Actualité informatique
Test comparatif matériel informatique
Jeux vidéo
Astuces informatique
Vidéo
Télécharger
Services en ligne
Forum informatique
01Business
  01net


||-  SECURITE


||||-  

Suite virus downloader => Bureau windows tout bleu

 

1 utilisateur anonyme et 241 utilisateurs inconnus
Ajouter une réponse
 

 
Page photos
 
 Mot :  Pseudo :  
Vider la liste des messages à citer
 
 Page :
1
Auteur
 Sujet :

Suite virus downloader => Bureau windows tout bleu

Prévenir les modérateurs en cas d'abus 
  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 04/07/2007 à 15:37:09  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour,

 Norton m'a détecté le virus downloader et après un scan et un redémarrage je n'ai plus rien sur mon bureau. Je suis obligé de faire ctrl+alt+sup pour passer par le gestionnaire de taches et ouvrir mes programmes. Idem en mode sans échec, écran noir. Le clic droit sur le bureau n'a plus aucun effet, c'est bloqué.

 AVG a mis ce virus en quarantaine mais cela n'a pas résolu le problème du bureau !

 C'est grave docteur :pleure:

 Merci d'avance pour votre aide

  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 04/07/2007 à 16:59:43  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour küçükküçük,

 voici le rapport hijackthis.

 Merci pour votre aide !

 **********

 Logfile of HijackThis v1.99.1
 Scan saved at 16:55:34, on 04/07/2007
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\csrss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
 C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
 C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
 C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
 C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
 C:\WINDOWS\system32\spoolsv.ex​e
 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
 C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
 C:\Program Files\Norton AntiVirus\navapsvc.exe
 C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
 C:\Program Files\Spyware Doctor\svcntaux.exe
 C:\Program Files\Spyware Doctor\swdsvc.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\Program Files\Spyware Doctor\SDTrayApp.exe
 C:\WINDOWS\System32\alg.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\Mozilla Firefox\firefox.exe
 C:\WINDOWS\system32\taskmgr.ex​e
 C:\Program Files\eBay\Turbo Lister2\tl.exe
 C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\Ipe40.exe
 C:\PROGRA~1\HEWLET~1\HP Share-to-Web\hpgs2wnf.exe
 C:\Program Files\hijackthis\scanner.exe

 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Toolbar,LinksFolderNa​me = Liens
 R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-00902​71D4F88} - (no file)
 O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\​AcroIEHelper.dll
 O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420​C6B61F1} - C:\WINDOWS\system32\mmjlsbmy.d​ll
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv​.dll
 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5​E23E045} - (no file)
 O2 - BHO: (no name) - {8BF884A4-CF81-4E00-B7C1-076FC​E6CFDD7} - C:\WINDOWS\system32\opnmnnn.dl​l
 O2 - BHO: (no name) - {8F0D93AA-7D90-4B33-A79E-8C2FE​BA33BC1} - C:\WINDOWS\system32\vtsqo.dll
 O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB​6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
 O2 - BHO: (no name) - {F7875B61-32B8-4EC3-A594-CAC3C​14604BD} - C:\WINDOWS\system32\vtsqo.dll
 O3 - Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC​7DF67CE} - (no file)
 O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066​696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.​exe
 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,​NvStartup
 O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
 O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.d​ll,NvTaskbarInit
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jus​ched.exe"
 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
 O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
 O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
 O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
 O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\wgfkccjk.​dll",forkonce
 O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
 O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
 O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
 O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
 O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.h​tml
 O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Off​ice10\EXCEL.EXE/3000
 O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-08002​00c9a66} - %windir%\bdoscandel.exe (file missing)
 O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-08002​00c9a66} - %windir%\bdoscandel.exe (file missing)
 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C​29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr [...] nicode.cab
 O16 - DPF: {26CBF141-7D0F-46E1-AA06-71895​8B6E4D2} - http://download.ebay.com/turbo [...] nstall.cab
 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730​F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E​0DC46EF} - http://drivers1.free.fr/hardwaredetection.cab
 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305​202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.​dll
 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305​202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.​dll
 O20 - Winlogon Notify: opnmnnn - C:\WINDOWS\SYSTEM32\opnmnnn.dl​l
 O20 - Winlogon Notify: vtsqo - C:\WINDOWS\system32\vtsqo.dll
 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.d​ll
 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D52​4869DB5} - C:\WINDOWS\system32\WPDShServi​ceObj.dll
 O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
 O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1​1\Intel 32\IDriverT.exe
 O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
 O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
 O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
 O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.ex​e (file missing)
 O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
 O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
 O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
 O23 - Service: Service CANALPLAY - Unknown owner - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe (file missing)
 O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
 O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
 O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

(Publicité)
  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 04/07/2007 à 20:00:31  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
et voila le rapport smitfraudfix

 **********

 SmitFraudFix v2.200

 Rapport fait à 19:56:33,65, 04/07/2007
 Executé à partir de C:\Documents and Settings\Administrateur\Bureau​\SmitfraudFix
 OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
 Le type du système de fichiers est NTFS
 Fix executé en mode normal

  » » » » » » » » » » » » » » » » » » » » » » » » Process

 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\csrss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
 C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
 C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
 C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
 C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
 C:\WINDOWS\system32\spoolsv.ex​e
 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
 C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
 C:\Program Files\Norton AntiVirus\navapsvc.exe
 C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
 C:\Program Files\Spyware Doctor\svcntaux.exe
 C:\Program Files\Spyware Doctor\swdsvc.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\Program Files\Spyware Doctor\SDTrayApp.exe
 C:\WINDOWS\System32\alg.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\Mozilla Firefox\firefox.exe
 C:\WINDOWS\system32\taskmgr.ex​e
 C:\Program Files\eBay\Turbo Lister2\tl.exe
 C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\Ipe40.exe
 C:\PROGRA~1\HEWLET~1\HP Share-to-Web\hpgs2wnf.exe
 C:\WINDOWS\system32\cmd.exe
 C:\WINDOWS\system32\wbem\wmipr​vse.exe

  » » » » » » » » » » » » » » » » » » » » » » » » hosts


  » » » » » » » » » » » » » » » » » » » » » » » » C:\


  » » » » » » » » » » » » » » » » » » » » » » » » C:\WINDOWS


  » » » » » » » » » » » » » » » » » » » » » » » » C:\WINDOWS\system


  » » » » » » » » » » » » » » » » » » » » » » » » C:\WINDOWS\Web


  » » » » » » » » » » » » » » » » » » » » » » » » C:\WINDOWS\system32


  » » » » » » » » » » » » » » » » » » » » » » » » C:\WINDOWS\system32\LogFiles


  » » » » » » » » » » » » » » » » » » » » » » » » C:\Documents and Settings\Administrateur


  » » » » » » » » » » » » » » » » » » » » » » » » C:\Documents and Settings\Administrateur\Applic​ation Data


  » » » » » » » » » » » » » » » » » » » » » » » » Menu Démarrer


  » » » » » » » » » » » » » » » » » » » » » » » » C:\DOCUME~1\ADMINI~1\Favoris


  » » » » » » » » » » » » » » » » » » » » » » » » Bureau


  » » » » » » » » » » » » » » » » » » » » » » » » C:\Program Files


  » » » » » » » » » » » » » » » » » » » » » » » » Clés corrompues


  » » » » » » » » » » » » » » » » » » » » » » » » Eléments du bureau
 
 

  » » » » » » » » » » » » » » » » » » » » » » » » Sharedtaskscheduler
 !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 SrchSTS.exe by S!Ri
 Search SharedTaskScheduler's .dll


  » » » » » » » » » » » » » » » » » » » » » » » » AppInit_DLLs
 !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows NT\CurrentVersion\Windows]
 "AppInit_DLLs"=""


  » » » » » » » » » » » » » » » » » » » » » » » » Winlogon.System
 !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows NT\CurrentVersion\Winlogon]
 "System"=""


  » » » » » » » » » » » » » » » » » » » » » » » » Rustock



  » » » » » » » » » » » » » » » » » » » » » » » » DNS

 Description: ADI USB Remote NDIS Network Device #2 - Miniport d'ordonnancement de paquets
 DNS Server Search Order: 192.168.1.1
 DNS Server Search Order: 0.0.0.0

 HKLM\SYSTEM\CCS\Services\Tcpip​\..\{DD05ECAB-7BE4-406B-8996-2​96D60D1CDA7}: DhcpNameServer=192.168.1.1 0.0.0.0
 HKLM\SYSTEM\CS2\Services\Tcpip​\..\{DD05ECAB-7BE4-406B-8996-2​96D60D1CDA7}: DhcpNameServer=192.168.1.1 0.0.0.0
 HKLM\SYSTEM\CS3\Services\Tcpip​\..\{DD05ECAB-7BE4-406B-8996-2​96D60D1CDA7}: DhcpNameServer=192.168.1.1 0.0.0.0
 HKLM\SYSTEM\CCS\Services\Tcpip​\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
 HKLM\SYSTEM\CS2\Services\Tcpip​\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
 HKLM\SYSTEM\CS3\Services\Tcpip​\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0


  » » » » » » » » » » » » » » » » » » » » » » » » Recherche infection wininet.dll


  » » » » » » » » » » » » » » » » » » » » » » » » Fin

  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 04/07/2007 à 20:44:53  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
voila Mr !

 Merci pour le temps que vous m'accordez.

 **********

 DiagHelp version v1.1.2 - http://www.malekal.com
 excute le 04/07/2007 à 20:36:09,73
 
 
 Liste des derniers fichies modifies/crees dans windir\system32
 C:\WINDOWS\System32/drivers\TC​PIP.SYS.ORIGINAL -->23/06/2007 13:25:01
 C:\WINDOWS\System32/drivers\TC​PIP.SYS -->23/06/2007 13:25:01
 C:\WINDOWS\System32/drivers\Av​gAsCln.sys -->30/05/2007 14:10:42
 C:\WINDOWS\System32/drivers\ik​syssec.sys -->14/05/2007 18:29:21
 C:\WINDOWS\System32/drivers\ik​sysflt.sys -->14/05/2007 18:29:11
 C:\WINDOWS\System32/drivers\kc​om.sys -->14/05/2007 18:28:50
 C:\WINDOWS\System32/drivers\ik​filesec.sys -->14/05/2007 18:28:49

 C:\WINDOWS\System32\iklog.log -->04/07/2007 20:29:27
 C:\WINDOWS\System32\tmp.txt -->04/07/2007 19:58:01
 C:\WINDOWS\System32\tmp.reg -->04/07/2007 19:58:01
 C:\WINDOWS\System32\wpa.dbl -->04/07/2007 12:52:06
 C:\WINDOWS\System32\oqstv.ini2 -->03/07/2007 20:10:39
 C:\WINDOWS\System32\kjcckfgw.i​ni -->03/07/2007 19:26:55
 C:\WINDOWS\System32\wgfkccjk.d​ll -->03/07/2007 19:26:40
 C:\WINDOWS\System32\oqstv.bak2 -->03/07/2007 19:21:14
 C:\WINDOWS\System32\mfwvyvko.i​ni -->03/07/2007 19:10:40
 C:\WINDOWS\System32\okvyvwfm.d​ll -->03/07/2007 19:10:27
 C:\WINDOWS\System32\roaocxcn.i​ni -->03/07/2007 18:13:44
 C:\WINDOWS\System32\ncxcoaor.d​ll -->03/07/2007 18:12:53
 C:\WINDOWS\System32\vbjfnatq.i​ni -->03/07/2007 18:12:20
 C:\WINDOWS\System32\nvapps.xml -->03/07/2007 18:10:51
 C:\WINDOWS\System32\spupdsvc.i​nf -->03/07/2007 17:00:33
 C:\WINDOWS\System32\djrhartm.i​ni -->03/07/2007 15:16:15
 C:\WINDOWS\System32\qjhgifmf.i​ni -->03/07/2007 15:14:32
 C:\WINDOWS\System32\mtrahrjd.d​ll -->03/07/2007 15:02:51
 C:\WINDOWS\System32\qybnulrx.i​ni -->03/07/2007 12:55:32
 C:\WINDOWS\System32\oqstv.ini -->03/07/2007 12:23:22
 C:\WINDOWS\System32\oqstv.tmp -->03/07/2007 12:06:15
 C:\WINDOWS\System32\oqstv.bak1 -->03/07/2007 11:50:59
 C:\WINDOWS\System32\vtsqo.dll -->03/07/2007 11:50:21
 C:\WINDOWS\System32\efcawvs.dl​l -->03/07/2007 11:35:10
 C:\WINDOWS\System32\opnmnnn.dl​l -->03/07/2007 11:34:25

 C:\WINDOWS\wiadebug.log -->04/07/2007 16:33:24
 C:\WINDOWS\0.log -->04/07/2007 13:32:37
 C:\WINDOWS\WindowsUpdate.log -->04/07/2007 13:31:20
 C:\WINDOWS\wiaservc.log -->04/07/2007 13:31:13
 C:\WINDOWS\bootstat.dat -->04/07/2007 13:29:28
 C:\WINDOWS\SchedLgU.Txt -->03/07/2007 21:34:53
 C:\WINDOWS\NeroDigital.ini -->24/06/2007 22:22:50
 C:\WINDOWS\TemplateWizard.INI -->22/06/2007 16:29:04
 C:\WINDOWS\Hposcv07.INI -->15/05/2007 08:14:51
 C:\WINDOWS\pack.epk -->10/05/2007 18:22:44
 C:\WINDOWS\Iedit.INI -->01/05/2007 15:30:25
 C:\WINDOWS\mozver.dat -->21/03/2007 14:24:16
 C:\WINDOWS\ODBC.INI -->21/03/2007 11:04:08
 C:\WINDOWS\win.ini -->21/03/2007 11:02:55
 C:\WINDOWS\AviSplitter.INI -->14/02/2007 21:37:15

 
 Le volume dans le lecteur C n'a pas de nom.
 Le numéro de série du volume est C067-799D

 Répertoire de C:\WINDOWS\system32

 04/08/2004  02:54             6 144 csrss.exe

1 fichier(s)            6 144 octets

0 Rép(s)   2 321 547 264 octets libres
 
 Contenu de Downloaded Program Files
 Le volume dans le lecteur C n'a pas de nom.
 Le numéro de série du volume est C067-799D

 Répertoire de C:\WINDOWS\Downloaded Program Files

 04/07/2007  13:04    <REP>          .
 04/07/2007  13:04    <REP>          ..
 07/12/2004  17:07                32 bdcore.dll
 25/05/2006  01:21           118 784 bdupd.dll
 14/07/2005  11:08                65 desktop.ini
 23/03/2007  12:17             1 292 erma.inf
 03/10/2005  13:05             2 187 HardwareDetection.inf
 25/05/2006  01:21            53 248 ipsupd.dll
 09/11/2006  17:04               896 jinstall-1_5_0_10.inf
 08/08/2006  11:45               576 kavwebscan.inf
 16/03/2005  12:34             7 407 lang.ini
 07/12/2004  17:07                32 libfn.dll
 14/03/2005  14:38               126 live.ini
 20/01/2000  15:25             1 162 Microsoft XML Parser for Java.osd
 01/06/2006  02:57             1 331 oscan8.inf
 01/06/2006  02:54           471 040 oscan8.ocx
 31/05/2006  04:15                10 oscan81.ocx_x
 14/03/2005  14:58             7 073 scanoptions.tsi
 02/09/2004  18:23               289 Setup.inf

17 fichier(s)          665 550 octets

Total des fichiers listés :

17 fichier(s)          665 550 octets

2 Rép(s)   2 321 543 168 octets libres
 
 Recherche de rootkit! (Merci S!Ri)
 infection possible Magic.Control : un scan F-Secure BlackLight est recommandé
 
 Recherche d'infections connues

 Export des clefs sensibles..
 
 Liste des fichiers en exception sur le pare-feu XP SP2

 "%windir%\\system32\\sessmgr.e​xe"="%windir%\\system32\\sessm​gr.exe:*:enabled:@xpsp2res.dll​,-22019"
 "D:\\Program Files\\DC++\\DCPlusPlus.exe"="​D:\\Program Files\\DC++\\DCPlusPlus.exe:*:​Enabled:DC++"
 "C:\\Program Files\\Ahead\\Nero\\nero.exe"=​"C:\\Program Files\\Ahead\\Nero\\nero.exe:*​:Enabled:Nero Burning ROM"
 "D:\\Program Files\\eDonkey2000\\edonkey200​0.exe"="D:\\Program Files\\eDonkey2000\\edonkey200​0.exe:*:Enabled:edonkey2000"
 "C:\\Documents and Settings\\Administrateur\\Mes documents\\aMule-2.1.0-Win32\\​amule.exe"="C:\\Documents and Settings\\Administrateur\\Mes documents\\aMule-2.1.0-Win32\\​amule.exe:*:Enabled:amule"
 "D:\\aMule-2.1.0-Win32\\amule.​exe"="D:\\aMule-2.1.0-Win32\\a​mule.exe:*:Enabled:amule"
 "D:\\eMule\\emule.exe"="D:\\eM​ule\\emule.exe:*:Enabled:eMule​"
 "C:\\Program Files\\Namo\\WebBoard Trial\\Server\\MySQL\\bin\\mys​qld.exe"="C:\\Program Files\\Namo\\WebBoard Trial\\Server\\MySQL\\bin\\mys​qld.exe:*:Enabled:mysqld"
 "C:\\Program Files\\Namo\\WebEditor 6 Trial\\bin\\WebEditor.exe"="C:​\\Program Files\\Namo\\WebEditor 6 Trial\\bin\\WebEditor.exe:*:En​abled:Namo WebEditor 6"
 "C:\\Program Files\\Maïdo Production\\IziWebFiles\\IziWe​bFiles.exe"="C:\\Program Files\\Maïdo Production\\IziWebFiles\\IziWe​bFiles.exe:*:Enabled:IziWebFil​es"
 "D:\\eDonkey2000\\edonkey2000.​exe"="D:\\eDonkey2000\\edonkey​2000.exe:*:Enabled:edonkey2000​"
 "C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"="C:\\P​rogram Files\\Ahead\\Nero ShowTime\\ShowTime.exe:*:Enabl​ed:Nero ShowTime"
 "C:\\WINDOWS\\system32\\fxscln​t.exe"="C:\\WINDOWS\\system32\​\fxsclnt.exe:*:Enabled:Microso​ft  Fax Console"
 "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%w​indir%\\Network Diagnostic\\xpnetdiag.exe:*:En​abled:@xpsp3res.dll,-20000"
 "C:\\Program Files\\Zapu\\Zapu\\wDivi.exe"=​"C:\\Program Files\\Zapu\\Zapu\\wDivi.exe:*​:Disabled:Zapu Control"
 "C:\\Program Files\\Skype\\Phone\\Skype.exe​"="C:\\Program Files\\Skype\\Phone\\Skype.exe​:*:Enabled:Skype"
 "C:\\Program Files\\Namo\\WebEditor 5 Trial\\bin\\WebEditor.exe"="C:​\\Program Files\\Namo\\WebEditor 5 Trial\\bin\\WebEditor.exe:*:En​abled:Namo WebEditor 5"
 "C:\\Program Files\\THQ\\Dawn Of War\\W40k.exe"="C:\\Program Files\\THQ\\Dawn Of War\\W40k.exe:*:Enabled:W40k"
 "D:\\Program Files\\Valve\\Steam\\SteamApps​\\alaskaman\\counter-strike source\\hl2.exe"="D:\\Program Files\\Valve\\Steam\\SteamApps​\\alaskaman\\counter-strike source\\hl2.exe:*:Disabled:hl2​"
 "C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"="C​:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe:*:E​nabled:Lecteur CANALPLAY"
 "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"​="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:​*:Enabled:VLC media player"
 "C:\\Program Files\\DMV\\MaxTV\\MaxTV.exe"=​"C:\\Program Files\\DMV\\MaxTV\\MaxTV.exe:*​:Enabled:MaxTV"
 "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\P​rogram Files\\MSN Messenger\\msnmsgr.exe:*:Enabl​ed:Windows Live Messenger 8.1"
 "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\​Program Files\\MSN Messenger\\livecall.exe:*:Enab​led:Windows Live Messenger 8.1 (Phone)"
 "C:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"="C:\\Prog​ram Files\\Microsoft Games\\Age of Mythology\\aomx.exe:*:Enabled:​Age of Mythology - The Titans Expansion"

 "%windir%\\system32\\sessmgr.e​xe"="%windir%\\system32\\sessm​gr.exe:*:enabled:@xpsp2res.dll​,-22019"
 "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%w​indir%\\Network Diagnostic\\xpnetdiag.exe:*:En​abled:@xpsp3res.dll,-20000"
 "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\P​rogram Files\\MSN Messenger\\msnmsgr.exe:*:Enabl​ed:Windows Live Messenger 8.1"
 "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\​Program Files\\MSN Messenger\\livecall.exe:*:Enab​led:Windows Live Messenger 8.1 (Phone)"
 
 Export de la clef SharedTaskScheduler

 [SharedTaskScheduler]
 "{438755C2-A8BA-11D1-B96B-00A0​C90312E1}"="Pré-chargeur Browseui"
 "{8C7461EF-2B13-11d2-BE35-3078​302C2030}"="Démon de cache des catégories de composant"

 Rechercher adresses sensibles dans le fichier HOSTS...
 
 
 
 catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
 Rootkit scan 2007-07-04 20:40:09
 Windows 5.1.2600 Service Pack 2 NTFS

 scanning hidden services ...

 scanning hidden autostart entries ...

 scanning hidden files ...

 scan completed successfully
 hidden services: 0
 hidden files: 0

 
 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 Process list by traversal of KiWaitListHead

 4     -           System  
 276   -     ccEvtMgr.exe  
 384   -      SNDSrvc.exe  
 464   -     symlcsvc.exe  
 704   -        csrss.exe  
 728   -     winlogon.exe  
 772   -     services.exe  
 784   -        lsass.exe  
 948   -      svchost.exe  
 1028  -      svchost.exe  
 1164  -        guard.exe  
 1196  -      svchost.exe  
 1288  -      svchost.exe  
 1320  -          mdm.exe  
 1432  -      svchost.exe  
 1692  -     svcntaux.exe  
 1808  -       swdsvc.exe  
 1916  -      svchost.exe  
 2140  -          cmd.exe  
 2584  -    SDTrayApp.exe  
 2688  -       ctfmon.exe  
 2776  -      firefox.exe  
 3080  -          alg.exe  

 Total number of processes = 23
 NOTE: Under WinXP, this will not show all processes.
 
 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 Driver/Module list by traversal of PsLoadedModuleList

 804D7000 - \WINDOWS\system32\ntoskrnl.exe
 806EC000 - \WINDOWS\system32\hal.dll
 F7987000 - \WINDOWS\system32\KDCOM.DLL
 F7897000 - \WINDOWS\system32\BOOTVID.dll
 F75A7000 - ACPI.sys
 F7989000 - \WINDOWS\system32\DRIVERS\WMIL​IB.SYS
 F7596000 - pci.sys
 F75F7000 - isapnp.sys
 F798B000 - intelide.sys
 F7707000 - \WINDOWS\system32\DRIVERS\PCII​DEX.SYS
 F7607000 - MountMgr.sys
 F74D7000 - ftdisk.sys
 F798D000 - dmload.sys
 F74B1000 - dmio.sys
 F770F000 - PartMgr.sys
 F7617000 - VolSnap.sys
 F7499000 - atapi.sys
 F7627000 - disk.sys
 F7637000 - \WINDOWS\system32\DRIVERS\CLAS​SPNP.SYS
 F7479000 - fltMgr.sys
 F7467000 - sr.sys
 F7450000 - KSecDD.sys
 F7B52000 - Ntfs.sys
 F7423000 - NDIS.sys
 F7408000 - Mup.sys
 F7647000 - agp440.sys
 F7687000 - \SystemRoot\system32\DRIVERS\p​rocessr.sys
 BA3B1000 - \SystemRoot\system32\DRIVERS\n​v4_mini.sys
 BA39D000 - \SystemRoot\system32\DRIVERS\V​IDEOPRT.SYS
 F77AF000 - \SystemRoot\system32\DRIVERS\R​TL8139.SYS
 F7697000 - \SystemRoot\system32\DRIVERS\c​drom.sys
 F76A7000 - \SystemRoot\system32\DRIVERS\r​edbook.sys
 BA37A000 - \SystemRoot\system32\DRIVERS\k​s.sys
 F76B7000 - \SystemRoot\system32\DRIVERS\i​mapi.sys
 F7807000 - \SystemRoot\system32\DRIVERS\u​sbuhci.sys
 BA32F000 - \SystemRoot\system32\DRIVERS\U​SBPORT.SYS
 BA317000 - \SystemRoot\system32\drivers\a​c97intc.sys
 BA2F3000 - \SystemRoot\system32\drivers\p​ortcls.sys
 F76C7000 - \SystemRoot\system32\drivers\d​rmk.sys
 F777F000 - \SystemRoot\system32\DRIVERS\f​dc.sys
 BA2E2000 - \SystemRoot\system32\DRIVERS\s​erial.sys
 F7943000 - \SystemRoot\system32\DRIVERS\s​erenum.sys
 BA2CE000 - \SystemRoot\system32\DRIVERS\p​arport.sys
 F76D7000 - \SystemRoot\system32\DRIVERS\i​8042prt.sys
 F77C7000 - \SystemRoot\system32\DRIVERS\m​ouclass.sys
 F77D7000 - \SystemRoot\system32\DRIVERS\k​bdclass.sys
 F7ABA000 - \SystemRoot\system32\drivers\m​smpu401.sys
 BA7FC000 - \SystemRoot\system32\DRIVERS\g​ameenum.sys
 F7ABE000 - \SystemRoot\system32\DRIVERS\a​udstub.sys
 F76E7000 - \SystemRoot\system32\DRIVERS\r​asl2tp.sys
 BA7F4000 - \SystemRoot\system32\DRIVERS\n​distapi.sys
 BA2B7000 - \SystemRoot\system32\DRIVERS\n​diswan.sys
 F76F7000 - \SystemRoot\system32\DRIVERS\r​aspppoe.sys
 F7586000 - \SystemRoot\system32\DRIVERS\r​aspptp.sys
 F7727000 - \SystemRoot\system32\DRIVERS\T​DI.SYS
 BA2A6000 - \SystemRoot\system32\DRIVERS\p​sched.sys
 F7576000 - \SystemRoot\system32\DRIVERS\m​sgpc.sys
 F774F000 - \SystemRoot\system32\DRIVERS\p​tilink.sys
 F775F000 - \SystemRoot\system32\DRIVERS\r​aspti.sys
 BA1D5000 - \SystemRoot\system32\DRIVERS\r​dpdr.sys
 F7566000 - \SystemRoot\system32\DRIVERS\t​ermdd.sys
 F7997000 - \SystemRoot\system32\DRIVERS\s​wenum.sys
 BA1A1000 - \SystemRoot\system32\DRIVERS\u​pdate.sys
 BA728000 - \SystemRoot\system32\DRIVERS\m​ssmbios.sys
 F7556000 - \SystemRoot\System32\Drivers\N​DProxy.SYS
 F7546000 - \SystemRoot\system32\DRIVERS\u​sbhub.sys
 F799F000 - \SystemRoot\system32\DRIVERS\U​SBD.SYS
 F7817000 - \SystemRoot\system32\DRIVERS\f​lpydisk.sys
 F7526000 - \SystemRoot\system32\drivers\i​kfileflt.sys
 F772F000 - \SystemRoot\system32\drivers\K​COM.SYS
 F7516000 - \SystemRoot\system32\drivers\i​kfilesec.sys
 B905C000 - \SystemRoot\system32\drivers\i​ksysflt.sys
 B9044000 - \SystemRoot\system32\drivers\i​ksyssec.sys
 BA36E000 - \SystemRoot\system32\DRIVERS\u​sb8023.sys
 F7777000 - \SystemRoot\system32\DRIVERS\R​NDISMP.SYS
 F79A5000 - \SystemRoot\System32\Drivers\F​s_Rec.SYS
 F7A9B000 - \SystemRoot\System32\Drivers\N​ull.SYS
 F79A9000 - \SystemRoot\System32\Drivers\B​eep.SYS
 F7AA2000 - \SystemRoot\System32\DRIVERS\A​vgAsCln.sys
 F779F000 - \SystemRoot\System32\drivers\v​ga.sys
 F79AD000 - \SystemRoot\System32\Drivers\m​nmdd.SYS
 F79B1000 - \SystemRoot\System32\DRIVERS\R​DPCDD.sys
 F77B7000 - \SystemRoot\System32\Drivers\M​sfs.SYS
 F77CF000 - \SystemRoot\System32\Drivers\N​pfs.SYS
 BA356000 - \SystemRoot\system32\DRIVERS\r​asacd.sys
 B8F99000 - \SystemRoot\system32\DRIVERS\i​psec.sys
 B8F41000 - \SystemRoot\system32\DRIVERS\t​cpip.sys
 B8F08000 - \SystemRoot\System32\Drivers\S​YMTDI.SYS
 B8EE7000 - \SystemRoot\system32\DRIVERS\i​pnat.sys
 B8EC5000 - \??\C:\Program Files\Symantec\SYMEVENT.SYS
 BA748000 - \SystemRoot\system32\DRIVERS\w​anarp.sys
 B8E9D000 - \SystemRoot\system32\DRIVERS\n​etbt.sys
 BA7EC000 - \SystemRoot\System32\drivers\w​s2ifsl.sys
 B8E7B000 - \SystemRoot\System32\drivers\a​fd.sys
 BA738000 - \SystemRoot\system32\DRIVERS\n​etbios.sys
 B8E19000 - \??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys
 B8E05000 - \??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS
 B8DDA000 - \SystemRoot\system32\DRIVERS\r​dbss.sys
 B8D6B000 - \SystemRoot\system32\DRIVERS\m​rxsmb.sys
 F7677000 - \SystemRoot\System32\Drivers\F​ips.SYS
 B8D09000 - \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys
 B8CEC000 - \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilReboo​tDrv.sys
 F7A5C000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
 BA276000 - \SystemRoot\System32\Drivers\C​dfs.SYS
 B8C0C000 - \SystemRoot\System32\Drivers\d​ump_atapi.sys
 F79B9000 - \SystemRoot\System32\Drivers\d​ump_WMILIB.SYS
 BF800000 - \SystemRoot\System32\win32k.sy​s
 B8C30000 - \SystemRoot\System32\drivers\D​xapi.sys
 F77FF000 - \SystemRoot\System32\watchdog.​sys
 BF000000 - \SystemRoot\System32\drivers\d​xg.sys
 F7A94000 - \SystemRoot\System32\drivers\d​xgthk.sys
 BF012000 - \SystemRoot\System32\nv4_disp.​dll
 B832A000 - \SystemRoot\system32\DRIVERS\n​disuio.sys
 B7802000 - \SystemRoot\System32\Drivers\S​YMREDRV.SYS
 F7797000 - \SystemRoot\System32\Drivers\S​YMDNS.SYS
 B77F2000 - \SystemRoot\System32\Drivers\S​YMNDIS.SYS
 B77CC000 - \SystemRoot\System32\Drivers\S​YMFW.SYS
 B7A5A000 - \SystemRoot\System32\Drivers\S​YMIDS.SYS
 B779B000 - \??\C:\PROGRA~1\FICHIE~1\SYMAN​T~1\SymcData\ids-diskless\2007​0628.004\symidsco.sys
 B75CE000 - \SystemRoot\system32\drivers\w​dmaud.sys
 B773B000 - \SystemRoot\system32\drivers\s​ysaudio.sys
 B73A7000 - \SystemRoot\system32\DRIVERS\m​rxdav.sys
 F7A01000 - \SystemRoot\System32\Drivers\P​arVdm.SYS
 B7366000 - \SystemRoot\System32\Drivers\H​TTP.sys
 B72EC000 - \SystemRoot\system32\DRIVERS\s​rv.sys
 B72B4000 - \SystemRoot\system32\DRIVERS\s​ecdrv.sys
 F776F000 - \??\C:\WINDOWS\system32\driver​s\symlcbrd.sys
 F7A7F000 - \??\C:\WINDOWS\system32\Driver​s\mchInjDrv.sys
 B6DE2000 - \??\C:\Program Files\Norton AntiVirus\SAVRT.SYS
 B6CC2000 - \??\C:\PROGRA~1\FICHIE~1\SYMAN​T~1\VIRUSD~1\20070702.017\NavE​x15.Sys
 B6BE7000 - \??\C:\PROGRA~1\FICHIE~1\SYMAN​T~1\VIRUSD~1\20070702.017\NAVE​NG.Sys
 B6B4A000 - \SystemRoot\System32\Drivers\F​astfat.SYS
 F7A90000 - \SystemRoot\System32\DRIVERS\K​ProcCheck.sys

 Total number of drivers = 133

 Liste des programmes installes

 ACDSee (version d’évaluation)
 Adobe Acrobat 5.0
 Adobe Flash Player ActiveX
 Adobe Reader 8.1.0 - Français
 Age of Mythology Gold
 Analyseur XML Microsoft
 Archiveur WinRAR
 AVG Anti-Spyware 7.5
 C-Media WDM Audio Driver
 ccCommon
 CCleaner (remove only)
 ConTEXT
 CuteFTP 5.0 XP
 Dofus 1.18.0
 eMule
 FileZilla (remove only)
 FUJIFILM USB Driver
 HijackThis 1.99.1
 Hitman Pro
 hp psc 700 series
 HP Share-to-Web
 Internet Worm Protection
 J2SE Runtime Environment 5.0 Update 10
 J2SE Runtime Environment 5.0 Update 11
 Java(TM) SE Runtime Environment 6 Update 1
 Kaspersky Online Scanner
 Livebox
 Logiciel d'impression photo HP
 Macromedia Shockwave Player
 Microsoft .NET Framework 1.1
 Microsoft .NET Framework 1.1
 Microsoft .NET Framework 1.1 French Language Pack
 Microsoft .NET Framework 1.1 Hotfix (KB886903)
 Microsoft .NET Framework 2.0
 Microsoft .NET Framework 2.0
 Microsoft Compression Client Pack 1.0 for Windows XP
 Microsoft Data Access Components KB870669
 Microsoft Internationalized Domain Names Mitigation APIs
 Microsoft National Language Support Downlevel APIs
 Microsoft Office XP Professional avec FrontPage
 Microsoft User-Mode Driver Framework Feature Pack 1.0
 Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
 Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
 Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
 Mise à jour de sécurité pour Windows XP (KB929969)
 Mozilla Firefox (2.0.0.4)
 MSXML 4.0 SP2 (KB927978)
 MSXML4 Parser
 MT_Fra
 Namo WebEditor 5 (Evaluation)
 Nero 6 Ultra Edition
 Nero Media Player
 NeroMIX
 NeroVision Express 3
 NetLimiter 1.30 (remove only)
 Norton AntiVirus 2006
 Norton AntiVirus 2006 (Symantec Corporation)
 Norton AntiVirus Parent MSI
 Norton AntiVirus SYMLT MSI
 Norton Protection Center
 Norton WMI Update
 NVIDIA Drivers
 Ogg Vorbis Redistributable V 1.0b (vorbis1_0_public_release)
 REALTEK Gigabit and Fast Ethernet NIC Driver
 SAGEM F@st800
 Security Update for CAPICOM (KB931906)
 Security Update for CAPICOM (KB931906)
 Security Update for Microsoft .NET Framework 2.0 (KB917283)
 Security Update pour Microsoft .NET Framework 2.0 (KB922770)
 SPBBC
 Spyware Doctor 5.0
 Star Wars Jedi Knight Jedi Academy
 SymNet
 TF1Vision version 1.2.1.1
 The Entente
 Turbo Lister 2
 Turbo Lister 2
 Ulead Photo Express 4.0 SE
 Ulead PhotoImpact 7 version d'évaluation
 WebFldrs XP
 Windows Genuine Advantage Notifications (KB905474)
 Windows Genuine Advantage v1.3.0254.0
 Windows Genuine Advantage Validation Tool (KB892130)
 Windows Live Messenger
 Windows Media Format 11 runtime
 Windows Media Format 11 runtime
 XP Codec Pack
 Zoom Player (remove only)


 
 Le volume dans le lecteur C n'a pas de nom.
 Le numéro de série du volume est C067-799D

 Répertoire de C:\Program Files

 04/07/2007  16:54    <REP>          .
 04/07/2007  16:54    <REP>          ..
 22/07/2005  13:56    <REP>          ACD Systems
 07/06/2007  07:35    <REP>          Adobe
 14/09/2005  21:14    <REP>          Ahead
 02/07/2007  19:44    <REP>          Buka
 12/05/2007  12:52    <REP>          CCleaner
 14/07/2005  23:06    <REP>          codec
 28/12/2005  19:30    <REP>          Common Files
 14/07/2005  16:09    <REP>          ConTEXT
 06/02/2007  18:27    <REP>          directx
 03/11/2006  21:05    <REP>          eBay
 22/07/2005  21:42    <REP>          fdjeux
 12/05/2007  18:45    <REP>          Fichiers communs
 12/01/2006  13:08    <REP>          FileZilla
 29/12/2006  13:25    <REP>          GlobalSCAPE
 03/07/2007  19:28    <REP>          Grisoft
 15/05/2007  08:18    <REP>          Hewlett-Packard
 04/07/2007  19:49    <REP>          hijackthis
 03/07/2007  22:38    <REP>          Hitman Pro
 17/12/2005  01:19    <REP>          Intel
 03/07/2007  18:59    <REP>          Internet Explorer
 19/04/2007  12:42    <REP>          Java
 19/06/2007  17:23    <REP>          LucasArts
 27/12/2006  18:07    <REP>          MagicTune
 12/05/2007  15:22    <REP>          Microsoft CAPICOM 2.1.0.2
 14/07/2005  11:11    <REP>          microsoft frontpage
 16/10/2005  21:33    <REP>          Microsoft Games
 14/07/2005  18:58    <REP>          Microsoft Office
 14/07/2005  18:59    <REP>          Microsoft Visual Studio
 14/07/2005  11:11    <REP>          movie maker
 03/07/2007  19:30    <REP>          Mozilla Firefox
 14/07/2005  11:11    <REP>          msn gaming zone
 01/05/2007  20:14    <REP>          MSN Messenger
 15/11/2006  09:51    <REP>          MSXML 4.0
 17/01/2007  12:31    <REP>          Namo
 12/05/2007  12:27    <REP>          NetLimiter
 14/07/2005  11:06    <REP>          NetMeeting
 03/07/2007  12:24    <REP>          Norton AntiVirus
 04/07/2007  12:38    <REP>          Nvu
 07/12/2005  14:39    <REP>          OfficeUpdate11
 02/07/2007  19:50    <REP>          OggVorbis
 13/06/2007  06:19    <REP>          Outlook Express
 12/08/2006  17:26    <REP>          SAGEM
 14/07/2005  11:07    <REP>          Services en ligne
 03/07/2007  15:40    <REP>          Spyware Doctor
 04/07/2007  12:39    <REP>          Symantec
 23/06/2007  19:29    <REP>          TF1Vision
 10/03/2006  19:39    <REP>          Ubisoft
 02/11/2005  21:51    <REP>          Ulead Systems
 03/07/2007  11:16    <REP>          Uniblue
 12/12/2006  17:07    <REP>          Windows Media Player
 14/07/2005  11:11    <REP>          Windows NT
 27/12/2006  18:25    <REP>          WinRAR
 29/12/2006  14:44    <REP>          WinZip
 14/07/2005  11:11    <REP>          xerox
 10/04/2007  09:42    <REP>          Yahoo!
 04/07/2007  09:52    <REP>          Zoom Player

0 fichier(s)                0 octets

58 Rép(s)   2 320 711 680 octets libres
 Le volume dans le lecteur C n'a pas de nom.
 Le numéro de série du volume est C067-799D

 Répertoire de C:\Program Files\fichiers communs

 12/05/2007  18:45    <REP>          .
 12/05/2007  18:45    <REP>          ..
 07/06/2007  07:36    <REP>          Adobe
 14/07/2005  12:16    <REP>          Ahead
 14/07/2005  18:59    <REP>          Designer
 11/05/2007  08:03    <REP>          fluxDVD
 16/02/2006  00:23    <REP>          HammerTap
 17/07/2005  11:10    <REP>          InstallShield
 29/12/2006  13:32    <REP>          Java
 06/01/2006  15:47    <REP>          Microsoft Shared
 14/07/2005  11:06    <REP>          MSSoap
 14/07/2005  12:57    <REP>          ODBC
 11/05/2007  09:04    <REP>          Real
 14/07/2005  11:06    <REP>          Services
 14/07/2005  12:57    <REP>          SpeechEngines
 30/06/2007  05:43    <REP>          Symantec Shared
 13/06/2007  06:19    <REP>          System

0 fichier(s)                0 octets

17 Rép(s)   2 320 711 680 octets libres
 Le volume dans le lecteur C n'a pas de nom.
 Le numéro de série du volume est C067-799D

 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

 07/12/2005  14:36    <REP>          .
 07/12/2005  14:36    <REP>          ..
 14/07/2005  18:59    <REP>          1033
 07/12/2005  14:36    <REP>          1036
 29/01/2004  16:08         1 277 952 MSONSEXT.DLL
 13/02/2001  08:23            58 784 MSOSV.DLL
 03/06/1999  12:09           122 937 MSOWS409.DLL
 07/03/2001  07:00           127 033 MSOWS40c.DLL
 06/08/2000  09:04           401 462 MSVCP60.DLL
 29/01/2004  16:08            69 632 PKMAXCTL.DLL
 29/01/2004  16:08           868 352 PKMCDO.DLL
 29/01/2004  16:08            53 248 PKMCORE.DLL
 29/01/2004  16:08           102 400 PKMFORMS.DLL
 29/01/2004  16:38           634 880 PKMRES.DLL
 29/01/2004  16:08            28 672 PKMSSTLB.DLL
 22/01/2001  03:25            40 960 PKMTEMPL.DLL
 29/01/2004  16:08            24 576 PKMTRACE.DLL
 29/01/2004  16:08            86 016 PKMWS.DLL
 29/01/2004  16:08           237 568 PROMDEMO.DLL
 29/01/2004  16:08           184 320 SECMGR.DLL
 29/01/2004  16:08           315 392 VAIDDMGR.DLL
 29/01/2004  16:08            32 768 VAIMEM.DLL

18 fichier(s)        4 666 952 octets

4 Rép(s)   2 320 707 584 octets libres
 Le volume dans le lecteur C n'a pas de nom.
 Le numéro de série du volume est C067-799D

 Répertoire de C:\Program Files\common files

 28/12/2005  19:30    <REP>          .
 28/12/2005  19:30    <REP>          ..
 28/12/2005  19:30    <REP>          Microsoft shared
 21/10/2005  21:28    <REP>          System

0 fichier(s)                0 octets

4 Rép(s)   2 320 707 584 octets libres
 Le volume dans le lecteur C n'a pas de nom.
 Le numéro de série du volume est C067-799D

 Répertoire de C:\

 12/05/2007  18:22            68 096 diff.exe
 12/05/2007  18:22           103 424 grep.exe

2 fichier(s)          171 520 octets

0 Rép(s)   2 320 707 584 octets libres
 c:\Documents and Settings\Administrateur\Bureau​\fsblc.exe
 c:\Documents and Settings\Administrateur\Bureau​\SmitfraudFix.exe
 c:\Documents and Settings\Administrateur\Bureau​\DiagHelp\catchme.exe
 c:\Documents and Settings\Administrateur\Bureau​\DiagHelp\diff.exe
 c:\Documents and Settings\Administrateur\Bureau​\DiagHelp\dumphive.exe
 c:\Documents and Settings\Administrateur\Bureau​\DiagHelp\FilesInfoCmd.exe
 c:\Documents and Settings\Administrateur\Bureau​\DiagHelp\find2.exe
 c:\Documents and Settings\Administrateur\Bureau​\DiagHelp\Fport.exe
 c:\Documents and Settings\Administrateur\Bureau​\DiagHelp\grep.exe
 c:\Documents and Settings\Administrateur\Bureau​\DiagHelp\KProcCheck.exe
 c:\Documents and Settings\Administrateur\Bureau​\DiagHelp\LFiles.exe
 c:\Documents and Settings\Administrateur\Bureau​\DiagHelp\LISTDLLS.exe
 c:\Documents and Settings\Administrateur\Bureau​\DiagHelp\pslist.exe
 c:\Documents and Settings\Administrateur\Bureau​\DiagHelp\streams.exe
 c:\Documents and Settings\Administrateur\Bureau​\DiagHelp\swreg.exe
 c:\Documents and Settings\Administrateur\Bureau​\SmitfraudFix\dumphive.exe
 c:\Documents and Settings\Administrateur\Bureau​\SmitfraudFix\GenericRenosFix.​exe
 c:\Documents and Settings\Administrateur\Bureau​\SmitfraudFix\HostsChk.exe
 c:\Documents and Settings\Administrateur\Bureau​\SmitfraudFix\Process.exe
 c:\Documents and Settings\Administrateur\Bureau​\SmitfraudFix\Reboot.exe
 c:\Documents and Settings\Administrateur\Bureau​\SmitfraudFix\restart.exe
 c:\Documents and Settings\Administrateur\Bureau​\SmitfraudFix\SmiUpdate.exe
 c:\Documents and Settings\Administrateur\Bureau​\SmitfraudFix\SrchSTS.exe
 c:\Documents and Settings\Administrateur\Bureau​\SmitfraudFix\swreg.exe
 c:\Documents and Settings\Administrateur\Bureau​\SmitfraudFix\swsc.exe
 c:\Documents and Settings\Administrateur\Bureau​\SmitfraudFix\swxcacls.exe
 c:\Documents and Settings\Administrateur\Bureau​\SmitfraudFix\unzip.exe
 c:\Documents and Settings\Administrateur\Mes documents\avgas-setup-7.5.1.43​.exe
 c:\Documents and Settings\Administrateur\Mes documents\hitmanpro26.exe
 c:\Documents and Settings\Administrateur\Mes documents\nl_v130.exe
 c:\Documents and Settings\Administrateur\Mes documents\Patch_Window_A_0_14.​exe
 c:\Documents and Settings\Administrateur\Mes documents\SmitfraudFix.exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00470326.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\009E17EB.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00B4458A.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\018E4299.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01BD06AF.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\024C45C9.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02546AE4.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\028B5BCC.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02FC2107.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\035506EE.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03C74C28.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\042D5A00.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0469269A.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04C51710.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04FE591A.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05C8043C.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06B0293C.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06D37ECD.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07243F99.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07AF7424.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08512F29.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\092E7D5A.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09372275.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09402822.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A1A2532.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AC27AC2.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AE97297.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AF84C3D.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B46630D.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BC6215B.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C305930.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C947678.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D5271F0.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D584DA1.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DE62C28.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E3674AC.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E7834AC.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F1A6FB1.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\100F3CA3.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10EA39B3.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11334DAB.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11447874.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11B564D4.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12D45398.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\134F3635.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13D6487C.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1408368E.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14A0739D.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15AD5EBE.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15B01073.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16623CD3.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16A13369.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\177C3078.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\184429E4.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18B84041.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\190E5CBE.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A2D4B82.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1BC54BC0.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C3A5A65.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C761F46.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DB460C4.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DE05B6F.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E084B8C.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F6E5DB9.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FCB6D9C.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20A81C60.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21BA6332.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22FE1FCE.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23535BB9.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24343479.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25442A29.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25816F0A.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\261B7D3C.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26D82791.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27C1256C.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\281B642D.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\283D0051.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\295C6F15.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29E1303A.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2AFB434D.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2BBE222D.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C665098.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D4A72C2.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D70724F.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DA240F4.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E491E3C.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2ED379ED.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EE17AB9.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F8506E0.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30F70F4A.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31085980.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31190448.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3209561C.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3308194B.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\330B4B00.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\344A04C5.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\344B5DA0.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\346625CB.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35CD3040.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35D95FE9.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35EC02FA.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\370D42DF.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3716488D.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38151375.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38CC42AB.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38D064EF.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39674924.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\397973ED.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A46490A.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A9C04F5.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B476514.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3BDF4949.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C455722.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D0D3121.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3DA263A1.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E002CF1.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E850D83.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3F5A0F74.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40440597.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4076543B.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41857111.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41874233.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41BF0BF6.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\429837E3.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\438C04D6.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\448151C8.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\458D44A2.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B605F5D.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E297928.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E321E43.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4EDD7E62.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4EEF2172.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4FB55175.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50190E2B.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5078289E.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\51711F8C.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\51F92A1B.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52217ACA.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\533268C2.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53376B99.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\540E3EAC.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\543E5B9B.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54981A5D.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\556C4373.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\557E6E3B.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\568C3237.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\578B7D1E.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57D471AA.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\58DB61AC.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59554C02.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A7037EF.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5ACC2864.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C1711D4.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C415ACB.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D11010A.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DFA7EE6.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5E4A3FB1.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F7A0063.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F98531D.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60EB08CD.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\622E4569.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\62FB223F.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\632D1051.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64153552.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64D0675F.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64EC0865.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65DB015E.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66A03161.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66AC0078.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6730419D.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\677D7F92.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\67FB6CBE.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68552B80.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68577CA2.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\693C77A6.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6986450C.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69B337FF.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A0378CB.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6AD14DE8.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B1A4274.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B251943.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B952511.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6BB41221.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C0855C4.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C5C2636.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C9B1CCC.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D192965.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D330101.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6DDA5691.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E145209.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E6412D5.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EA157B6.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F7F7EC2.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FBF7558.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\701511D5.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\704355EA.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70A61A59.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\711706B9.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71177F00.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\722371DA.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7238469F.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\72571958.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73077496.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\733638AC.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73BE23CD.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7472214F.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74A648CE.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75277F64.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75C62FDA.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\765B42EC.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76CE78B6.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\771E413B.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\775339DB.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7818094C.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\782B0CEE.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79035849.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\790933FA.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\799E667A.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79E75B05.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A161F1B.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B0075D0.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B236ACF.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B3F0BD4.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7BBA4F04.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7C670045.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7C96445B.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CAE431C.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D1B057F.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D6A6D71.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DD55EB3.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E171EB3.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E341892.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E7E0D1D.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E8863ED.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7EF21BC2.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F3C6927.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FC31ADC.​exe
 c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FE91A69.​exe
 c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
 c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\pro​duction\ppcrlconfig.dll
 c:\Documents and Settings\LocalService\Applicat​ion Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
 
 ****** Fin du rapport DiagHelp

  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 05/07/2007 à 09:38:23  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Hello

 07/05/07 09:22:17 [Info]: BlackLight Engine 1.0.64 initialized
 07/05/07 09:22:17 [Info]: OS: 5.1 build 2600 (Service Pack 2)
 07/05/07 09:22:17 [Note]: 7019 4
 07/05/07 09:22:17 [Note]: 7005 0
 07/05/07 09:22:22 [Note]: 7006 0
 07/05/07 09:22:22 [Note]: 7027 1
 07/05/07 09:22:22 [Note]: 7027 0
 07/05/07 09:22:27 [Note]: 7026 0
 07/05/07 09:22:27 [Note]: 7026 0
 07/05/07 09:22:42 [Note]: FSRAW library version 1.7.1022
 07/05/07 09:31:34 [Note]: 2000 1012
 07/05/07 09:36:39 [Note]: 7007 0

(Publicité)
  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 05/07/2007 à 10:45:54  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
voici le rapport SDFix !

 SDFix: Version 1.89

 Run by Administrateur on 05/07/2007 at 10:21

 Microsoft Windows XP [version 5.1.2600]

 Running From: C:\DOCUME~1\ADMINI~1\Bureau\SD​Fix\SDFix

 Safe Mode:
 Checking Services:






 Restoring Windows Registry Values
 Restoring Windows Default Hosts File
 Restoring Missing Security Center Service
 Restoring Missing SharedAccess Service

  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 05/07/2007 à 10:50:40  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
et Hijackthis !

 **********

 Logfile of HijackThis v1.99.1
 Scan saved at 10:50:05, on 05/07/2007
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\csrss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
 C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
 C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
 C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
 C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
 C:\WINDOWS\system32\spoolsv.ex​e
 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
 C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
 C:\Program Files\Norton AntiVirus\navapsvc.exe
 C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
 C:\Program Files\Spyware Doctor\svcntaux.exe
 C:\Program Files\Spyware Doctor\swdsvc.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\Program Files\Spyware Doctor\SDTrayApp.exe
 C:\WINDOWS\System32\alg.exe
 C:\WINDOWS\system32\taskmgr.ex​e
 C:\Program Files\Mozilla Firefox\firefox.exe
 C:\Program Files\WinRAR\WinRAR.exe
 C:\Program Files\hijackthis\scanner.exe

 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Toolbar,LinksFolderNa​me = Liens
 R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-00902​71D4F88} - (no file)
 O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\​AcroIEHelper.dll
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv​.dll
 O2 - BHO: (no name) - {8BF884A4-CF81-4E00-B7C1-076FC​E6CFDD7} - C:\WINDOWS\system32\opnmnnn.dl​l
 O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB​6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
 O2 - BHO: (no name) - {CD19E68A-58D4-42EB-9674-D6A98​9D7ADC2} - C:\WINDOWS\system32\vtsqo.dll
 O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066​696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.​exe
 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,​NvStartup
 O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
 O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.d​ll,NvTaskbarInit
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jus​ched.exe"
 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
 O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
 O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
 O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
 O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
 O4 - HKLM\..\Run: [SDFix] C:\DOCUME~1\ADMINI~1\Bureau\SD​Fix\SDFix\RunThis.bat /second
 O4 - HKLM\..\RunOnce: [SDFix] C:\DOCUME~1\ADMINI~1\Bureau\SD​Fix\SDFix\RunThis.bat /second
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
 O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
 O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
 O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
 O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.h​tml
 O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Off​ice10\EXCEL.EXE/3000
 O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-08002​00c9a66} - %windir%\bdoscandel.exe (file missing)
 O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-08002​00c9a66} - %windir%\bdoscandel.exe (file missing)
 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C​29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr [...] nicode.cab
 O16 - DPF: {26CBF141-7D0F-46E1-AA06-71895​8B6E4D2} - http://download.ebay.com/turbo [...] nstall.cab
 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730​F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E​0DC46EF} - http://drivers1.free.fr/hardwaredetection.cab
 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305​202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.​dll
 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305​202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.​dll
 O20 - Winlogon Notify: opnmnnn - C:\WINDOWS\SYSTEM32\opnmnnn.dl​l
 O20 - Winlogon Notify: vtsqo - C:\WINDOWS\system32\vtsqo.dll
 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.d​ll
 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D52​4869DB5} - C:\WINDOWS\system32\WPDShServi​ceObj.dll
 O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
 O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1​1\Intel 32\IDriverT.exe
 O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
 O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
 O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
 O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.ex​e (file missing)
 O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
 O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
 O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
 O23 - Service: Service CANALPLAY - Unknown owner - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe (file missing)
 O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
 O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
 O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 05/07/2007 à 11:00:05  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
hijackthis ne veut pas me supprimer ces deux lignes !

 O2 - BHO: (no name) - {8BF884A4-CF81-4E00-B7C1-076FC​E6CFDD7} - C:\WINDOWS\system32\opnmnnn.dl​l
 O2 - BHO: (no name) - {CD19E68A-58D4-42EB-9674-D6A98​9D7ADC2} - C:\WINDOWS\system32\vtsqo.dll

(Publicité)
  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 05/07/2007 à 11:15:33  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Ok ... à l'installation de antivir, FDFix s'est mis en route et a fait un nouveau rapport. Je dois le poster ?

  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 05/07/2007 à 11:27:08  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
le voici ... Dans la foulée, je fais l'antivirus => combofix => hijackthis

 **********

 SDFix: Version 1.89

 Run by Administrateur on 05/07/2007 at 10:21

 Microsoft Windows XP [version 5.1.2600]

 Running From: C:\DOCUME~1\ADMINI~1\Bureau\SD​Fix\SDFix

 Safe Mode:
 Checking Services:






 Restoring Windows Registry Values
 Restoring Windows Default Hosts File
 Restoring Missing Security Center Service
 Restoring Missing SharedAccess Service

 Rebooting...


 Normal Mode:
 Checking Files:

 No Trojan Files Found




 Removing Temp Files...

 ADS Check:

 Checking C:\WINDOWS
 C:\WINDOWS
 No streams found.

 Checking C:\WINDOWS\system32
 C:\WINDOWS\system32
 No streams found.

 Checking C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 No streams found.
 
 Checking C:\WINDOWS\system32\ntoskrnl.e​xe
 C:\WINDOWS\system32\ntoskrnl.e​xe
 No streams found.

Final Check:

 Remaining Services:
 ------------------



 Authorized Application Key Export:

 [HKEY_LOCAL_MACHINE\system\curr​entcontrolset\services\shareda​ccess\parameters\firewallpolic​y\standardprofile\authorizedap​plications\list]
 "%windir%\\system32\\sessmgr.e​xe"="%windir%\\system32\\sessm​gr.exe:*:enabled:@xpsp2res.dll​,-22019"
 "D:\\Program Files\\DC++\\DCPlusPlus.exe"="​D:\\Program Files\\DC++\\DCPlusPlus.exe:*:​Enabled:DC++"
 "C:\\Program Files\\Ahead\\Nero\\nero.exe"=​"C:\\Program Files\\Ahead\\Nero\\nero.exe:*​:Enabled:Nero Burning ROM"
 "D:\\Program Files\\eDonkey2000\\edonkey200​0.exe"="D:\\Program Files\\eDonkey2000\\edonkey200​0.exe:*:Enabled:edonkey2000"
 "C:\\Program Files\\eBay\\Turbo Lister\\Tl.exe"="C:\\Program Files\\eBay\\Turbo Lister\\Tl.exe:*:Enabled:eBay Turbo Lister"
 "C:\\Documents and Settings\\Administrateur\\Mes documents\\aMule-2.1.0-Win32\\​amule.exe"="C:\\Documents and Settings\\Administrateur\\Mes documents\\aMule-2.1.0-Win32\\​amule.exe:*:Enabled:amule"
 "D:\\aMule-2.1.0-Win32\\amule.​exe"="D:\\aMule-2.1.0-Win32\\a​mule.exe:*:Enabled:amule"
 "D:\\eMule\\emule.exe"="D:\\eM​ule\\emule.exe:*:Enabled:eMule​"
 "C:\\Program Files\\Namo\\WebBoard Trial\\Server\\MySQL\\bin\\mys​qld.exe"="C:\\Program Files\\Namo\\WebBoard Trial\\Server\\MySQL\\bin\\mys​qld.exe:*:Enabled:mysqld"
 "C:\\Program Files\\Namo\\WebEditor 6 Trial\\bin\\WebEditor.exe"="C:​\\Program Files\\Namo\\WebEditor 6 Trial\\bin\\WebEditor.exe:*:En​abled:Namo WebEditor 6"
 "C:\\Program Files\\Ma‹do Production\\IziWebFiles\\IziWe​bFiles.exe"="C:\\Program Files\\Ma‹do Production\\IziWebFiles\\IziWe​bFiles.exe:*:Enabled:IziWebFil​es"
 "D:\\eDonkey2000\\edonkey2000.​exe"="D:\\eDonkey2000\\edonkey​2000.exe:*:Enabled:edonkey2000​"
 "C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"="C:\\P​rogram Files\\Ahead\\Nero ShowTime\\ShowTime.exe:*:Enabl​ed:Nero ShowTime"
 "C:\\WINDOWS\\system32\\fxscln​t.exe"="C:\\WINDOWS\\system32\​\fxsclnt.exe:*:Enabled:Microso​ft  Fax Console"
 "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%w​indir%\\Network Diagnostic\\xpnetdiag.exe:*:En​abled:@xpsp3res.dll,-20000"
 "C:\\Program Files\\Zapu\\Zapu\\wDivi.exe"=​"C:\\Program Files\\Zapu\\Zapu\\wDivi.exe:*​:Disabled:Zapu Control"
 "C:\\Program Files\\Skype\\Phone\\Skype.exe​"="C:\\Program Files\\Skype\\Phone\\Skype.exe​:*:Enabled:Skype"
 "C:\\Program Files\\Namo\\WebEditor 5 Trial\\bin\\WebEditor.exe"="C:​\\Program Files\\Namo\\WebEditor 5 Trial\\bin\\WebEditor.exe:*:En​abled:Namo WebEditor 5"
 "C:\\Program Files\\THQ\\Dawn Of War\\W40k.exe"="C:\\Program Files\\THQ\\Dawn Of War\\W40k.exe:*:Enabled:W40k"
 "D:\\Program Files\\Valve\\Steam\\SteamApps​\\alaskaman\\counter-strike source\\hl2.exe"="D:\\Program Files\\Valve\\Steam\\SteamApps​\\alaskaman\\counter-strike source\\hl2.exe:*:Disabled:hl2​"
 "C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"="C​:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe:*:E​nabled:Lecteur CANALPLAY"
 "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"​="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:​*:Enabled:VLC media player"
 "C:\\Program Files\\DMV\\MaxTV\\MaxTV.exe"=​"C:\\Program Files\\DMV\\MaxTV\\MaxTV.exe:*​:Enabled:MaxTV"
 "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\P​rogram Files\\MSN Messenger\\msnmsgr.exe:*:Enabl​ed:Windows Live Messenger 8.1"
 "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\​Program Files\\MSN Messenger\\livecall.exe:*:Enab​led:Windows Live Messenger 8.1 (Phone)"
 "C:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"="C:\\Prog​ram Files\\Microsoft Games\\Age of Mythology\\aomx.exe:*:Enabled:​Age of Mythology - The Titans Expansion"

 [HKEY_LOCAL_MACHINE\system\curr​entcontrolset\services\shareda​ccess\parameters\firewallpolic​y\domainprofile\authorizedappl​ications\list]
 "%windir%\\system32\\sessmgr.e​xe"="%windir%\\system32\\sessm​gr.exe:*:enabled:@xpsp2res.dll​,-22019"
 "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%w​indir%\\Network Diagnostic\\xpnetdiag.exe:*:En​abled:@xpsp3res.dll,-20000"
 "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\P​rogram Files\\MSN Messenger\\msnmsgr.exe:*:Enabl​ed:Windows Live Messenger 8.1"
 "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\​Program Files\\MSN Messenger\\livecall.exe:*:Enab​led:Windows Live Messenger 8.1 (Phone)"

 Remaining Files:
 ---------------


 Files with Hidden Attributes:

 C:\WINDOWS\twain.dll
 C:\WINDOWS\twain_32.dll
 C:\WINDOWS\system32\mfc42.dll
 C:\WINDOWS\system32\msvcirt.dl​l
 C:\WINDOWS\system32\msvcp60.dl​l
 C:\WINDOWS\system32\msvcrt.dll
 C:\WINDOWS\system32\oleaut32.d​ll
 C:\WINDOWS\system32\olepro32.d​ll
 C:\WINDOWS\system32\regsvr32.e​xe
 C:\Program Files\GlobalSCAPE\CuteFTPFR\cu​teftp.sys
 C:\Documents and Settings\Administrateur\Mes documents\~WRL0001.tmp
 C:\Documents and Settings\Administrateur\Mes documents\~WRL0002.tmp
 C:\Documents and Settings\Administrateur\Mes documents\~WRL0003.tmp
 C:\Documents and Settings\Administrateur\Mes documents\~WRL0004.tmp
 C:\Documents and Settings\Administrateur\Mes documents\~WRL0005.tmp
 C:\Documents and Settings\Administrateur\Mes documents\~WRL0575.tmp
 C:\Documents and Settings\Administrateur\Mes documents\~WRL1324.tmp
 C:\Documents and Settings\Administrateur\Mes documents\~WRL1352.tmp
 C:\Documents and Settings\Administrateur\Mes documents\~WRL2127.tmp
 C:\Documents and Settings\Administrateur\Mes documents\~WRL2233.tmp
 C:\Documents and Settings\Administrateur\Mes documents\~WRL2295.tmp
 C:\Documents and Settings\Administrateur\Mes documents\~WRL2632.tmp
 C:\Documents and Settings\Administrateur\Mes documents\~WRL2897.tmp
 C:\Documents and Settings\Administrateur\Mes documents\~WRL3252.tmp
 C:\Documents and Settings\Administrateur\Mes documents\~WRL4093.tmp
 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Cha​nnels\ch1\lock.tmp
 C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
 C:\WINDOWS\system32\oqstv.tmp

Finished

  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 05/07/2007 à 11:29:59  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
je ne fais pas l'antivirus => combofix => hijackthis avant ?

(Publicité)
  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 05/07/2007 à 11:37:35  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
ok, c'est parti !

  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 06/07/2007 à 12:45:08  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour,

 Voici le rapport d'antivir !

 **********

 AntiVir PersonalEdition Classic
 Report file date: jeudi 5 juillet 2007  12:04

 Scanning for 864971 virus strains and unwanted programs.

 Licensed to:      Avira AntiVir PersonalEdition Classic
 Serial number:    0000149996-ADJIE-0001
 Platform:         Windows XP
 Windows version:  (Service Pack 2)  [5.1.2600]
 Username:         Administrateur
 Computer name:    TITANIUM

 Version information:
 BUILD.DAT    : 247           14437 Bytes  10/05/2007 11:55:00
 AVSCAN.EXE   : 7.0.4.15     282664 Bytes  20/04/2007 11:37:14
 AVSCAN.DLL   : 7.0.4.4       33832 Bytes  27/03/2007 11:31:54
 LUKE.DLL     : 7.0.4.11     143400 Bytes  27/03/2007 11:26:04
 LUKERES.DLL  : 7.0.4.0       10280 Bytes  19/03/2007 11:18:59
 ANTIVIR0.VDF : 6.35.0.1    7371264 Bytes  31/05/2006 13:08:58
 ANTIVIR1.VDF : 6.38.1.170  5569024 Bytes  21/05/2007 10:00:09
 ANTIVIR2.VDF : 6.39.0.76   1002496 Bytes  29/06/2007 10:00:10
 ANTIVIR3.VDF : 6.39.0.99    138240 Bytes  05/07/2007 10:00:10
 AVEWIN32.DLL : 7.4.0.37    2482688 Bytes  05/07/2007 10:00:13
 AVWINLL.DLL  : 1.0.0.7       14376 Bytes  26/02/2007 09:36:26
 AVPREF.DLL   : 7.0.2.1       24616 Bytes  27/03/2007 11:31:50
 AVREP.DLL    : 7.0.0.1      155688 Bytes  16/04/2007 12:16:24
 AVPACK32.DLL : 7.3.0.13     360488 Bytes  05/07/2007 10:00:13
 AVREG.DLL    : 7.0.1.2       31784 Bytes  15/03/2007 08:05:08
 AVEVTLOG.DLL : 7.0.0.18      86056 Bytes  27/03/2007 11:16:05
 AVARKT.DLL   : 1.0.0.17     278568 Bytes  02/05/2007 10:32:26
 NETNT.DLL    : 7.0.0.0        7720 Bytes  08/03/2007 10:09:42
 RCIMAGE.DLL  : 7.0.1.15    2228264 Bytes  13/03/2007 09:46:18
 RCTEXT.DLL   : 7.0.45.0      86056 Bytes  19/03/2007 11:42:42

 Configuration settings for the scan:
 Jobname.......................​...: Local Drives
 Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
 Logging.......................​...: low
 Primary action...................: interactive
 Secondary action.................: ignore
 Scan master boot sector..........: off
 Scan boot sector.................: on
 Boot sectors.....................: G:,
 Scan memory......................: on
 Process scan.....................: on
 Scan registry....................: on
 Search for rootkits..............: off
 Scan all files...................: Intelligent file selection
 Scan archives....................: on
 Recursion depth..................: 20
 Smart extensions.................: on
 Macro heuristic..................: on
 File heuristic...................: medium

 Start of the scan: jeudi 5 juillet 2007  12:04

 The scan of running processes will be started
 Scan process 'avscan.exe' - '1' Module(s) have been scanned
 Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned
 Scan process 'avcenter.exe' - '1' Module(s) have been scanned
 Scan process 'avgnt.exe' - '1' Module(s) have been scanned
 Scan process 'avguard.exe' - '1' Module(s) have been scanned
 Scan process 'firefox.exe' - '1' Module(s) have been scanned
 Scan process 'sched.exe' - '1' Module(s) have been scanned
 Scan process 'taskmgr.exe' - '1' Module(s) have been scanned
 Scan process 'alg.exe' - '1' Module(s) have been scanned
 Scan process 'SDTrayApp.exe' - '1' Module(s) have been scanned
 Scan process 'svchost.exe' - '1' Module(s) have been scanned
 Scan process 'swdsvc.exe' - '1' Module(s) have been scanned
 Scan process 'svcntaux.exe' - '1' Module(s) have been scanned
 Scan process 'NPFMNTOR.EXE' - '1' Module(s) have been scanned
 Scan process 'NAVAPSVC.EXE' - '1' Module(s) have been scanned
 Scan process 'mdm.exe' - '1' Module(s) have been scanned
 Scan process 'guard.exe' - '0' Module(s) have been scanned
 Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
 Scan process 'symlcsvc.exe' - '1' Module(s) have been scanned
 Scan process 'SPBBCSvc.exe' - '1' Module(s) have been scanned
 Scan process 'SNDSrvc.exe' - '1' Module(s) have been scanned
 Scan process 'ccEvtMgr.exe' - '1' Module(s) have been scanned
 Scan process 'ccSetMgr.exe' - '1' Module(s) have been scanned
 Scan process 'svchost.exe' - '1' Module(s) have been scanned
 Scan process 'svchost.exe' - '1' Module(s) have been scanned
 Scan process 'svchost.exe' - '1' Module(s) have been scanned
 Scan process 'svchost.exe' - '1' Module(s) have been scanned
 Scan process 'svchost.exe' - '1' Module(s) have been scanned
 Scan process 'lsass.exe' - '1' Module(s) have been scanned
 Scan process 'services.exe' - '1' Module(s) have been scanned
 Scan process 'winlogon.exe' - '1' Module(s) have been scanned
 Scan process 'csrss.exe' - '1' Module(s) have been scanned
 Scan process 'smss.exe' - '1' Module(s) have been scanned
 32 processes with 32 modules were scanned

 Start scanning boot sectors:
 Boot sector 'C:\'

[NOTE]      No virus was found!
 Boot sector 'D:\'

[NOTE]      No virus was found!
 Boot sector 'E:\'

[NOTE]      No virus was found!
 Boot sector 'A:\'

[NOTE]      In the drive 'A:\' no data medium is inserted!

 Starting to scan the registry.
 The registry was scanned ( '21' files ).


 Starting the file scan:

 Begin scan in 'C:\'
 C:\pagefile.sys

[WARNING]   The file could not be opened!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP0.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bcc6d5.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP0.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bcc6d9.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP1.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc6df.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP1.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc6e3.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP10.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc6ea.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP100.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc6ed.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP101.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc6f1.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP102.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc6f5.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP103.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc6fe.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP104.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc707.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP105.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc70b.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP106.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc70f.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP107.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc713.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP108.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc716.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP109.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc71c.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP11.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc720.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP110.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc724.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP111.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc729.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP112.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc72e.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP113.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc736.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP114.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc739.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP115.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc73c.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP116.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc73f.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP117.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc741.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP118.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc745.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP119.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc748.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP12.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc74a.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP121.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc74c.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP122.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc74f.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP123.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc750.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP124.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc752.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP125.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc754.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP128.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc756.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP129.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc759.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP13.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc75a.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP13.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc75c.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP130.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc75e.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP131.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc760.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP132.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc762.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP133.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc764.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP134.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc766.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP135.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc768.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP136.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc76a.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP137.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc76c.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP138.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc771.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP139.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc77b.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP14.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc77c.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP14.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc77e.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP140.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc780.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP142.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc782.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP143.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc784.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP144.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc786.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP145.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc788.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP146.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc78a.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP147.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc78c.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP148.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc78e.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP149.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc790.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP15.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc791.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP15.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc793.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP150.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc795.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP151.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc797.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP152.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc798.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP153.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc79c.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP154.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc79f.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP155.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7a1.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP156.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7a3.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP157.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7a6.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP158.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7a8.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP159.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7aa.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP16.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7ac.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP16.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7ae.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP160.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7b1.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP161.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7b3.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP162.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7b4.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP163.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7b6.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP164.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7b7.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP165.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7b9.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP166.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7bb.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP167.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7bd.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP168.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7be.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP169.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7c0.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP17.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7c2.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP17.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7c3.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP170.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7c5.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP171.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7c7.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP172.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7c9.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP173.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7cb.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP174.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7cc.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP175.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7ce.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP176.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7d0.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP177.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7d4.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP178.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7d9.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP179.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7df.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP18.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7e5.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP180.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7e8.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP183.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7ec.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP184.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7ee.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP185.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7f0.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP186.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7f1.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP187.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7f3.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP188.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7f4.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP189.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7f6.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP19.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7f8.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP190.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7fb.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP191.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc7fd.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP192.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc800.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP193.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc801.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP194.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc803.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP195.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc805.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP196.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc807.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP197.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc809.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP198.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc80b.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP199.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bdc80d.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP2.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec810.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP2.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec811.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP20.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec813.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP200.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec814.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP201.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec816.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP202.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec818.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP203.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec81a.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP204.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec81b.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP205.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec81d.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP206.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec81f.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP207.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec822.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP208.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec827.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP209.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec82b.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP21.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec82f.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP210.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec833.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP211.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec837.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP212.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec83a.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP213.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec83f.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP214.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec844.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP215.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec848.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP216.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec84b.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP217.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec84f.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP218.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec854.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP219.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[WARNING]   An error has occurred and the file was not deleted. ErrorID: 16004

[WARNING]   The source file could not be found.
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP22.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec885.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP22.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec88a.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP220.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec88d.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP221.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec890.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP222.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec895.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP223.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec899.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP224.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec89d.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP225.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec8a1.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP226.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec8a4.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP227.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec8a9.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP228.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec8ac.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP23.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec8af.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP23.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec8b2.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP230.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec8b7.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP231.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec8bc.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP232.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec8c0.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP233.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec8c5.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP234.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec8c9.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP235.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec8cd.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP236.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec8d2.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP24.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec8d5.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP24.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec8d9.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP25.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec8dd.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP26.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec8e1.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP26.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec8e6.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP27.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec8ea.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP27.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec8ee.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP28.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec8f0.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP29.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bec8f4.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP3.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bfc8f7.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP3.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bfc8fb.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP30.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bfc8ff.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP31.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bfc901.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP32.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bfc90c.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP33.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bfc90e.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP33.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bfc910.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP34.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bfc912.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP34.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bfc914.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP35.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bfc915.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP35.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bfc917.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP36.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bfc919.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP36.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bfc91b.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP37.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bfc91d.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP37.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bfc91e.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP38.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bfc920.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP39.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bfc922.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP39.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46bfc924.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP4.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c0c925.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP4.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c0c927.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP40.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c0c929.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP40.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c0c92b.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP41.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c0c92d.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP41.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c0c932.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP42.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '475b9cf7.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP42.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c0c933.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP43.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '475b9cf0.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP43.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c0c935.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP44.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c0c934.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP44.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '475b9cf1.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP45.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c0c936.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP45.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '475b9cf3.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP46.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '475b9cf2.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP46.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c0c930.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP48.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '475b9cf5.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP49.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c0c937.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP5.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c1c937.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP5.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '475a9cfc.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP50.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c1c938.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP51.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '475a9cfd.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP52.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c1c93a.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP53.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '475a9cff.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP54.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c1c939.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP55.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '475a9cfe.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP56.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c1c93b.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP57.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c1c8c4.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP58.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '475a9d01.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP59.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c1c8c6.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP6.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c2c93a.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP6.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c2c93b.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP60.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '47599cf8.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP61.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c2c93d.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP62.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[WARNING]   An error has occurred and the file was not deleted. ErrorID: 16004

[WARNING]   The source file could not be found.
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP63.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c2c944.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP64.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c2c945.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP65.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '47599c82.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP66.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c2c947.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP67.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c2c946.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP68.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '47599c83.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP69.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c2c940.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP7.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c3c946.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP7.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c3c947.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP70.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '47589c8c.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP71.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c3c948.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP72.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '47589c8d.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP73.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c3c94a.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP74.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '47589c8f.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP75.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c3c949.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP76.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '47589c8e.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP77.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c3c94b.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP78.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[WARNING]   An error has occurred and the file was not deleted. ErrorID: 16004

[WARNING]   The source file could not be found.
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP79.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '47589c88.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP8.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c4c94b.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP8.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c4c94c.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP81.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '475f9c89.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP82.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c4c94e.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP83.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c4c94d.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP84.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '475f9c8a.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP85.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c4c94f.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP86.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '475f9c8b.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP87.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c4c948.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP88.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[WARNING]   An error has occurred and the file was not deleted. ErrorID: 16004

[WARNING]   The source file could not be found.
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP89.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c4c950.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP9.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c5c950.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP9.tmp

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c5c951.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP90.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '475e9c96.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP91.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c5c953.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP92.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c5c952.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP93.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[WARNING]   An error has occurred and the file was not deleted. ErrorID: 16004

[WARNING]   The source file could not be found.
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP94.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c5c955.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP95.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '475e9c92.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP96.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '46c5c956.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP97.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '475e9c93.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP98.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '475e9c95.qua'!
 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Incoming\​AP99.av$

[DETECTION] Is the Trojan horse TR/Dldr.Agent.11776

[INFO]      The file was moved to '475e9c97.qua'!
 C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll

[WARNING]   The file could not be opened!
 C:\Program Files\hijackthis\backups\backu​p-20070704-194916-289.dll

[DETECTION] Is the Trojan horse TR/BHO.BD.19

[INFO]      The file was moved to '46efd1f3.qua'!
 C:\Program Files\hijackthis\backups\backu​p-20070704-194917-152.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[INFO]      The file was moved to '4778ee30.qua'!
 C:\Program Files\hijackthis\backups\backu​p-20070704-194917-265.dll

[DETECTION] Is the Trojan horse TR/BHO.BD.18

[INFO]      The file was moved to '46efd1f4.qua'!
 C:\Program Files\hijackthis\ba

  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 06/07/2007 à 14:30:30  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Pour combofix, il n'y a pas grand chose dans le rapport :(

 "Administrateur" - 2007-07-06 14:11:40 - ComboFix 07-07-04.4 - Service Pack 2  [SAFE MODE]


  Unable to gain System Privileges

(Publicité)
  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 06/07/2007 à 14:34:39  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Nouveau rapport HijackThis !

 **********

 Logfile of HijackThis v1.99.1
 Scan saved at 14:33, on 2007-07-06
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\csrss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
 C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
 C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
 C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
 C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
 C:\WINDOWS\system32\spoolsv.ex​e
 C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
 C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
 C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
 C:\Program Files\Norton AntiVirus\navapsvc.exe
 C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
 C:\WINDOWS\system32\taskmgr.ex​e
 C:\Program Files\Spyware Doctor\svcntaux.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\Program Files\Mozilla Firefox\firefox.exe
 C:\WINDOWS\System32\alg.exe
 C:\Program Files\Spyware Doctor\swdsvc.exe
 C:\Documents and Settings\Administrateur\Mes documents\sm_dm.exe
 C:\Program Files\WinRAR\WinRAR.exe
 C:\Program Files\hijackthis\scanner.exe

 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Toolbar,LinksFolderNa​me = Liens
 R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-00902​71D4F88} - (no file)
 O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\​AcroIEHelper.dll
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv​.dll
 O2 - BHO: (no name) - {7AD77E82-C272-4851-A9E6-9992B​A06287D} - C:\WINDOWS\system32\vtsqo.dll
 O2 - BHO: (no name) - {8BF884A4-CF81-4E00-B7C1-076FC​E6CFDD7} - C:\WINDOWS\system32\opnmnnn.dl​l
 O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB​6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
 O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066​696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
 O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jus​ched.exe"
 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
 O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
 O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
 O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
 O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
 O4 - HKLM\..\RunOnce: [combofix] C:\WINDOWS\system32\cmd.exe /c C:\Documents and Settings\Administrateur\Bureau​\ComboFix\Combobatch.bat
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
 O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
 O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
 O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
 O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.h​tml
 O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Off​ice10\EXCEL.EXE/3000
 O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-08002​00c9a66} - %windir%\bdoscandel.exe (file missing)
 O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-08002​00c9a66} - %windir%\bdoscandel.exe (file missing)
 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C​29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr [...] nicode.cab
 O16 - DPF: {26CBF141-7D0F-46E1-AA06-71895​8B6E4D2} - http://download.ebay.com/turbo [...] nstall.cab
 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730​F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E​0DC46EF} - http://drivers1.free.fr/hardwaredetection.cab
 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305​202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.​dll
 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305​202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.​dll
 O20 - Winlogon Notify: opnmnnn - C:\WINDOWS\SYSTEM32\opnmnnn.dl​l
 O20 - Winlogon Notify: vtsqo - C:\WINDOWS\system32\vtsqo.dll
 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.d​ll
 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D52​4869DB5} - C:\WINDOWS\system32\WPDShServi​ceObj.dll
 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
 O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
 O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
 O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1​1\Intel 32\IDriverT.exe
 O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
 O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
 O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
 O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.ex​e (file missing)
 O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
 O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
 O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
 O23 - Service: Service CANALPLAY - Unknown owner - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe (file missing)
 O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
 O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
 O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 06/07/2007 à 14:51:24  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
System Mechanic est en route !

  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 07/07/2007 à 11:04:33  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour,

 J'ai réparé toutes les erreurs avec System Mechanic ... Mon bureau quand à lui n'a toujours pas retrouvé ses icônes :(

malekal_morte
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 07/07/2007 à 11:22:11  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 


 Télécharge Combofix sUBs : combofix.exe
 et sauvegarde le sur ton bureau et pas ailleurs!

 Clic sur le menu Démarrer puis executer et copie/colle ceci :
 "%userprofile%\Bureau\combofix​.exe" /v vtsqo opnmnnn
 puis clic sur OK.

 Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
 Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

 Copie/colle un nouveau rapport HiJackThis avec.

  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 07/07/2007 à 11:52:14  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour Malekal,

 Je n'ai plus Démarrer plus d'icône ni de barre de taches :/  

malekal_morte
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 08/07/2007 à 00:58:02  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
C'est après avoir utilisé combofix?
 Fais une restauration du système à partir du mode sans échec.

  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 08/07/2007 à 05:22:15  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour Malekal,

 Je n'ai plus rien suite au virus downloader ... Après une détection de ce virus par Norton, j'ai rebooté le PC et Explorer.exe à giclé. Pourtant il est bien présent sous Shell dans mon registre. Je vais re-essayer une restauration système, si je n'ai pas d'écran noir en mode sans echec !

 ++

  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 08/07/2007 à 06:22:49  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
re Bonjour,

 Ca ne donne rien la restauration en mode sans échec ... J'arrive sur un écran noir, sans aucune possibilité de faire quoi que ce soit, mis à part CTRL+ALT+SUPP pour obtenir le gestionnaire de tâches !

 ++

  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 08/07/2007 à 08:49:34  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Voici le rapport combofix !

 **********

 "Administrateur" - 2007-07-08  7:47:34 - ComboFix 07-07-07.3 - Service Pack 2  


 (((((((((((((((((((((((((   Files Created from 2007-06-08 to 2007-07-08  ))))))))))))))))))))))))))))))​)


 2007-07-06 14:41 696,320 --a------ C:\WINDOWS\system32\libeay32.d​ll
 2007-07-06 14:41 155,648 --a------ C:\WINDOWS\system32\ssleay32.d​ll
 2007-07-06 14:40 425,064 --a------ C:\WINDOWS\system32\Incinerato​r.dll
 2007-07-06 14:40 41,472 --a------ C:\WINDOWS\system32\iolobtdfg.​exe
 2007-07-06 14:40 25,264 --a------ C:\WINDOWS\system32\smrgdf.exe
 2007-07-06 14:39 <REP> d-------- C:\Program Files\iolo
 2007-07-06 13:15 51,200 --a------ C:\WINDOWS\nircmd.exe
 2007-07-05 10:19 <REP> d-------- C:\WINDOWS\ERUNT
 2007-07-04 20:42 853 --a------ C:\reboot.cmd
 2007-07-04 20:42 68,096 --a------ C:\diff.exe
 2007-07-04 20:42 103,424 --a------ C:\grep.exe
 2007-07-04 19:56 53,248 --a------ C:\WINDOWS\system32\Process.ex​e
 2007-07-04 19:56 51,200 --a------ C:\WINDOWS\system32\dumphive.e​xe
 2007-07-04 19:56 288,417 --a------ C:\WINDOWS\system32\SrchSTS.ex​e
 2007-07-04 13:04 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
 2007-07-03 22:31 <REP> d-------- C:\WINDOWS\system32\GroupPolic​y
 2007-07-03 22:27 <REP> d-------- C:\Program Files\Hitman Pro
 2007-07-03 19:32 10,872 --a------ C:\WINDOWS\system32\drivers\Av​gAsCln.sys
 2007-07-03 11:16 <REP> d-------- C:\Program Files\Uniblue
 2007-07-02 19:50 <REP> d-------- C:\Program Files\OggVorbis
 2007-07-02 19:44 <REP> d-------- C:\Program Files\Buka
 2007-06-23 19:29 <REP> d-------- C:\Program Files\TF1Vision
 2007-06-19 17:23 <REP> d-------- C:\Program Files\LucasArts


 ((((((((((((((((((((((((((((((​((((((((((   Find3M Report   ))))))))))))))))))))))))))))))​))))))))))))))))))))))

 2007-07-08 03:23:11 -------- d-----w C:\Program Files\Zoom Player
 2007-07-06 16:08:53 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\​iolo
 2007-07-06 15:14:23 -------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
 2007-07-04 17:58:01 2,770 ----a-w C:\WINDOWS\system32\tmp.reg
 2007-07-04 10:39:47 -------- d-----w C:\Program Files\Symantec
 2007-07-04 10:38:59 -------- d-----w C:\Program Files\Nvu
 2007-07-03 13:40:49 -------- d-----w C:\Program Files\Spyware Doctor
 2007-07-03 10:24:20 -------- d-----w C:\Program Files\Norton AntiVirus
 2007-07-03 09:16:47 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\​Uniblue
 2007-06-23 11:25:01 359,808 ----a-w C:\WINDOWS\system32\drivers\TC​PIP.SYS
 2007-06-20 08:47:45 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\​Ordigramme
 2007-06-19 15:23:54 -------- d--h--w C:\Program Files\InstallShield Installation Information
 2007-06-18 21:30:18 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\​Ahead
 2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.d​ll
 2007-05-15 06:19:16 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\​Dossier de téléchargement Share-to-Web
 2007-05-15 06:18:27 -------- d-----w C:\Program Files\Hewlett-Packard
 2007-05-14 16:29:21 83,536 ----a-w C:\WINDOWS\system32\drivers\ik​syssec.sys
 2007-05-14 16:29:11 59,984 ----a-w C:\WINDOWS\system32\drivers\ik​sysflt.sys
 2007-05-14 16:28:50 26,064 ----a-w C:\WINDOWS\system32\drivers\kc​om.sys
 2007-05-14 16:28:49 52,304 ----a-w C:\WINDOWS\system32\drivers\ik​filesec.sys
 2007-05-14 16:28:48 39,248 ----a-w C:\WINDOWS\system32\drivers\ik​fileflt.sys
 2007-05-14 14:00:37 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\​PC Tools
 2007-05-12 16:08:36 10,344 ----a-w C:\WINDOWS\system32\drivers\sy​mlcbrd.sys
 2007-05-12 15:46:30 87,768 ----a-w C:\WINDOWS\system32\S32EVNT1.D​LL
 2007-05-12 15:46:30 108,168 ----a-w C:\WINDOWS\system32\drivers\SY​MEVENT.SYS
 2007-05-12 13:22:07 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
 2007-05-12 12:56:48 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\​Symantec
 2007-05-12 12:54:45 333 ----a-w C:\WINDOWS\system32\hktvwacdfo​_navps.dat
 2007-05-12 12:53:47 4,573 ----a-w C:\WINDOWS\system32\hktvwacdfo​.dat
 2007-05-12 10:52:28 -------- d-----w C:\Program Files\CCleaner
 2007-05-12 10:47:06 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\​Lavasoft
 2007-05-12 10:27:24 -------- d-----w C:\Program Files\NetLimiter
 2007-05-11 07:04:40 -------- d-----w C:\Program Files\Fichiers communs\Real
 2007-05-11 06:03:49 -------- d-----w C:\Program Files\Fichiers communs\fluxDVD
 2007-05-10 16:25:33 248,988 ----a-w C:\WINDOWS\system32\hktvwacdfo​_nav.dat
 2007-05-09 17:53:36 43,520 -c--a-w C:\WINDOWS\system32\CmdLineExt​03.dll
 2007-05-09 05:55:35 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\​Nvu
 2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.d​ll
 2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
 2007-04-16 20:47:36 33,624 -c--a-w C:\WINDOWS\system32\wups.dll
 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dl​l
 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dl​l
 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.ex​e
 2007-04-16 20:45:20 43,352 -c--a-w C:\WINDOWS\system32\wups2.dll
 2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dl​l
 2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
 2001-08-24 14:00:00 94,864 -csh--w C:\WINDOWS\twain.dll
 2004-08-04 00:54:44 50,688 -csh--w C:\WINDOWS\twain_32.dll
 2004-08-04 00:54:32 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll
 2004-08-04 00:54:36 54,784 -csh--w C:\WINDOWS\system32\msvcirt.dl​l
 2004-08-04 00:54:36 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dl​l
 2004-08-04 00:54:36 343,040 --sh--w C:\WINDOWS\system32\msvcrt.dll
 2004-08-04 00:54:36 553,472 --sh--w C:\WINDOWS\system32\oleaut32.d​ll
 2004-08-04 00:54:36 83,456 -csh--w C:\WINDOWS\system32\olepro32.d​ll
 2004-08-04 00:55:02 12,288 -csh--w C:\WINDOWS\system32\regsvr32.e​xe


 ((((((((((((((((((((((((((((((​(((((((   Reg Loading Points   ))))))))))))))))))))))))))))))​))))))))))))))))))))
 
 
 *Note* empty entries & legit default entries are not shown

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
 2006-10-22 23:08 62080 --a------ C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\​AcroIEHelper.dll

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{534FA03C-A40F-4CEA-8AE5-B22990BB1904}]
    C:\WINDOWS\system32\vtsqo.dll

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
 2007-03-14 03:43 501400 --a--c--- C:\Program Files\Java\jre1.6.0_01\bin\ssv​.dll

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8BF884A4-CF81-4E00-B7C1-076FCE6CFDD7}]
    C:\WINDOWS\system32\opnmnnn.dl​l

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}]
 2007-06-07 14:44 140912 --a------ C:\Program Files\Norton AntiVirus\NavShExt.dll

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "nwiz"="nwiz.exe" [2005-11-11 14:47 C:\WINDOWS\system32\nwiz.exe]
 "SunJavaUpdateSched"="C:\Progr​am Files\Java\jre1.6.0_01\bin\jus​ched.exe" [2007-03-14 03:43]
 "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-05-12 17:41]
 "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 09:11]
 "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-05-21 08:31]
 "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
 "e-TF1"="C:\Program Files\TF1Vision\TF1vision.exe" [2007-04-10 14:12]
 "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
 "SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [2007-06-18 17:01]

 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "ctfmon.exe"="C:\WINDOWS\syste​m32\ctfmon.exe" [2004-08-04 02:54]
 "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
 "Uniblue Registry Booster"="C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe" [2007-01-12 09:29]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows\currentversion​\runonce]
 "combofix"=C:\WINDOWS\system32​\cmd.exe /c C:\Documents and Settings\Administrateur\Bureau​\ComboFix\Combobatch.bat

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Explorer\ShellExecuteHooks]
 "{57B86673-276A-48B2-BAE7-C6DB​B3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]
 "{8BF884A4-CF81-4E00-B7C1-076F​CE6CFDD7}"="C:\WINDOWS\system3​2\opnmnnn.dll" []

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\winlogon\notify\opnmnnn]
 opnmnnn.dll

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\winlogon\notify\vtsqo]
 C:\WINDOWS\system32\vtsqo.dll

 [HKEY_LOCAL_MACHINE\system\curr​entcontrolset\control\safeboot​\minimal\AVG Anti-Spyware Driver]

 [HKEY_LOCAL_MACHINE\system\curr​entcontrolset\control\safeboot​\minimal\AVG Anti-Spyware Guard]

 [HKEY_LOCAL_MACHINE\system\curr​entcontrolset\control\safeboot​\minimal\sdauxservice]

 [HKEY_LOCAL_MACHINE\system\curr​entcontrolset\control\safeboot​\minimal\sdcoreservice]


 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​explorer\mountpoints2\{11cb45e​8-bdc4-11da-bc70-806d6172696f}​]
 PlayWithPowerDVD\Command- C:\Program Files\CyberLink\PowerDVD\Power​DVD.exe %1

 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​explorer\mountpoints2\{47d494f​1-f452-11d9-b40b-806d6172696f}​]
 PlayWithPowerDVD\Command- C:\Program Files\CyberLink\PowerDVD\Power​DVD.exe %1

 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​explorer\mountpoints2\{6660cb6​0-4f27-11db-9a99-806d6172696f}​]
 play\Command- "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"

 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​explorer\mountpoints2\{d8da54e​4-aefb-11da-a863-806d6172696f}​]
 PlayWithPowerDVD\Command- C:\Program Files\CyberLink\PowerDVD\Power​DVD.exe %1


 Contents of the 'Scheduled Tasks' folder
 2007-06-29 20:51:33  C:\WINDOWS\tasks\Norton AntiVirus - Effectuer une analyse complète du système - Administrateur.job

 ******************************​******************************​**************

 catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
 Rootkit scan 2007-07-08 07:54:22
 Windows 5.1.2600 Service Pack 2 NTFS

 scanning hidden processes ...

 scanning hidden autostart entries ...

 scanning hidden files ...

 scan completed successfully
 hidden files: 0

 ******************************​******************************​**************

 Completion time: 2007-07-08  7:58:27
 C:\ComboFix-quarantined-files.​txt ... 2007-07-08 07:58

  --- E O F ---

  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 08/07/2007 à 08:52:19  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
et le rapport HijackThis !

 **********

 Logfile of HijackThis v1.99.1
 Scan saved at 08:51, on 08/07/2007
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\csrss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
 C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
 C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
 C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
 C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
 C:\WINDOWS\system32\spoolsv.ex​e
 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
 C:\Program Files\iolo\Common\Lib\ioloDMVS​vc.exe
 C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
 C:\Program Files\Norton AntiVirus\navapsvc.exe
 C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
 C:\Program Files\Spyware Doctor\svcntaux.exe
 C:\Program Files\Spyware Doctor\swdsvc.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\taskmgr.ex​e
 C:\Program Files\Spyware Doctor\SDTrayApp.exe
 C:\WINDOWS\System32\alg.exe
 C:\Program Files\Mozilla Firefox\firefox.exe
 C:\Program Files\hijackthis\scanner.exe

 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Local Page =
 R0 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Local Page =
 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Toolbar,LinksFolderNa​me = Liens
 R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-00902​71D4F88} - (no file)
 O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\​AcroIEHelper.dll
 O2 - BHO: (no name) - {534FA03C-A40F-4CEA-8AE5-B2299​0BB1904} - C:\WINDOWS\system32\vtsqo.dll (file missing)
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv​.dll
 O2 - BHO: (no name) - {8BF884A4-CF81-4E00-B7C1-076FC​E6CFDD7} - C:\WINDOWS\system32\opnmnnn.dl​l (file missing)
 O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB​6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
 O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066​696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
 O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jus​ched.exe"
 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
 O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
 O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
 O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
 O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
 O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
 O4 - HKLM\..\RunOnce: [combofix] C:\WINDOWS\system32\cmd.exe /c C:\Documents and Settings\Administrateur\Bureau​\ComboFix\Combobatch.bat
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
 O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
 O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
 O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
 O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.h​tml
 O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Off​ice10\EXCEL.EXE/3000
 O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-08002​00c9a66} - %windir%\bdoscandel.exe (file missing)
 O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-08002​00c9a66} - %windir%\bdoscandel.exe (file missing)
 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C​29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr [...] nicode.cab
 O16 - DPF: {26CBF141-7D0F-46E1-AA06-71895​8B6E4D2} - http://download.ebay.com/turbo [...] nstall.cab
 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730​F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E​0DC46EF} - http://drivers1.free.fr/hardwaredetection.cab
 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305​202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.​dll
 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305​202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.​dll
 O20 - Winlogon Notify: opnmnnn - opnmnnn.dll (file missing)
 O20 - Winlogon Notify: vtsqo - C:\WINDOWS\system32\vtsqo.dll (file missing)
 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.d​ll
 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D52​4869DB5} - C:\WINDOWS\system32\WPDShServi​ceObj.dll
 O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
 O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1​1\Intel 32\IDriverT.exe
 O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVS​vc.exe
 O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
 O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
 O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - (no file)
 O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
 O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
 O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
 O23 - Service: Service CANALPLAY - Unknown owner - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe (file missing)
 O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
 O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
 O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

malekal_morte
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 08/07/2007 à 11:41:25  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Tu as AVG AntiSpyware + SpywareDoctor + ce io system.......
 Ca fait trop.

 Je vais encore me répéter... UN SEUL ANTIVIRUS ET UN SEUL ANTISPYWARE PAR ORDINATEUR
 donc désinstalle io system et AVG Antispyware ou Spyware Doctor.

 Ensuite... je pense sincèrement que tu aurais du désinstaller norton et garder Antivir.


 Relance HijackThis, coche ces lignes :

 O2 - BHO: (no name) - {534FA03C-A40F-4CEA-8AE5-B2299​0BB1904} - C:\WINDOWS\system32\vtsqo.dll (file missing)
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv​.dll
 O2 - BHO: (no name) - {8BF884A4-CF81-4E00-B7C1-076FC​E6CFDD7} - C:\WINDOWS\system32\opnmnnn.dl​l (file missing)
 O20 - Winlogon Notify: opnmnnn - opnmnnn.dll (file missing)
 O20 - Winlogon Notify: vtsqo - C:\WINDOWS\system32\vtsqo.dll (file missing)

 --> clic sur fix checked


 Suis la procédure avec navilog1 décrite ici : http://www.malekal.com/Adware.Magic_Control.html

 Cette procédure doit être suivie à la lettre.

 Merci de copier/coller les rapports obtenus en suivant la procédure.

  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 08/07/2007 à 13:00:39  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
AVG et Io ont été supprimés ... Ils ont simplement été installé pour essayer d'éradiquer le virus downloader.

 Pour l'antivirus je remettrai surement Antivir par la suite !

 Les 5 lignes ont étés fixées avec HijackThis

 Et le rapport Navilog1

 **********

 Search Navipromo version 2.0.5 commencé le 08/07/2007 à 12:46:13,18
 
 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
 !!! Poster ce rapport sur le forum pour le faire analyser !!!
 !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

 Fix lancé depuis C:\Program Files\navilog1
 Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO

 Executé en mode normal

 *** Recherche Programmes installes ***

 


 *** Recherche dossiers dans C:\WINDOWS ***




 *** Recherche dossiers dans C:\Program Files ***




 *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




 *** Recherche dossiers dans C:\Documents and Settings\Administrateur\Applic​ation Data ***



 *** Recherche avec BlackLight Engine/F-secure ***
 BlackLight Engine est un produit de F-secure, pour + d'infos :
 http://www.f-secure.com/blackl [...] _help.html


 F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
 ==============================​========

 Copyright 2005-2006 F-Secure Corporation. All rights reserved.
 This is a beta version. It will expire on 1st of October, 2007.
 Version information: 2.2.1064.

 [+] Started on 07/08/07 at 12:46:21.
 [+] Initializing ...
 [+] Starting scan, press Ctrl-C to abort.
 [+] Scanning for hidden items ..............................​..............................​........
 [+] Scan complete.
 [+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
 [+] Exited on 07/08/07 at 12:53:48 (return code = 0).


 *** Recherche fichiers ***


 C:\WINDOWS\pack.epk trouvé !


 *** Recherche cles registre ***


 Recherche dans [HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\SharedDLLs]
 
 

 Recherche dans [HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\ModuleUsage]
 
 

 Recherche Clé Magic Control
 
 
 
 *** Module de Recherche complémentaire ***
 (Recherche fichiers spécifiques)
 
 1)Recherche fichiers connus:


 2)Recherche Heuristique :
 *
 C:\WINDOWS\system32\hktvwacdfo​.dat trouvé !
 **
 C:\WINDOWS\system32\hktvwacdfo​.dat trouvé !
 ***
 ****
 C:\WINDOWS\system32\hktvwacdfo​_navps.dat trouvé !
 *****
 C:\WINDOWS\system32\hktvwacdfo​_nav.dat trouvé !
 ******
 *******
 ********

 3)Recherche Certificats :


 *** Analyse Terminé le 08/07/2007 à 12:54:40,48 ***

  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 08/07/2007 à 14:00:24  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour küçükküçük,

 J'ai fais la désinfection, par contre je ne retrouve pas le rapport sur C :(

  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 08/07/2007 à 14:04:25  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
si il est la ... !

 **********

 Clean Navipromo version 2.0.5 commencé le 08/07/2007 à 13:50:19,92

 Fix lancé depuis C:\Program Files\navilog1
 Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO

 Mode suppression automatique avec prise en charge résultats Blacklight

malekal_morte
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 08/07/2007 à 14:16:29  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
T'as pas collé le rapport en entier.

  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 08/07/2007 à 14:28:28  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Je n'ai eu que ça !

  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 08/07/2007 à 14:33:29  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Je vais le relancer !

  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 08/07/2007 à 14:37:47  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
J'ai relancé et il a fait un nettoyage sans que je puisse sélectionné quoi que se soit et un warning m'a indiqué que c:\windows\explorer.exe était introuvable plus un rapport.

 **********

 Clean Navipromo version 2.0.5 commencé le 08/07/2007 à 13:50:19,92

 Fix lancé depuis C:\Program Files\navilog1
 Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO

 Mode suppression automatique avec prise en charge résultats Blacklight


 
 *** fsbl1.txt non trouvé ***
 (Assurez-vous que Blacklight n'avait rien trouvé lors de la recherche)
 

 *** Suppression dossiers dans C:\WINDOWS ***


 *** Suppression dossiers dans C:\Program Files ***


 *** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***


 *** Suppression dossiers dans C:\Documents and Settings\Administrateur\Applic​ation Data ***



 *** Suppression fichiers ***

 C:\WINDOWS\pack.epk supprimé !

 *** Suppression fichiers temporaires ***

 Nettoyage contenu C:\WINDOWS\Temp effectué !
 Nettoyage contenu C:\Documents and Settings\Administrateur\Local Settings\Temp effectué !

 
 *** Sauvegarde du registre vers dossier Backupnavi***
 
 
 sauvegarde du registre réalise avec succes !


 *** Nettoyage registre ***


 Nettoyage registre Ok

 *** Traitement Recherche complémentaire ***
 (Recherche fichiers spécifiques)

 1)Recherche fichiers connus:


 2)Recherche et Suppression Heuristique :

 *
 C:\WINDOWS\System32\hktvwacdfo​.dat trouvé !
 Copie C:\WINDOWS\system32\hktvwacdfo​.dat réalise avec succes !
 C:\WINDOWS\system32\hktvwacdfo​.dat supprimé !

 **
 ***
 ****
 C:\WINDOWS\System32\hktvwacdfo​_navps.dat trouvé !
 Copie C:\WINDOWS\system32\hktvwacdfo​_navps.dat réalise avec succes !
 C:\WINDOWS\system32\hktvwacdfo​_navps.dat supprimé !

 *****
 C:\WINDOWS\System32\hktvwacdfo​_nav.dat trouvé !
 Copie C:\WINDOWS\system32\hktvwacdfo​_nav.dat réalise avec succes !
 C:\WINDOWS\system32\hktvwacdfo​_nav.dat supprimé !

 ******
 *******
 ********

 3)Contrôle présence clés Rootkit dans le registre :

 Aucune autre clés présente dans le registre !

 4)Certificats :


 *** Nettoyage termine le 08/07/2007 à 14:33:40,25 ***

malekal_morte
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 08/07/2007 à 21:23:55  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 

 - Télécharge HiJackThis de Merijn sur ton bureau.
 - Renomme le fichier HiJackThis.exe en Scanner.exe pour cela, fais un clic droit sur le fichier HiJackThis.exe et choisis renommer dans la liste
 - Tape Scanner.exe et Appuye sur la touche Entrée.
 - Génère un rapport en suivant ces indications :

- Double-clic sur Scanner.exe

- Exécute le et clique sur Do a scan and save log file.

- Le rapport s'ouvre sur le Bloc-Note
 - Colle le rapport ici, pour cela :

- Menu Edition / Selectionner Tout

- Menu Edition / copier

- Ici dans un nouveau message : clic droit / coller
 Aide : N'hésite pas à consulter l'aide HiJackThis -

  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 14/07/2007 à 15:51:50  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour,

 Voici le rapport Hijackthis !

 **********

 Logfile of HijackThis v1.99.1
 Scan saved at 15:49, on 14/07/2007
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\csrss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
 C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
 C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
 C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
 C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
 C:\WINDOWS\system32\spoolsv.ex​e
 C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
 C:\Program Files\Norton AntiVirus\navapsvc.exe
 C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
 C:\Program Files\Spyware Doctor\svcntaux.exe
 C:\Program Files\Spyware Doctor\swdsvc.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\Program Files\Spyware Doctor\SDTrayApp.exe
 C:\WINDOWS\System32\alg.exe
 C:\WINDOWS\system32\taskmgr.ex​e
 C:\Program Files\Mozilla Firefox\firefox.exe
 C:\Documents and Settings\Administrateur\Bureau​\hijackthis\scanner.exe

 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Local Page =
 R0 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Local Page =
 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Toolbar,LinksFolderNa​me = Liens
 R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-00902​71D4F88} - (no file)
 O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\​AcroIEHelper.dll
 O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB​6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
 O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066​696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
 O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jus​ched.exe"
 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
 O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
 O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
 O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
 O4 - HKLM\..\Run: [hktvwacdfo] c:\windows\system32\hktvwacdfo​.exe hktvwacdfo
 O4 - HKLM\..\RunOnce: [combofix] C:\WINDOWS\system32\cmd.exe /c C:\Documents and Settings\Administrateur\Bureau​\ComboFix\Combobatch.bat
 O4 - HKLM\..\RunOnce: [navilog1] C:\Program Files\Navilog1\navilog1.bat
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
 O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
 O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
 O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
 O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
 O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.h​tml
 O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Off​ice10\EXCEL.EXE/3000
 O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-08002​00c9a66} - %windir%\bdoscandel.exe (file missing)
 O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-08002​00c9a66} - %windir%\bdoscandel.exe (file missing)
 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C​29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr [...] nicode.cab
 O16 - DPF: {26CBF141-7D0F-46E1-AA06-71895​8B6E4D2} - http://download.ebay.com/turbo [...] nstall.cab
 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730​F4EE499} - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E​0DC46EF} - http://drivers1.free.fr/hardwaredetection.cab
 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305​202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.​dll
 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305​202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.​dll
 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.d​ll
 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D52​4869DB5} - C:\WINDOWS\system32\WPDShServi​ceObj.dll
 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
 O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1​1\Intel 32\IDriverT.exe
 O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
 O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
 O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - (no file)
 O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
 O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
 O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
 O23 - Service: Service CANALPLAY - Unknown owner - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe (file missing)
 O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
 O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
 O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

malekal_morte
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 15/07/2007 à 10:39:38  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Relance HijackThis, coche ces lignes :

 O4 - HKLM\..\Run: [hktvwacdfo] c:\windows\system32\hktvwacdfo​.exe hktvwacdfo
 O4 - HKLM\..\RunOnce: [combofix] C:\WINDOWS\system32\cmd.exe /c C:\Documents and Settings\Administrateur\Bureau​\ComboFix\Combobatch.bat
 O4 - HKLM\..\RunOnce: [navilog1] C:\Program Files\Navilog1\navilog1.bat

 --> clic sur fix checked

 Comment va l'ordinateur?

  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 15/07/2007 à 11:01:39  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour Malekal,

 Voila qui est fait ... L'ordinateur est toujours sans bureau :(

malekal_morte
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 15/07/2007 à 11:07:03  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Désinstalle Norton & Spyware Doctor.

  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 15/07/2007 à 13:24:26  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
J'ai désinstallé les deux logiciels !

malekal_morte
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 15/07/2007 à 21:27:34  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
ça donne quoi ?

  1. homepage
dudulix
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 16/07/2007 à 08:53:09  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Hello,

 Toujours écran bleu sur le bureau !

 ++

 Page :
1

Aller à :
 

Sujets relatifs
Ecran Bleu et vidage mémoire physique infection adware.newdotnet.f , trojan.downloader.delf.cq...
spyware secure-averti ssement windows [Résolu]Probleme de redemarage intempestif suite a des virus
SOS pc plus qu'infecté plus de bureau suite à restauration webmediaplayer-suite
virus ou autre ? malgrès le blocage trafic internet continue Plantages suite virus
Plus de sujets relatifs à : Suite virus downloader => Bureau windows tout bleu

Les 5 sujets de discussion précédents Nombre de réponses Dernier message
Spyware sécure ( pour changer !! ) besoin d'aide ! 13
virus sur msn 11
adware.virtumonde.gfh 11
bitdifender 0
Infecté par un trojan Win32:Agent-ISI[trj] 2