila celui de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:33, on 2008-04-05
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32	askeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\USB Disk Win98 Driver\Res.exe
C:\Windows\FixCamera.exe
C:\Windows\V0350Mon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\SYSTEM32	askeng.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Users\daniel\Desktop\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [C:\Windows\system32\V0350Cvw.dll] C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0350Cvw.dll
O4 - HKLM\..\Run: [V0350Mon.exe] C:\Windows\V0350Mon.exe
O4 - HKLM\..\Run: [LXDDCATS] rundll32 \3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\Its Label\ItsTV\ItsTV.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Philips Intelligent Agent] NOT_IN_USE_DUMMY_PATH
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O13 - Gopher Prefix: 
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxdd_device -   - C:\Windows\system32\lxddcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Wolfman59760 · Answer

Et excuse moi encore je savais pas pour les cracks excuse et je voulais te remercier pour tout ce que tu fait pour moi merci

Utilisateur anonyme · Answer

Re ,

Ouais ouais ...

N'en re-télécharge plus jamais stp.

C'est par là qu'arrive le ver Bagle ( ton infection )

J'analyserais les rapports demain , je suis fatigué.

Normalement tu devrais constater des améliorations , mais ce n'est pas encore fini.

A demain

Wolfman59760 · Answer

merci je vais faire ce que tu dit  mais je voulais savoir je peu remetre antivir personnal edition en route pour me protèger et internet explorer va refonctionnè?
je te demande sa en attendant demain on pourra se reparler vers quel heure demain ? repond s'il te plait merci

Utilisateur anonyme · Answer

Re ,

Remet ton AV en route , effectivement.



Demain vers 13h.

Y aura encore du boulot.

+++

Wolfman59760 · Answer

ok d'accord merci pour tout et a demain bonne nuit a toi et encore merci , je me connecte demain a 13h comme prèvut bonne nuit

booddha · Answer

C'est la foire aux cracks ici ;-D

Salut Cyril ;)

Wolfman59760 · Answer

je suis là j'attend la suite des ètapes ;)

Utilisateur anonyme · Answer

Re ,  

Je te prépare la procédure.

+++

Wolfman59760 · Answer

d'accord j'attend la procèdure

Utilisateur anonyme · Answer

Recommence le CFScript avec :

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] 
"TCP Query User{7D2B2DF1-A826-417D-B7C0-66A0BDBCC711}C:\windows\system32\wintems.exe"=-
"UDP Query User{19578F6B-05DD-46E6-9CEF-664BA5E1CF7D}C:\windows\system32\wintems.exe"=-


Poste le rapport.

*********


Tu l'as encore Antivir ? 

Remet le en route stp.

++

Wolfman59760 · Answer

voila le rapport combofix et j'ai remit antivir en route depuis hier soir :
ComboFix 08-04-03.5 - daniel 2008-04-05 13:43:58.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6000.0.1252.1.1036.18.288 [GMT 2:00]
Endroit: C:\Users\daniel\Desktop\ComboFix.exe
Command switches used :: C:\Users\daniel\Desktop\CFScript.txt
.

(((((((((((((((((((((((((((((   Fichiers créés 2008-03-05 to 2008-04-05  ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-05 10:56	---------	d-----w	C:\Program Files\Packard Bell Data Secure
2008-04-04 23:53	---------	d-----w	C:\Program Files\Avira
2008-04-04 23:53	---------	d-----w	C:\PROGRA~2\Avira
2008-04-04 11:03	---------	d-----w	C:\Program Files\Trend Micro
2008-04-03 08:33	---------	d-----w	C:\PROGRA~2\Playrix Entertainment
2008-04-02 20:14	---------	d-----w	C:\PROGRA~2\Gogii
2008-04-02 20:02	---------	d-----w	C:\Program Files\Google
2008-04-02 19:50	---------	d-----w	C:\Program Files\iWin
2008-04-02 19:50	---------	d-----w	C:\Program Files\Around the World in 80 Days
2008-03-31 14:23	---------	d-----w	C:\Program Files\Beach Volleyball
2008-03-31 13:34	---------	d-----w	C:\PROGRA~2\Trymedia
2008-03-31 13:34	---------	d-----w	C:\PROGRA~2\Arcade Lab
2008-03-31 09:40	---------	d-----w	C:\PROGRA~2\Zylom
2008-03-30 13:18	---------	d-----w	C:\Users\daniel\AppData\Roaming\fretsonfire
2008-03-30 12:45	---------	d-----w	C:\Users\daniel\AppData\Roaming\EoRezo
2008-03-30 12:17	---------	d-----w	C:\Users\daniel\AppData\Roaming\ItsLabel
2008-03-30 11:47	---------	d-----w	C:\Users\daniel\AppData\Roaming\GetRightToGo
2008-03-30 08:41	74,752	----a-w	C:\Windows\ST6UNST.EXE
2008-03-30 08:41	290,816	------w	C:\Windows\Setup1.exe
2008-03-29 17:50	---------	d-----w	C:\PROGRA~2\RapidSolution
2008-03-28 15:30	---------	d-----w	C:\Program Files\Lx_cats
2008-03-28 12:20	---------	d-----w	C:\Program Files\Messenger Plus! Live
2008-03-18 18:57	---------	d-----w	C:\Program Files\SecondLife
2008-03-18 18:56	---------	d-----w	C:\Users\daniel\AppData\Roaming\SecondLife
2008-03-18 13:57	---------	d-----w	C:\Users\daniel\AppData\Roaming\Todae
2008-03-16 20:28	---------	d-----w	C:\Users\daniel\AppData\Roaming\PlayFirst
2008-03-16 20:28	---------	d-----w	C:\PROGRA~2\PlayFirst
2008-03-16 08:19	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-03-13 22:02	---------	d-----w	C:\Program Files\a-squared Free
2008-03-13 11:09	---------	d-----w	C:\Program Files\Windows Mail
2008-03-12 14:18	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2008-03-11 17:39	---------	d-----w	C:\PROGRA~2\Lavasoft
2008-03-11 17:38	---------	d-----w	C:\Program Files\Lavasoft
2008-03-11 17:08	174	--sha-w	C:\Program Files\desktop.ini
2008-03-10 21:42	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-03-10 21:31	---------	d-----w	C:\Program Files\splus
2008-03-10 12:57	---------	d-----w	C:\Program Files\Windows Sidebar
2008-03-10 12:50	194,560	----a-w	C:\Windows\System32\WebClnt.dll
2008-03-10 12:50	110,080	----a-w	C:\Windows\system32\drivers\mrxdav.sys
2008-03-10 12:45	803,328	----a-w	C:\Windows\system32\drivers	cpip.sys
2008-03-10 12:45	537,600	----a-w	C:\Windows\AppPatch\AcLayers.dll
2008-03-10 12:45	449,536	----a-w	C:\Windows\AppPatch\AcSpecfc.dll
2008-03-10 12:45	4,247,552	----a-w	C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-10 12:45	24,064	----a-w	C:\Windows\System32
etcfg.exe
2008-03-10 12:45	22,016	----a-w	C:\Windows\System32
etiougc.exe
2008-03-10 12:45	216,632	----a-w	C:\Windows\system32\drivers
etio.sys
2008-03-10 12:45	2,144,256	----a-w	C:\Windows\AppPatch\AcGenral.dll
2008-03-10 12:45	173,056	----a-w	C:\Windows\AppPatch\AcXtrnal.dll
2008-03-10 12:45	167,424	----a-w	C:\Windows\System32	cpipcfg.dll
2008-03-10 12:45	1,686,528	----a-w	C:\Windows\System32\gameux.dll
2008-03-10 12:43	11,776	----a-w	C:\Windows\System32\sbunattend.exe
2008-03-10 12:41	824,832	----a-w	C:\Windows\System32\wininet.dll
2008-03-10 12:41	56,320	----a-w	C:\Windows\System32\iesetup.dll
2008-03-10 12:41	52,736	----a-w	C:\Windows\AppPatch\iebrshim.dll
2008-03-10 12:41	26,624	----a-w	C:\Windows\System32\ieUnatt.exe
2008-03-10 12:39	1,244,672	----a-w	C:\Windows\System32\mcmde.dll
2008-03-09 15:04	---------	d-----w	C:\Program Files\photoview3.0
2008-03-02 12:11	---------	d-----w	C:\Program Files\Common Files\Panda Software
2008-02-29 20:30	---------	d-----w	C:\Program Files\Picasa2
2008-02-29 16:30	---------	d-----w	C:\Program Files\Windows Live Safety Center
2008-02-29 13:07	---------	d-----w	C:\Users\daniel\AppData\Roaming\Creative
2008-02-29 13:07	---------	d-----w	C:\PROGRA~2\Creative
2008-02-29 12:02	---------	dcsh--w	C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-29 12:00	---------	d-----w	C:\Program Files\Windows Live
2008-02-29 11:58	---------	d-----w	C:\PROGRA~2\WLInstaller
2008-02-29 11:13	---------	d-----w	C:\PROGRA~2\Messenger Plus!
2008-02-29 08:53	---------	d-----w	C:\Users\daniel\AppData\Roaming\Skype
2008-02-28 17:12	---------	d-----w	C:\Program Files\Creative
2008-02-28 17:10	---------	d-----w	C:\PROGRA~2\muvee Technologies
2008-02-28 17:09	---------	d-----w	C:\Program Files\SightSpeed
2008-02-14 08:27	45,112	----a-w	C:\Windows\system32\drivers\pciidex.sys
2008-02-14 08:27	21,560	----a-w	C:\Windows\system32\drivers\atapi.sys
2008-02-14 08:27	154,624	----a-w	C:\Windows\system32\drivers
wifi.sys
2008-02-14 08:27	15,928	----a-w	C:\Windows\system32\drivers\pciide.sys
2008-02-14 08:27	109,624	----a-w	C:\Windows\system32\drivers\ataport.sys
2008-02-11 08:39	---------	d-----w	C:\PROGRA~2\DFX
2007-10-31 20:55	16,384	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-31 20:55	32,768	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-30 09:49	16,384	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
2007-12-30 09:49	32,768	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat
2007-12-30 09:49	16,384	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
2007-10-31 20:55	16,384	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-12-31 09:04	16,384	--sha-w	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-31 09:04	32,768	--sha-w	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-07 06:52	16,384	--sha-w	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
2007-11-07 06:52	32,768	--sha-w	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat
2007-11-07 06:52	16,384	--sha-w	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
2007-12-31 09:04	16,384	--sha-w	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-10 14:43 1232896]
"Philips Intelligent Agent"="NOT_IN_USE_DUMMY_PATH" []
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 15:01 155648]
"Packard Bell Data Secure"="C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe" [2006-06-20 15:15 2361856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 17:10 4468736 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-05-07 18:51 1826816 C:\Windows\SkyTel.exe]
"NvSvc"="C:\Windows\system32
vsvc.dll" [2006-12-07 21:25 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 21:25 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 21:25 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 11:40 232184]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-06-02 11:24 243200]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 21:44 65536]
"FixCamera"="C:\Windows\FixCamera.exe" [2007-02-12 15:50 20480]
"C:\Windows\system32\V0350Cvw.dll"="C:\Windows\system32\RegSvr32.exe" [2006-11-02 11:45 14336]
"V0350Mon.exe"="C:\Windows\V0350Mon.exe" [2007-06-04 19:02 32768]
"LXDDCATS"="\3\LXDDtime.dll" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"EoEngine"="" []
"EoWeather"="" []
"ItsTV"="C:\Program Files\Its Label\ItsTV\ItsTV.exe" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-02 20:43 1006264]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-05 01:56 249896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.wmv3"= wmv9vcm.dll
"MSVideo8"= VfWWDM32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-433937116-2697689707-203461057-1002]
"EnableNotificationsRef"=dword:00000015

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{12C0A142-E744-4D53-AAE2-E71FFD6C6294}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{ECA029AD-387C-43B3-862E-53DD05AFBA8D}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{6DF13730-72C5-4E5D-9CD9-4B472AE4717E}"= UDP:C:\Windows\System32\lxddcoms.exe:2500 Series Server
"{59C277E6-A963-445C-8B03-5D14C3A31D01}"= TCP:C:\Windows\System32\lxddcoms.exe:2500 Series Server
"{E2722DA4-67F8-4583-80CF-F74016EFF5F1}"= Profile=Public|C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{EAAD3F1F-69F6-42DD-9B13-3F65FB938183}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{C4DB5AC5-73F1-4734-93FE-9815236220A7}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{46EAFFEC-7FA6-46ED-B1E6-7856BBB52BF1}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{FAA9BCDB-6DA5-4DB4-8769-633052971FF7}C:\program files\club-internet\assistance\updatehitachi\maj_hitachi.exe"= UDP:C:\program files\club-internet\assistance\updatehitachi\maj_hitachi.exe:Firmware Upgrader Hitachi
"UDP Query User{D9E308B9-9FEE-48E6-951A-E8CE7D5C5650}C:\program files\club-internet\assistance\updatehitachi\maj_hitachi.exe"= TCP:C:\program files\club-internet\assistance\updatehitachi\maj_hitachi.exe:Firmware Upgrader Hitachi
"TCP Query User{99D9C6DE-B5BD-402E-AB15-DF3181153FED}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7A127F9C-314B-40FC-A756-C4DCA1130A8C}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{55DEA0DF-C77C-4130-A8BC-312A506281E1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2F78F547-340E-403F-9138-B35DE59098A8}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{9905847C-41F6-42D2-ACC1-C19EA3282C9F}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{C6DEE819-81FC-4868-95F9-408EDB27F324}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 7.0
"UDP Query User{35C5A464-AFED-436C-A8FB-C8C109678542}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 7.0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 ShldDrv;Panda File Shield Driver;C:\Windows\system32\DRIVERS\ShlDrv51.sys [2007-05-23 16:40]
R2 lxdd_device;lxdd_device;C:\Windows\system32\lxddcoms.exe [2007-02-13 01:59]
R3 VF0350Vfx;VF0350 Video FX;C:\Windows\system32\DRIVERS\V0350VFx.sys [2007-03-05 12:45]
R3 VF0350Vid;Live! Cam Video IM (VF0350);C:\Windows\system32\DRIVERS\V0350Vid.sys [2007-05-10 19:02]
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" []
S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 11:34]
S3 scramby_out;Scramby Output;C:\Windows\system32\drivers\scramby_out.sys [2007-08-08 09:31]
S3 VF0350Afx;VF0350 Audio FX;C:\Windows\system32\Drivers\V0350Afx.sys [2007-06-10 19:01]
S4 PavProc;Panda Process Protection Driver;C:\Windows\system32\DRIVERS\PavProc.sys [2007-07-12 14:49]

*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 13:47:55
Windows 6.0.6000  NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès 
Les fichiers cachés: 0 

**************************************************************************
.
Temps d'accomplissement: 2008-04-05 13:48:35
ComboFix-quarantined-files.txt  2008-04-05 11:48:29
ComboFix2.txt  2008-04-04 23:25:57
ComboFix3.txt  2008-04-04 22:54:34
      Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
      Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
.
2008-03-13 11:03:51	--- E O F ---

Utilisateur anonyme · Answer

Reposte moi un rapport Hijackthis 

A+

Wolfman59760 · Answer

voila hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:48, on 2008-04-05
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32	askeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\USB Disk Win98 Driver\Res.exe
C:\Windows\FixCamera.exe
C:\Windows\V0350Mon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\SYSTEM32	askeng.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32
otepad.exe
C:\Users\daniel\Desktop\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [C:\Windows\system32\V0350Cvw.dll] C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0350Cvw.dll
O4 - HKLM\..\Run: [V0350Mon.exe] C:\Windows\V0350Mon.exe
O4 - HKLM\..\Run: [LXDDCATS] rundll32 \3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\Its Label\ItsTV\ItsTV.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Philips Intelligent Agent] NOT_IN_USE_DUMMY_PATH
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O13 - Gopher Prefix: 
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxdd_device -   - C:\Windows\system32\lxddcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Utilisateur anonyme · Answer

Re , 

Ok , lance Antivir > scan system now > poste le rapport qui apparait à la fin ( bouton ' report ' )



+++

Wolfman59760 · Answer

voila le rapport antivir


AntiVir PersonalEdition Classic
Report file date: 2008-04-05  15:58

Scanning for 1181183 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows Vista
Windows version:  (plain)  [6.0.6000]
Username:         SYSTEM
Computer name:    PC-DE-DANIEL

Version information:
BUILD.DAT    : 270           15603 Bytes  2007-09-19 13:32:00
AVSCAN.EXE   : 7.0.6.1      290856 Bytes  2007-08-23 12:16:29
AVSCAN.DLL   : 7.0.6.0       49192 Bytes  2007-08-16 11:23:51
LUKE.DLL     : 7.0.5.3      147496 Bytes  2007-08-14 14:32:47
LUKERES.DLL  : 7.0.6.1       10280 Bytes  2007-08-21 11:35:20
ANTIVIR0.VDF : 6.40.0.0    11030528 Bytes  2007-07-18 13:27:15
ANTIVIR1.VDF : 7.0.3.2     5447168 Bytes  2008-03-07 23:56:16
ANTIVIR2.VDF : 7.0.3.85     434176 Bytes  2008-03-27 23:56:16
ANTIVIR3.VDF : 7.0.3.121    189952 Bytes  2008-04-04 23:56:16
AVEWIN32.DLL : 7.6.0.81    3424768 Bytes  2008-04-04 23:56:17
AVWINLL.DLL  : 1.0.0.7       14376 Bytes  2007-02-26 09:36:26
AVPREF.DLL   : 7.0.2.2       25640 Bytes  2007-07-18 06:39:17
AVREP.DLL    : 7.0.0.1      155688 Bytes  2007-04-16 12:16:24
AVPACK32.DLL : 7.6.0.3      360488 Bytes  2008-04-04 23:56:17
AVREG.DLL    : 7.0.1.6       30760 Bytes  2007-07-18 06:17:06
AVARKT.DLL   : 1.0.0.20     278568 Bytes  2007-08-28 11:26:33
AVEVTLOG.DLL : 7.0.0.20      86056 Bytes  2007-07-18 06:10:18
NETNT.DLL    : 7.0.0.0        7720 Bytes  2007-03-08 10:09:42
RCIMAGE.DLL  : 7.0.1.30    2342952 Bytes  2007-08-07 11:38:13
RCTEXT.DLL   : 7.0.62.0      86056 Bytes  2007-08-21 11:50:37
SQLITE3.DLL  : 3.3.17.1     339968 Bytes  2007-07-23 08:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, 
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, 
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: 2008-04-05  15:58

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'conime.exe' - '1' Module(s) have been scanned
Scan process 'StartFX.exe' - '1' Module(s) have been scanned
Scan process 'emule.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'conime.exe' - '0' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'CPSHelpRunner.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktopCrawl.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktopDisplay.exe' - '1' Module(s) have been scanned
Scan process 'lanceur.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktopIndex.exe' - '1' Module(s) have been scanned
Scan process 'PBDataSecure.exe' - '1' Module(s) have been scanned
Scan process 'CTLCMgr.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'V0350Mon.exe' - '1' Module(s) have been scanned
Scan process 'FixCamera.exe' - '1' Module(s) have been scanned
Scan process 'Res.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'RoxWatchTray9.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'RoxMediaDB9.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RoxWatch9.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lxddcoms.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
67 processes with 67 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
      [NOTE]      No virus was found!
      [WARNING]   The boot sector file could not be read!
      [WARNING]   Error code: 0x0083
      [NOTE]      Please restart the search with Administrator rights
Master boot sector HD1
      [NOTE]      No virus was found!
      [WARNING]   The boot sector file could not be read!
      [WARNING]   Error code: 0x0015
      [NOTE]      Please restart the search with Administrator rights
Master boot sector HD2
      [NOTE]      No virus was found!
      [WARNING]   The boot sector file could not be read!
      [WARNING]   Error code: 0x0015
      [NOTE]      Please restart the search with Administrator rights
Master boot sector HD3
      [NOTE]      No virus was found!
      [WARNING]   The boot sector file could not be read!
      [WARNING]   Error code: 0x0015
      [NOTE]      Please restart the search with Administrator rights
Master boot sector HD4
      [NOTE]      No virus was found!
      [WARNING]   The boot sector file could not be read!
      [WARNING]   Error code: 0x0015
      [NOTE]      Please restart the search with Administrator rights

Start scanning boot sectors:
Boot sector 'C:\'
      [NOTE]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '19' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\Program Files\Club-Internet\Assistance\OutilsCI\uninstall.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Zlob.ZQN
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\data.oct.vir
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\flec006.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\.!!!.Crack.Norton.AntiVirus.2006.Multilanguage.!!!.zip.vir
  [0] Archive type: ZIP
  --> .!!!.Crack.Norton.AntiVirus.2006.Multilanguage.!!!.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\.NET Encryption Library 1.05.zip.vir
  [0] Archive type: ZIP
  --> .NET Encryption Library 1.05.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\1 Click Safe PC 1.6.zip.vir
  [0] Archive type: ZIP
  --> 1 Click Safe PC 1.6.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\1st Look! 2.0.1 [Key+Serial].zip.vir
  [0] Archive type: ZIP
  --> 1st Look! 2.0.1 [Key+Serial].exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\3Com Etherlink XL 3C90x Adapter Driver 5.4.zip.vir
  [0] Archive type: ZIP
  --> 3Com Etherlink XL 3C90x Adapter Driver 5.4.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\3D Visioner 2.3.zip.vir
  [0] Archive type: ZIP
  --> 3D Visioner 2.3.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\A Christmas Reflection Screensaver 1.0 [Key+Serial].zip.vir
  [0] Archive type: ZIP
  --> A Christmas Reflection Screensaver 1.0 [Key+Serial].exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\A9CAD Pro 2.3.2 [Key].zip.vir
  [0] Archive type: ZIP
  --> A9CAD Pro 2.3.2 [Key].exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Advanced Log Monitor 2.1.21.zip.vir
  [0] Archive type: ZIP
  --> Advanced Log Monitor 2.1.21.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\AllWebMenus Lite 3.1.128.zip.vir
  [0] Archive type: ZIP
  --> AllWebMenus Lite 3.1.128.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Altostorm Rectilinear Panorama Pro 1.2.zip.vir
  [0] Archive type: ZIP
  --> Altostorm Rectilinear Panorama Pro 1.2.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\AS HDGET WIN32 DLL 2.1 Cracked.zip.vir
  [0] Archive type: ZIP
  --> AS HDGET WIN32 DLL 2.1 Cracked.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\ASP Printer COM 2.1 [Serial].zip.vir
  [0] Archive type: ZIP
  --> ASP Printer COM 2.1 [Serial].exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\AutoCAD Version Explorer 1.9.zip.vir
  [0] Archive type: ZIP
  --> AutoCAD Version Explorer 1.9.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\AVD Batch Converter 1.5.1.zip.vir
  [0] Archive type: ZIP
  --> AVD Batch Converter 1.5.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\AVDP 1.1 (Serial).zip.vir
  [0] Archive type: ZIP
  --> AVDP 1.1 (Serial).exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\BabyShield 2.5 (Cracked).zip.vir
  [0] Archive type: ZIP
  --> BabyShield 2.5 (Cracked).exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Back to Baghdad demo.zip.vir
  [0] Archive type: ZIP
  --> Back to Baghdad demo.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Basic HTML Editor 1.zip.vir
  [0] Archive type: ZIP
  --> Basic HTML Editor 1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\BeClean 1.4.zip.vir
  [0] Archive type: ZIP
  --> BeClean 1.4.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Betty Boop Moon Clock Demo Screensaver 1.0 (With Crack).zip.vir
  [0] Archive type: ZIP
  --> Betty Boop Moon Clock Demo Screensaver 1.0 (With Crack).exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Big Rigs Over the Road Racing Patch 1.0.zip.vir
  [0] Archive type: ZIP
  --> Big Rigs Over the Road Racing Patch 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\BigSpeed Zipper 4.00.zip.vir
  [0] Archive type: ZIP
  --> BigSpeed Zipper 4.00.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Blueframe Pack 3.zip.vir
  [0] Archive type: ZIP
  --> Blueframe Pack 3.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Bonny Clock 1.5.zip.vir
  [0] Archive type: ZIP
  --> Bonny Clock 1.5.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\BPS WinTrace Remover 6.2.0.0.zip.vir
  [0] Archive type: ZIP
  --> BPS WinTrace Remover 6.2.0.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\BPS YouTube Google Video Grabber 1.0.0.0.zip.vir
  [0] Archive type: ZIP
  --> BPS YouTube Google Video Grabber 1.0.0.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\BrainStreamer 1.2 build 100.zip.vir
  [0] Archive type: ZIP
  --> BrainStreamer 1.2 build 100.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\BrightCar Car Maintenance Software 1.0.74.3 (Crack).zip.vir
  [0] Archive type: ZIP
  --> BrightCar Car Maintenance Software 1.0.74.3 (Crack).exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Butterfly Garden Screensaver 01.zip.vir
  [0] Archive type: ZIP
  --> Butterfly Garden Screensaver 01.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Cat 2.0.3.zip.vir
  [0] Archive type: ZIP
  --> Cat 2.0.3.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\CDBF Shell 1.10.03.zip.vir
  [0] Archive type: ZIP
  --> CDBF Shell 1.10.03.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Celebdaq RSS News 1.0.zip.vir
  [0] Archive type: ZIP
  --> Celebdaq RSS News 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Chinese Calendrics 7.22.zip.vir
  [0] Archive type: ZIP
  --> Chinese Calendrics 7.22.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Click MusicalKeys 3.21.zip.vir
  [0] Archive type: ZIP
  --> Click MusicalKeys 3.21.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\CmosPwd 4.8.zip.vir
  [0] Archive type: ZIP
  --> CmosPwd 4.8.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Color Finder 1.0 (Key).zip.vir
  [0] Archive type: ZIP
  --> Color Finder 1.0 (Key).exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Command & Conquer Generals - Gravel Maze map.zip.vir
  [0] Archive type: ZIP
  --> Command & Conquer Generals - Gravel Maze map.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Command Finder 1.0.zip.vir
  [0] Archive type: ZIP
  --> Command Finder 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Cool Paint Pro Image Editing 2.6.0.1.zip.vir
  [0] Archive type: ZIP
  --> Cool Paint Pro Image Editing 2.6.0.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\CPU-Speedflash 1.21 1.21.zip.vir
  [0] Archive type: ZIP
  --> CPU-Speedflash 1.21 1.21.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Custom Internet Explorer Toolbar Builder 2.0.zip.vir
  [0] Archive type: ZIP
  --> Custom Internet Explorer Toolbar Builder 2.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\CyberFlash 2.2 With Crack.zip.vir
  [0] Archive type: ZIP
  --> CyberFlash 2.2 With Crack.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\CyberSense Search Center 3.0.zip.vir
  [0] Archive type: ZIP
  --> CyberSense Search Center 3.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Cyrillic Starter Kit 5.0.zip.vir
  [0] Archive type: ZIP
  --> Cyrillic Starter Kit 5.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\CZ-Doc2Pdf COM 2.0.zip.vir
  [0] Archive type: ZIP
  --> CZ-Doc2Pdf COM 2.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\D2MP 3.8.zip.vir
  [0] Archive type: ZIP
  --> D2MP 3.8.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Desert Combat (Battlefield 1942) - Lost Jungle map.zip.vir
  [0] Archive type: ZIP
  --> Desert Combat (Battlefield 1942) - Lost Jungle map.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Desktop Flash Template 1.0 build 2007.02.21 With Crack.zip.vir
  [0] Archive type: ZIP
  --> Desktop Flash Template 1.0 build 2007.02.21 With Crack.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\DiaryOne 6.66.zip.vir
  [0] Archive type: ZIP
  --> DiaryOne 6.66.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\DiDaPro HTML Editor 5.60a With Crack.zip.vir
  [0] Archive type: ZIP
  --> DiDaPro HTML Editor 5.60a With Crack.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Digigenius DVD to iPhone Converter 3.6 [Key+Serial].zip.vir
  [0] Archive type: ZIP
  --> Digigenius DVD to iPhone Converter 3.6 [Key+Serial].exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\DolphinSS Screensaver 1.0.zip.vir
  [0] Archive type: ZIP
  --> DolphinSS Screensaver 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Dreadlock Privacy 5.0 [Serial].zip.vir
  [0] Archive type: ZIP
  --> Dreadlock Privacy 5.0 [Serial].exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\DV MPEG4 Maker 2.6.0.zip.vir
  [0] Archive type: ZIP
  --> DV MPEG4 Maker 2.6.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Earthsim browser 1.5.zip.vir
  [0] Archive type: ZIP
  --> Earthsim browser 1.5.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Ease123 Video Splitter 1.0.1 (With Crack).zip.vir
  [0] Archive type: ZIP
  --> Ease123 Video Splitter 1.0.1 (With Crack).exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\EasyDesk Helpdesk 1.2.7 (KeyGen).zip.vir
  [0] Archive type: ZIP
  --> EasyDesk Helpdesk 1.2.7 (KeyGen).exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\EasyViewOrcl 1.5.zip.vir
  [0] Archive type: ZIP
  --> EasyViewOrcl 1.5.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Ecora Documentor for Unix 4.0.6212.19170.zip.vir
  [0] Archive type: ZIP
  --> Ecora Documentor for Unix 4.0.6212.19170.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Editable JavaScript TreeGrid 3.3.zip.vir
  [0] Archive type: ZIP
  --> Editable JavaScript TreeGrid 3.3.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\EF Duplicate Files Manager Xp 3.40 [KeyGen].zip.vir
  [0] Archive type: ZIP
  --> EF Duplicate Files Manager Xp 3.40 [KeyGen].exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Enigma 0.92.zip.vir
  [0] Archive type: ZIP
  --> Enigma 0.92.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Ergo Romanian 1 1.2.zip.vir
  [0] Archive type: ZIP
  --> Ergo Romanian 1 1.2.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\ESXManager 7.5.2.zip.vir
  [0] Archive type: ZIP
  --> ESXManager 7.5.2.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Expert Debugger 3.1.zip.vir
  [0] Archive type: ZIP
  --> Expert Debugger 3.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Explorer View - File Viewer 3.40.zip.vir
  [0] Archive type: ZIP
  --> Explorer View - File Viewer 3.40.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\ExtremePlanner Starter Edition 2.1.zip.vir
  [0] Archive type: ZIP
  --> ExtremePlanner Starter Edition 2.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\EZ Backup Photoshop Premium 4.7 Serial.zip.vir
  [0] Archive type: ZIP
  --> EZ Backup Photoshop Premium 4.7 Serial.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\ezConverter 2.0 [Crack].zip.vir
  [0] Archive type: ZIP
  --> ezConverter 2.0 [Crack].exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\FilePackager Professional Edition 4.1 (Key).zip.vir
  [0] Archive type: ZIP
  --> FilePackager Professional Edition 4.1 (Key).exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\FindinSite-MS 1.18.zip.vir
  [0] Archive type: ZIP
  --> FindinSite-MS 1.18.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Free CD Replicator 2.1.0.0.zip.vir
  [0] Archive type: ZIP
  --> Free CD Replicator 2.1.0.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Free PC Boost Fix 2.1.zip.vir
  [0] Archive type: ZIP
  --> Free PC Boost Fix 2.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Freedom Force Blue Streak Skin.zip.vir
  [0] Archive type: ZIP
  --> Freedom Force Blue Streak Skin.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\GeoDataSource World Cities Database (Gold Edition) July 2006.zip.vir
  [0] Archive type: ZIP
  --> GeoDataSource World Cities Database (Gold Edition) July 2006.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Gradebook 3.01.zip.vir
  [0] Archive type: ZIP
  --> Gradebook 3.01.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\gView 1.1.zip.vir
  [0] Archive type: ZIP
  --> gView 1.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\HDC Pop 1.zip.vir
  [0] Archive type: ZIP
  --> HDC Pop 1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Hide Files & Folders 2.82 With Crack.zip.vir
  [0] Archive type: ZIP
  --> Hide Files & Folders 2.82 With Crack.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Hpmbcalc Hex Calculator 4.1 [Cracked].zip.vir
  [0] Archive type: ZIP
  --> Hpmbcalc Hex Calculator 4.1 [Cracked].exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\i.Disk 1.7.zip.vir
  [0] Archive type: ZIP
  --> i.Disk 1.7.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\ICQ 5.1.zip.vir
  [0] Archive type: ZIP
  --> ICQ 5.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\ICQ Monitor 1.1 [Crack].zip.vir
  [0] Archive type: ZIP
  --> ICQ Monitor 1.1 [Crack].exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\IDAutomation Interleaved 2 of 5 Font Advantage 6.08.zip.vir
  [0] Archive type: ZIP
  --> IDAutomation Interleaved 2 of 5 Font Advantage 6.08.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\ImTOO DVD Audio Ripper 4.0.84.0802.zip.vir
  [0] Archive type: ZIP
  --> ImTOO DVD Audio Ripper 4.0.84.0802.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Instant Video Streamer 1.0.zip.vir
  [0] Archive type: ZIP
  --> Instant Video Streamer 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\International Rally Championship regular demo.zip.vir
  [0] Archive type: ZIP
  --> International Rally Championship regular demo.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Internet Policy and Authentication 1.1.zip.vir
  [0] Archive type: ZIP
  --> Internet Policy and Authentication 1.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\iPod shuffle DP 2.1.0.0.zip.vir
  [0] Archive type: ZIP
  --> iPod shuffle DP 2.1.0.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Iraq A'tak 1.zip.vir
  [0] Archive type: ZIP
  --> Iraq A'tak 1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\JavaScript Newsflash Composer LITE 1.0.zip.vir
  [0] Archive type: ZIP
  --> JavaScript Newsflash Composer LITE 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\JetPhoto Studio for Mac 2.3.zip.vir
  [0] Archive type: ZIP
  --> JetPhoto Studio for Mac 2.3.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Kaspersky.Anti-Virus.Personal.2006.6.0.12.167.Beta.Keys(1).updated-fixed.12-2006.zip.vir
  [0] Archive type: ZIP
  --> Kaspersky.Anti-Virus.Personal.2006.6.0.12.167.Beta.Keys(1).updated-fixed.12-2006.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Key.Kaspersky.2006.Y.2007.zip.vir
  [0] Archive type: ZIP
  --> Key.Kaspersky.2006.Y.2007.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Keyboard Explorer 1.1.3.zip.vir
  [0] Archive type: ZIP
  --> Keyboard Explorer 1.1.3.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Key_Kaspersky_6.0.0.303.zip.vir
  [0] Archive type: ZIP
  --> Key_Kaspersky_6.0.0.303.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\KidzLog 1.3 (Serial).zip.vir
  [0] Archive type: ZIP
  --> KidzLog 1.3 (Serial).exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\LetterMerger for MS Access 1.2.63.zip.vir
  [0] Archive type: ZIP
  --> LetterMerger for MS Access 1.2.63.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Liatro SWF Tools 1.0.zip.vir
  [0] Archive type: ZIP
  --> Liatro SWF Tools 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Linren MP3 CD Burner 2.00 With Crack.zip.vir
  [0] Archive type: ZIP
  --> Linren MP3 CD Burner 2.00 With Crack.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\LMD-Tools Special Edition (Delphi 8) 7.05.zip.vir
  [0] Archive type: ZIP
  --> LMD-Tools Special Edition (Delphi 8) 7.05.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Lock On Modern Air Combat v1.01 to v1.02 patch.zip.vir
  [0] Archive type: ZIP
  --> Lock On Modern Air Combat v1.01 to v1.02 patch.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Lowney Math Flash 2.1.zip.vir
  [0] Archive type: ZIP
  --> Lowney Math Flash 2.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Ls 4.2.169.zip.vir
  [0] Archive type: ZIP
  --> Ls 4.2.169.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Mail Direct 2.1.5.zip.vir
  [0] Archive type: ZIP
  --> Mail Direct 2.1.5.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Mail Server Pro 1.74 With Crack.zip.vir
  [0] Archive type: ZIP
  --> Mail Server Pro 1.74 With Crack.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\MailCOPA 8.01 (With Crack).zip.vir
  [0] Archive type: ZIP
  --> MailCOPA 8.01 (With Crack).exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\MailSniff 1.0 KeyGen.zip.vir
  [0] Archive type: ZIP
  --> MailSniff 1.0 KeyGen.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\MarketBlast 1.10.zip.vir
  [0] Archive type: ZIP
  --> MarketBlast 1.10.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Marx NTFS Alternate Data Streams Viewer 2.zip.vir
  [0] Archive type: ZIP
  --> Marx NTFS Alternate Data Streams Viewer 2.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\MathGV 3.1.zip.vir
  [0] Archive type: ZIP
  --> MathGV 3.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\moreTunes 2.04.zip.vir
  [0] Archive type: ZIP
  --> moreTunes 2.04.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Mortgage Mantra 1.0 [With Crack].zip.vir
  [0] Archive type: ZIP
  --> Mortgage Mantra 1.0 [With Crack].exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\MovieClip Transition Effect V3 (Serial).zip.vir
  [0] Archive type: ZIP
  --> MovieClip Transition Effect V3 (Serial).exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\MSDict Viewer (Symbian UIQ) 2.30.zip.vir
  [0] Archive type: ZIP
  --> MSDict Viewer (Symbian UIQ) 2.30.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\myJournal 2.0.zip.vir
  [0] Archive type: ZIP
  --> myJournal 2.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\NAIC Club Accounting 2.5.zip.vir
  [0] Archive type: ZIP
  --> NAIC Club Accounting 2.5.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Nikon Coolpix 990 (USB) 1.1.zip.vir
  [0] Archive type: ZIP
  --> Nikon Coolpix 990 (USB) 1.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Number Press 1.1.zip.vir
  [0] Archive type: ZIP
  --> Number Press 1.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\OCX DTMF Keyboard 1.0.zip.vir
  [0] Archive type: ZIP
  --> OCX DTMF Keyboard 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\OHTrader 5.zip.vir
  [0] Archive type: ZIP
  --> OHTrader 5.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Operation Flashpoint Resistance GOTY patch 1.96.zip.vir
  [0] Archive type: ZIP
  --> Operation Flashpoint Resistance GOTY patch 1.96.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\OraMuLas9i+ 5.1.zip.vir
  [0] Archive type: ZIP
  --> OraMuLas9i+ 5.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Orca 3.1.4000.1830.zip.vir
  [0] Archive type: ZIP
  --> Orca 3.1.4000.1830.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Outlook Loader 1.4.1001.zip.vir
  [0] Archive type: ZIP
  --> Outlook Loader 1.4.1001.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\PackPal Photo to Movie Converter 2.00.zip.vir
  [0] Archive type: ZIP
  --> PackPal Photo to Movie Converter 2.00.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Painkiller demo.zip.vir
  [0] Archive type: ZIP
  --> Painkiller demo.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Palette 2.6 With Crack.zip.vir
  [0] Archive type: ZIP
  --> Palette 2.6 With Crack.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\PDF In-The-Box for Delphi 2.2.zip.vir
  [0] Archive type: ZIP
  --> PDF In-The-Box for Delphi 2.2.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\PDFtypewriter with PDF Printer Driver 5.2.594.zip.vir
  [0] Archive type: ZIP
  --> PDFtypewriter with PDF Printer Driver 5.2.594.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\PhotoPaster 1.zip.vir
  [0] Archive type: ZIP
  --> PhotoPaster 1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Picasa Photo Organizer 2.7 Build 36.60.zip.vir
  [0] Archive type: ZIP
  --> Picasa Photo Organizer 2.7 Build 36.60.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Pimp My Meal 1.zip.vir
  [0] Archive type: ZIP
  --> Pimp My Meal 1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\PopUp Killer v1.45.3.zip.vir
  [0] Archive type: ZIP
  --> PopUp Killer v1.45.3.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\PornCleanser 1.zip.vir
  [0] Archive type: ZIP
  --> PornCleanser 1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Presto Transfer Outlook Express 1.7.zip.vir
  [0] Archive type: ZIP
  --> Presto Transfer Outlook Express 1.7.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\PS AVI To Zune Converter 1.00 [KeyGen].zip.vir
  [0] Archive type: ZIP
  --> PS AVI To Zune Converter 1.00 [KeyGen].exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Quick Measure 2.1.40.zip.vir
  [0] Archive type: ZIP
  --> Quick Measure 2.1.40.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Quick ‘n Easy Web Server Professional 3.1.2 (KeyGen).zip.vir
  [0] Archive type: ZIP
  --> Quick &#145;n Easy Web Server Professional 3.1.2 (KeyGen).exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\R-Studio Data Recovery 3.zip.vir
  [0] Archive type: ZIP
  --> R-Studio Data Recovery 3.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Radio Zenwaw 1.0 (Crack).zip.vir
  [0] Archive type: ZIP
  --> Radio Zenwaw 1.0 (Crack).exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\RAR Recovery Toolbox 1.1.4 (Patch).zip.vir
  [0] Archive type: ZIP
  --> RAR Recovery Toolbox 1.1.4 (Patch).exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Real 3D Matrix 3.0.zip.vir
  [0] Archive type: ZIP
  --> Real 3D Matrix 3.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Recovery for Backup 1.7.zip.vir
  [0] Archive type: ZIP
  --> Recovery for Backup 1.7.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Remote Administration Tool 1.2.zip.vir
  [0] Archive type: ZIP
  --> Remote Administration Tool 1.2.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Return to Castle Wolfenstein Enemy Territory Forum Damage Competition Map Pack.zip.vir
  [0] Archive type: ZIP
  --> Return to Castle Wolfenstein Enemy Territory Forum Damage Competition Map Pack.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Rosoft Media Player 4.1.3.zip.vir
  [0] Archive type: ZIP
  --> Rosoft Media Player 4.1.3.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\scViewerX 2.0 Build 161 (Key).zip.vir
  [0] Archive type: ZIP
  --> scViewerX 2.0 Build 161 (Key).exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Serious Sam The Second Encounter demo.zip.vir
  [0] Archive type: ZIP
  --> Serious Sam The Second Encounter demo.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\ShowDirector for PowerPoint 2.0 [Key].zip.vir
  [0] Archive type: ZIP
  --> ShowDirector for PowerPoint 2.0 [Key].exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Sidekick for NetMeeting 1.0.zip.vir
  [0] Archive type: ZIP
  --> Sidekick for NetMeeting 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Slide-In Ads Generator 1.1.1.zip.vir
  [0] Archive type: ZIP
  --> Slide-In Ads Generator 1.1.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Softinabox Batch Registry 1.4.0 Build 32.zip.vir
  [0] Archive type: ZIP
  --> Softinabox Batch Registry 1.4.0 Build 32.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\SOHO Printing Toolbar For Firefox 1.5.0.6.zip.vir
  [0] Archive type: ZIP
  --> SOHO Printing Toolbar For Firefox 1.5.0.6.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Spam Sleuth Lite 4.4.zip.vir
  [0] Archive type: ZIP
  --> Spam Sleuth Lite 4.4.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Spell It Out Loud 1.0.zip.vir
  [0] Archive type: ZIP
  --> Spell It Out Loud 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Spheresoft Zip Code Demographics for Microsoft Excel 1.0.zip.vir
  [0] Archive type: ZIP
  --> Spheresoft Zip Code Demographics for Microsoft Excel 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Star Downloader Pro 1.52 [KeyGen].zip.vir
  [0] Archive type: ZIP
  --> Star Downloader Pro 1.52 [KeyGen].exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Stealth Dupecheck 2.4.212.zip.vir
  [0] Archive type: ZIP
  --> Stealth Dupecheck 2.4.212.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\StorXit 2.0.8 [Cracked].zip.vir
  [0] Archive type: ZIP
  --> StorXit 2.0.8 [Cracked].exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Symantec.Enterprise.Firewall.VPN.v7.04-FULL.zip.vir
  [0] Archive type: ZIP
  --> Symantec.Enterprise.Firewall.VPN.v7.04-FULL.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Symantec.Norton.Ghost.2001.zip.vir
  [0] Archive type: ZIP
  --> Symantec.Norton.Ghost.2001.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\System Protector 1.9 [Cracked].zip.vir
  [0] Archive type: ZIP
  --> System Protector 1.9 [Cracked].exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\TDB 1.52.zip.vir
  [0] Archive type: ZIP
  --> TDB 1.52.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\The Big Talker 1210 WPHT 1.0.zip.vir
  [0] Archive type: ZIP
  --> The Big Talker 1210 WPHT 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\The Insidious Dr. Fu Manchu 1.0.zip.vir
  [0] Archive type: ZIP
  --> The Insidious Dr. Fu Manchu 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\The PC Detective Pro 2.9.8 Key+Serial.zip.vir
  [0] Archive type: ZIP
  --> The PC Detective Pro 2.9.8 Key+Serial.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\TheWorld Browser 2.0.5.6.zip.vir
  [0] Archive type: ZIP
  --> TheWorld Browser 2.0.5.6.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Time Sync Pro 1.2 Crack.zip.vir
  [0] Archive type: ZIP
  --> Time Sync Pro 1.2 Crack.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared	ooLAME 0.2k.zip.vir
  [0] Archive type: ZIP
  --> tooLAME 0.2k.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\TrayIconsOK! 1.1 (Patch).zip.vir
  [0] Archive type: ZIP
  --> TrayIconsOK! 1.1 (Patch).exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Trivia Quiz Shell 2.5.zip.vir
  [0] Archive type: ZIP
  --> Trivia Quiz Shell 2.5.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\TwinGrid 7.0 (With Crack).zip.vir
  [0] Archive type: ZIP
  --> TwinGrid 7.0 (With Crack).exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Unreal Tournament 2003 - Misty Mountain][ deathmatch map.zip.vir
  [0] Archive type: ZIP
  --> Unreal Tournament 2003 - Misty Mountain][ deathmatch map.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\VersyPDF 2.4.zip.vir
  [0] Archive type: ZIP
  --> VersyPDF 2.4.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\VideoEdit ActiveX Control 2.3.zip.vir
  [0] Archive type: ZIP
  --> VideoEdit ActiveX Control 2.3.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Warcraft III MP3 pack.zip.vir
  [0] Archive type: ZIP
  --> Warcraft III MP3 pack.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Webcalng 3.1p2.zip.vir
  [0] Archive type: ZIP
  --> Webcalng 3.1p2.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\WebDelegator 1.0 build 47 (Patch).zip.vir
  [0] Archive type: ZIP
  --> WebDelegator 1.0 build 47 (Patch).exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\What-If Creator 1.4.1 (With Crack).zip.vir
  [0] Archive type: ZIP
  --> What-If Creator 1.4.1 (With Crack).exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\What-If Creator 1.4.1.zip.vir
  [0] Archive type: ZIP
  --> What-If Creator 1.4.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\WildSavers Screensaver - Flowers ws-0001 1.0.zip.vir
  [0] Archive type: ZIP
  --> WildSavers Screensaver - Flowers ws-0001 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\WinDirLister 2.0.zip.vir
  [0] Archive type: ZIP
  --> WinDirLister 2.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\Windows Text Copyer 1.0.0.1.zip.vir
  [0] Archive type: ZIP
  --> Windows Text Copyer 1.0.0.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\WinFax Pro Automator for Word 2.0 Serial.zip.vir
  [0] Archive type: ZIP
  --> WinFax Pro Automator for Word 2.0 Serial.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\WinRescue 2000 2.08.zip.vir
  [0] Archive type: ZIP
  --> WinRescue 2000 2.08.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.MM
      [INFO]      The file was deleted!
C:\QooBox\Quarantine\C\Users\daniel\AppData\Roaming\m\shared\WinSafe 2001 3.2.03.zip.vir
  [0] Archive type: ZIP
  --> WinSafe 2001 3.2.03.exe
      [DETECTIO

Utilisateur anonyme · Answer

Reposte un rapport HJT stp.

++

Wolfman59760 · Answer

le rapport hijacthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:38, on 2008-04-05
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32	askeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\USB Disk Win98 Driver\Res.exe
C:\Windows\FixCamera.exe
C:\Windows\V0350Mon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\SYSTEM32	askeng.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\eMule\emule.exe
C:\Users\daniel\Desktop\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [C:\Windows\system32\V0350Cvw.dll] C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0350Cvw.dll
O4 - HKLM\..\Run: [V0350Mon.exe] C:\Windows\V0350Mon.exe
O4 - HKLM\..\Run: [LXDDCATS] rundll32 \3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\Its Label\ItsTV\ItsTV.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Philips Intelligent Agent] NOT_IN_USE_DUMMY_PATH
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O13 - Gopher Prefix: 
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxdd_device -   - C:\Windows\system32\lxddcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Utilisateur anonyme · Answer

Re ,

&#8594; Relance hijackthis , en menu principal choisis ' Do a system scan ' Et fixe ces/cette ligne(s) : ( coche la case à leurs gauches )


O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing) 



Ferme toutes les fenêtres (hormis Hijackthis), y compris ton navigateur web. 

&#8594; clique sur  ' fixchecked '

****************************************

Concernant BOONTY GAMES , je te l'ai fait désinstallé ... pourquoi ?



Politique de Boonty games :

"Il se peut que nous partagions aussi des informations payantes avec des tiers
qui fournissent des services payants et partage des données regroupées montrant le type
et le nombre de jeux videos que vous téléchargez, votre age, votre sexe, vos occupations,
niveau d'éducation, localité géographique, données sur l'équipement de votre ordinateur,
internet et intérêts pour les jeux videos, activités et entrainement des jeux édités.
De plus, nous partageons les adresses email avec des tiers fournisseurs de comptes mails
qui nous assistent en envoyant nos mails a de nombreux clients en même temps..." 


En gros ils divulguent des informations personnelles à d'autres sociétées , qui bien évidemment se feront une joie de spammer ta boite mail , et autres réjouissances ...


1) Arrête le service :


Touche ' Windows+R ' ( reviens à executer ) > ' services.msc ' ,

- Clic droit sur le service cité -  Boonty games
- propriétés
- et dans "type de démarrage" et mets le sur « désactivé ».
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté » 

Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html


********************

&#8594; Télécharge clean : http://www.malekal.com/download/clean.zip

&#8594; Dézippe-le ( clique droit , extraire tout)

&#8594; Lance clean.cmd ( ou clean ) en faisant un clique droit dessus ' Executer en tant d'administrateur ' 

&#8594; Au menu principal , Choisi l'option 1 et poste moi le rapport.

(- Où est le rapport clean ? : « Ordinateur » / double clic sur disque « C / » double-clic sur « rapport_clean.txt » et « copier/coller le contenu » sur le forum. ) 

Note : Tu auras peut-être un message qui t'invitera a uploader un fichier , fait-le dès que tu pourras. 


A+

Wolfman59760 · Answer

je sais pas comment sa se fait mais quand j'extrais tout de clean , antivir dit qu'il y a des virus 
je peu faire quoi ?

Utilisateur anonyme · Answer

Ignore , faux-positif.
Désactive l'AV le temps du scan eu pire.
++

Wolfman59760 · Answer

excuse moi j'ai beau faire comme tu me dit sa va pas dans le dossier clean j'ai beau cliquè sur tout ce qui y a a l'intèrieur 
mais rien ne se passe sauf clean et quand je clique dessus une fenètre msdos s'ouvre et il y est ècrit de taper sur une touche pour continuer je le fait mais sa reècrit taper pour continuer donc je le fait et là plus rien la fenètre disparè je fait quoi?

Wolfman59760 · Answer

voila le rapport clean :
 2008-04-05 a 21:03:28.75 
 
*** Recherche  C: 
 
*** Recherche  C:\Windows\ 
 
*** Recherche  C:\Windows\system32 
C:\Windows\system32\wininit.exe FOUND 
C:\Windows\system32\wininit.exe FOUND 
 
*** Recherche  C:\Program Files 
*** End of the report !

Utilisateur anonyme · Answer

Re ,  

C'est ok.

Wininit.exe est légitime sous Vista =)

****************************************

_Maintenant , nous allons supprimer les logiciels de désinfection que je t'ai fait téléchargé.
En effet , s'en servir est dangereux pour le pc si l'on ne s'y connais pas.
De plus ils sont mis régulièrement à jours.


&#8594; Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.

&#8594; Double clique sur ToolsCleaner2.exe >
&#8594; Clique sur .Recherche
&#8594; puis sur Suppression quand la liste est trouvée.
&#8594; Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 


(CTRL+A Pour tout selectionner  , CTRL+C pour copier et CTRL+V pour coller )
 
Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

Tuto : http://www.commentcamarche.net/faq/sujet 8341 toolscleaner suppression des fix de force brute ( merci espion3004 )

*********************************

Maintenant que ton pc n'est plus infecté creer un nouveau point de restauration 

https://www.astucesinternet.com/modules/smartfaq/faq.php?faqid=113

*****************************

1) Télécharge Ncleaner sur ton bureau , double clique sur le fichier d'installation et installe le logiciel.


2) Double clique sur l'icône crée sur le bureau et choisi ' cleansystem '

3) A gauche de l'écran , sous ' clean system and applications ' vérifie que seulement les 4 premières cases soit cochées , puis clique sur  ' clean now ' > ' analyze ' 

--- Le programme va rechercher les fichier inutiles ---

Une fois l'analyse terminée , clique sur ' Clean ' et repond ' Yes ' a la demande de confirmation.

Cela terminé , clique sur ' Done ' 

4) Reprend l'étape 2 et choisi cette fois ci ' Registry clean and repair ' vérifie que toute les cases soient cochées et clique sur ' Clean now ' ( dans la colonne de droite cette fois-ci ) > ' Scan '  

--- Le programme va rechercher les clées de registre invalides ---

Une fois le scan terminé , clique sur ' Remove ' et repond ' Yes ' a la demande de confirmation.

Cela terminé , clique sur ' Done ' 


***********************


Rapport Toolscleaner stp.

++

Wolfman59760 · Answer

voila Tcleaner : 
-->- Recherche: 

C:\Combofix: trouvé !
C:\Qoobox: trouvé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RGV71TU\clean	ar.exe: trouvé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RGV71TU\cleanemove.reg: trouvé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RGV71TU\clean\pskill.exe: trouvé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RGV71TU\clean\LFiles.exe: trouvé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RGV71TU\clean\gzip.exe: trouvé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RGV71TU\clean\delsiri.cmd: trouvé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RGV71TU\clean\delr.cmd: trouvé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RGV71TU\clean\del3.cmd: trouvé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RGV71TU\clean\del2.cmd: trouvé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RGV71TU\clean\cherche.cmd: trouvé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RIJKUEY\clean\LFiles.exe: trouvé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RIJKUEY\clean\gzip.exe: trouvé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RIJKUEY\clean\delsiri.cmd: trouvé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RIJKUEY\clean\delr.cmd: trouvé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RIJKUEY\clean\del3.cmd: trouvé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RIJKUEY\clean\del2.cmd: trouvé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RIJKUEY\clean\clean.cmd: trouvé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RIJKUEY\clean\cherche.cmd: trouvé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RYN081D\clean	ar.exe: trouvé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RYN081D\cleanemove.reg: trouvé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RYN081D\clean\pskill.exe: trouvé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RYN081D\clean\LFiles.exe: trouvé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RYN081D\clean\gzip.exe: trouvé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RYN081D\clean\delsiri.cmd: trouvé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RYN081D\clean\delr.cmd: trouvé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RYN081D\clean\del3.cmd: trouvé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RYN081D\clean\del2.cmd: trouvé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RYN081D\clean\clean.cmd: trouvé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RYN081D\clean\cherche.cmd: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Navilog1: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé !
C:\QooBox\Quarantine\C\Program Files\Navilog1: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\Navilog1: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Navilog1: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé !
C:\Users\daniel\Desktop\HijackThis.lnk: trouvé !
C:\Users\daniel\Desktop\HJTInstall.exe: trouvé !
C:\Users\daniel\Documents\Programmes\Racourci\Navilog1.lnk: trouvé !

---------------------------------
-->- Suppression: 

C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RGV71TU\clean	ar.exe: supprimé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RGV71TU\cleanemove.reg: supprimé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RGV71TU\clean\pskill.exe: supprimé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RGV71TU\clean\LFiles.exe: supprimé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RGV71TU\clean\gzip.exe: supprimé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RGV71TU\clean\delsiri.cmd: supprimé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RGV71TU\clean\delr.cmd: supprimé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RGV71TU\clean\del3.cmd: supprimé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RGV71TU\clean\del2.cmd: supprimé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RGV71TU\clean\cherche.cmd: supprimé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RIJKUEY\clean\LFiles.exe: supprimé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RIJKUEY\clean\gzip.exe: supprimé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RIJKUEY\clean\delsiri.cmd: supprimé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RIJKUEY\clean\delr.cmd: supprimé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RIJKUEY\clean\del3.cmd: supprimé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RIJKUEY\clean\del2.cmd: supprimé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RIJKUEY\clean\clean.cmd: supprimé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RIJKUEY\clean\cherche.cmd: supprimé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RYN081D\clean	ar.exe: supprimé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RYN081D\cleanemove.reg: supprimé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RYN081D\clean\pskill.exe: supprimé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RYN081D\clean\LFiles.exe: supprimé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RYN081D\clean\gzip.exe: supprimé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RYN081D\clean\delsiri.cmd: supprimé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RYN081D\clean\delr.cmd: supprimé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RYN081D\clean\del3.cmd: supprimé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RYN081D\clean\del2.cmd: supprimé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RYN081D\clean\clean.cmd: supprimé !
C:\$Recycle.Bin\S-1-5-21-433937116-2697689707-203461057-1002\$RYN081D\clean\cherche.cmd: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: ERREUR DE SUPPRESSION !!
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: ERREUR DE SUPPRESSION !!
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: ERREUR DE SUPPRESSION !!
C:\Users\daniel\Desktop\HijackThis.lnk: supprimé !
C:\Users\daniel\Desktop\HJTInstall.exe: supprimé !
C:\Users\daniel\Documents\Programmes\Racourci\Navilog1.lnk: supprimé !
C:\Combofix: supprimé !
C:\Qoobox: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Navilog1: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1: ERREUR DE SUPPRESSION !!
C:\QooBox\Quarantine\C\Program Files\Navilog1: ERREUR DE SUPPRESSION !!
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\Navilog1: ERREUR DE SUPPRESSION !!
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: ERREUR DE SUPPRESSION !!
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Navilog1: ERREUR DE SUPPRESSION !!

Utilisateur anonyme · Answer

Re , 

Relance Toolscleaner en mode sans echec stp.
> Poste le rapport.
++

Wolfman59760 · Answer

voila toolscleaner :
-->- Recherche: 

\Qoobox: trouvé !
\Program Files\Trend Micro\HijackThis: trouvé !
\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
\ProgramData\Microsoft\Windows\Start Menu\Programmes\Navilog1: trouvé !
\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1: trouvé !
\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé !
\QooBox\Quarantine\C\Program Files\Navilog1: trouvé !
\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
\Users\All Users\Microsoft\Windows\Start Menu\Programmes\Navilog1: trouvé !
\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
\Users\All Users\Microsoft\Windows\Start Menu\Programs\Navilog1: trouvé !
\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
\Users\All Users\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé !
\Windows\System32\config\systemprofile\Desktop\HijackThis.lnk: trouvé !
\Windows\System32\config\systemprofile\Desktop\Clean.zip: trouvé !
\Windows\System32\config\systemprofile\Desktop\clean\clean	ar.exe: trouvé !
\Windows\System32\config\systemprofile\Desktop\clean\cleanemove.reg: trouvé !
\Windows\System32\config\systemprofile\Desktop\clean\clean\pskill.exe: trouvé !
\Windows\System32\config\systemprofile\Desktop\clean\clean\LFiles.exe: trouvé !
\Windows\System32\config\systemprofile\Desktop\clean\clean\gzip.exe: trouvé !
\Windows\System32\config\systemprofile\Desktop\clean\clean\delsiri.cmd: trouvé !
\Windows\System32\config\systemprofile\Desktop\clean\clean\delr.cmd: trouvé !
\Windows\System32\config\systemprofile\Desktop\clean\clean\del3.cmd: trouvé !
\Windows\System32\config\systemprofile\Desktop\clean\clean\del2.cmd: trouvé !
\Windows\System32\config\systemprofile\Desktop\clean\clean\clean.cmd: trouvé !
\Windows\System32\config\systemprofile\Desktop\clean\clean\cherche.cmd: trouvé !

---------------------------------
-->- Suppression: 

\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: supprimé !
\Windows\System32\config\systemprofile\Desktop\HijackThis.lnk: supprimé !
\Windows\System32\config\systemprofile\Desktop\Clean.zip: supprimé !
\Windows\System32\config\systemprofile\Desktop\clean\clean	ar.exe: supprimé !
\Windows\System32\config\systemprofile\Desktop\clean\cleanemove.reg: supprimé !
\Windows\System32\config\systemprofile\Desktop\clean\clean\pskill.exe: supprimé !
\Windows\System32\config\systemprofile\Desktop\clean\clean\LFiles.exe: supprimé !
\Windows\System32\config\systemprofile\Desktop\clean\clean\gzip.exe: supprimé !
\Windows\System32\config\systemprofile\Desktop\clean\clean\delsiri.cmd: supprimé !
\Windows\System32\config\systemprofile\Desktop\clean\clean\delr.cmd: supprimé !
\Windows\System32\config\systemprofile\Desktop\clean\clean\del3.cmd: supprimé !
\Windows\System32\config\systemprofile\Desktop\clean\clean\del2.cmd: supprimé !
\Windows\System32\config\systemprofile\Desktop\clean\clean\clean.cmd: supprimé !
\Windows\System32\config\systemprofile\Desktop\clean\clean\cherche.cmd: supprimé !
\Qoobox: supprimé !
\Program Files\Trend Micro\HijackThis: supprimé !
\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
\ProgramData\Microsoft\Windows\Start Menu\Programmes\Navilog1: ERREUR DE SUPPRESSION !!
\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !
\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1: supprimé !

Utilisateur anonyme · Answer

Re , 

Sa ira ,

> Supprime Toolscleaner.

Voila mon aide s'arrête la.


-------------Infos-------------

Ce lien explique ce que sont les pirates , leurs méthodes ,  comment les contrer , et la prévention 

Trojans .. Comment ça marche ? 

( merci espion3004)

****************************
J'utilise une version piratée !

Pourquoi sécuriser mon pc ?




de la lecture pour avoir une attitude sensée sur le web ... n'est-ce pas ? :p

si tu as des questions ...

J'espere ne jamais plus te revoir sur le forum virus/sécurité   !



Bonne continuation

Wolfman59760 · Answer

je voulias te remercier pour tout ce que tu as fait  cet fois ci et la dernière fois tu est le meilleur merci encore 
je voulais te demandè un dernier service j'ai perdue ma corbeille et je n'ai plus qu'un raccourci je doit faire comment pour la rècuperè et j'espère retombè sur toi si il d'autre problème :-p

Utilisateur anonyme · Answer

Re , 

De rien ;)
Pour la corbeille , 

Clique droit sur bureau > personnaliser > " changer les icones du bureau " ( au haut à droite )  > cocha la case devant corbeille , et voila  ;)

A+

Wolfman59760 · Answer

je te remercie du fond du coeur un très très très grand merci a plus bonne nuit a toi et bonne continuation merci encore :-D

Aider moi je suis bloquer je sais pas quoi fa

54 réponses

Discussions similaires

Newsletters