Aller au contenu

Mara

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    41

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Mara

  1. Mara
    Ok, merci Apollo pour ton aide, je vois avec Marie pour le reste...@+
  2. Mara
    Ok, je peux garder HiJackThis et MBAM ?
  3. Mara
    Ok, merci beaucoup de ton aide, est-ce que je désinstalle les programmes téléchargés pour la désinfection ?
  4. Mara
    Re-hello! L'analyse s'est terminé, et aucun virus détecté, aucun rapport n'a été crée ou je l'ai loupé, je dormais.... Voilà, j'attends la suite... Merci!
  5. Mara
    Ok, c'est bon l'analyse est en cours... Ça produira un rapport ou il faut que je fasse autre chose à la fin ?
  6. Mara
    Je crois aussi! En tout cas, j'ai du mal avec Kaspersky... Ça marche pas dans Internet Explorer ; j'ai essayé dans Firefox, l'update reste à 0%... ?
  7. Mara
    Yiiihaaaa! Je commençais à perdre espoir, j'ai réussi à réinstaller Java... Je passe à l'analyse Kaspersky.
  8. Mara
    J'ai redémarré et vérifié: Windows installer est bien en manuel aussi sur mon ordi, mais toujours impossible d'installer Java. J'essaye avec le nouveau lien que tu viens de me donner...
  9. Mara
    Re, J'ai bien désinstallé toutes les anciennes versions, et toujours impossible de réinstaller Java. Toujours le même message: Installeur Windows a cessé de fonctionner... Je vois pas comment faire... ???
  10. Mara
    Bon, la 1ère étape avec HiJackThis et le Fix Checked s'est bien passé. Par contre la 2nde, j'avais pas la bonne version de Java, j'ai donc téléchargé le fichier nécessaire sur mon bureau. J'ai désinstallé ma console actuelle par ajout/suppr de programmes, mais au moment de réinstaller, qd je clic sur accepter, ça me mets que Windows Installer a cessé de fonctionner! donc impossible d'installer Java et du coup je n'ai plus de console Java du tout.. Je fais quoi, je procède qd même à la 3ème étape qui est l'analyse Kaspersky ou il faut une console Java d'abord?
  11. Mara
    Hello! Voilà la suite, Le rapport MBAM: Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1903 Windows 6.0.6001 Service Pack 1 27/03/2009 10:40:49 mbam-log-2009-03-27 (10-40-49).txt Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Eléments examinés: 213082 Temps écoulé: 2 hour(s), 47 minute(s), 10 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Et le rapport HiJAckTHis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:49:50, on 27/03/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\ASUS\SmartLogon\sensorsrv.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\ATKOSD2\ATKOSD2.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Program Files\ChkMail\ChkMail\ChkMail.exe C:\Program Files\P4P\P4P.exe C:\Program Files\ASUS\ASUS Direct Console\LCMP.exe C:\Windows\ASScrPro.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehtray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\SetPoint\SetPoint.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Users\Eva\Desktop\HiJackThis.exe C:\Windows\system32\wermgr.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [ChkMail] C:\Program Files\ChkMail\ChkMail\ChkMail.exe O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe" O4 - HKLM\..\Run: [zDirectMessenger] "C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE" O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ooquickpdfv7] "C:\Windows\system32\oopmagent.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?') O4 - HKUS\S-1-5-21-3117458756-1441319885-490656192-1000\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?') O4 - HKUS\S-1-5-21-3117458756-1441319885-490656192-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User '?') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: OFFICE One Startup v7.lnk = C:\Program Files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resou...NPUpldfr-fr.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: ServiceLayer - Unknown owner - D:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (file missing) O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- End of file - 11745 bytes J'attends la suite, merci encore de m'aider! )
  12. Mara
    Alors, j'ai installé FireFox depuis que Internet Explorer merde en fait... Concernant la première étape, je n'ai trouvé aucun lo.st dans le fichier prefs.js, et je n'ai pas de invalidprefs.js Concernant la deuxième étape, tout c'est bien passé Mais au redémarrage, j'ai ouvert Internet Explorer pour voir et je suis bien tombé sur Google mais toujours dans lo.st J'ai changé la page d'acceuil pour Yahoo!, j'ai réouvert et c'était bon, mais j'avais déjà réussi à changer la page d'accueil dans le passé et lo.st revenait quelques temps après, reste à voir si ça ne reviendra pas cette fois-ci... ?!. Voilà le nouveau rapport HiJackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:26:28, on 26/03/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\ATKOSD2\ATKOSD2.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Program Files\ChkMail\ChkMail\ChkMail.exe C:\Program Files\P4P\P4P.exe C:\Program Files\ASUS\ASUS Direct Console\LCMP.exe C:\Windows\ASScrPro.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehtray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\SetPoint\SetPoint.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\SmartLogon\sensorsrv.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Users\Eva\Desktop\HiJackThis.exe C:\Windows\system32\wermgr.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [ChkMail] C:\Program Files\ChkMail\ChkMail\ChkMail.exe O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe" O4 - HKLM\..\Run: [zDirectMessenger] "C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE" O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ooquickpdfv7] "C:\Windows\system32\oopmagent.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?') O4 - HKUS\S-1-5-21-3117458756-1441319885-490656192-1000\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?') O4 - HKUS\S-1-5-21-3117458756-1441319885-490656192-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User '?') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: OFFICE One Startup v7.lnk = C:\Program Files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resou...NPUpldfr-fr.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: ServiceLayer - Unknown owner - D:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (file missing) O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- End of file - 11902 bytes Qu'en pense-tu ?
  13. Mara
    Salut! Voilà le 2nd rapport de MoveIt! ========== FILES ========== c:\users\eva\appdata\roaming\EoRezo\SoftwareUpdate\Software moved successfully. c:\users\eva\appdata\roaming\EoRezo\SoftwareUpdate\Download moved successfully. c:\users\eva\appdata\roaming\EoRezo\SoftwareUpdate moved successfully. c:\users\eva\appdata\roaming\EoRezo\eoStats moved successfully. c:\users\eva\appdata\roaming\EoRezo\eoDesktop moved successfully. c:\users\eva\appdata\roaming\EoRezo\db moved successfully. c:\users\eva\appdata\roaming\EoRezo moved successfully. c:\program files\EoRezo\lang moved successfully. c:\program files\EoRezo\EoAdv moved successfully. c:\program files\EoRezo moved successfully. OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03262009_194631 Après j'ai essayé de désinstaller EoEngine, et c'était marqué que le programme avait peut-être déjà été désinstallé, donc je pense que c'est bon... Voila le nouveau rapport HiJAckThis, qui à chaque analyse, me répète que WMI ne fonctionne pas. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:57:55, on 26/03/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\ATKOSD2\ATKOSD2.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Program Files\ChkMail\ChkMail\ChkMail.exe C:\Program Files\P4P\P4P.exe C:\Program Files\ASUS\ASUS Direct Console\LCMP.exe C:\Windows\ASScrPro.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehtray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\SetPoint\SetPoint.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\SmartLogon\sensorsrv.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Users\Eva\Desktop\HiJackThis.exe C:\Windows\system32\wermgr.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://lo.st#first R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [ChkMail] C:\Program Files\ChkMail\ChkMail\ChkMail.exe O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe" O4 - HKLM\..\Run: [zDirectMessenger] "C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE" O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ooquickpdfv7] "C:\Windows\system32\oopmagent.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?') O4 - HKUS\S-1-5-21-3117458756-1441319885-490656192-1000\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?') O4 - HKUS\S-1-5-21-3117458756-1441319885-490656192-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User '?') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: OFFICE One Startup v7.lnk = C:\Program Files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resou...NPUpldfr-fr.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: ServiceLayer - Unknown owner - D:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (file missing) O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- End of file - 11988 bytes J'attends les nouvelles instructions, encore merci de ton aide! ++
  14. Mara
    En fait, je sais pas c'est quoi Eorezo, c'est présent au démarrage mais je ne l'utilise pas... Faut que je le désinstalle ?
  15. Mara
    Merci pour la réponse rapide! Voilà le résultat: Error: Unable to interpret <First> in the current context! ========== FILES ========== c:\users\eva\appdata\roaming\eorezo\softwareupdate\SoftwareUpdateHP.exe moved successfully. c:\windows\system32\oopmagent.exe moved successfully. c:\program files\eorezo\EoEngine.exe moved successfully. c:\program files\eorezo\eoadv\EoRezoBHO.dll unregistered successfully. c:\program files\eorezo\eoadv\EoRezoBHO.dll moved successfully. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}\\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EoEngine deleted successfully. ========== COMMANDS ========== User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. Windows Temp folder emptied. FireFox cache emptied. Temp folders emptied. OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03252009_225910 Trop tard, je sais pas si j'ai pris le bon ??
  16. Mara
    Voilà le rapport HiJackThis, Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:18:57, on 25/03/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Users\Eva\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\ATKOSD2\ATKOSD2.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Program Files\ChkMail\ChkMail\ChkMail.exe C:\Program Files\P4P\P4P.exe C:\Program Files\ASUS\ASUS Direct Console\LCMP.exe C:\Windows\ASScrPro.exe C:\Windows\System32\oopmagent.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\EoRezo\EoEngine.exe C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehtray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\SetPoint\SetPoint.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Users\Eva\Desktop\HiJackThis.exe C:\Windows\system32\wermgr.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://lo.st#first R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [ChkMail] C:\Program Files\ChkMail\ChkMail\ChkMail.exe O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe" O4 - HKLM\..\Run: [zDirectMessenger] "C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE" O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ooquickpdfv7] "C:\Windows\system32\oopmagent.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe" O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\RunOnce: [softwareHelper] C:\Users\Eva\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?') O4 - HKUS\S-1-5-21-3117458756-1441319885-490656192-1000\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?') O4 - HKUS\S-1-5-21-3117458756-1441319885-490656192-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User '?') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: OFFICE One Startup v7.lnk = C:\Program Files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resou...NPUpldfr-fr.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: ServiceLayer - Unknown owner - D:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (file missing) O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- End of file - 12308 bytes
  17. Mara
    Je rajoute que la barre des tâches en bas change subitement de temps en temps! Le bouton démarrer est bien celui de Vista, mais le reste devient l'apparence de Windows classique Tout redevient normal si on remet le thème Vista dans le panneau de configuration, mais ça finit par redéconner n'importe quand, c'est aléatoire...
  18. Mara
    Bonjour, je reviens à vous mais cette fois-ci pour l'ordi de ma soeur... J'ai besoin d'aide, car elle n'arrive pas à régler son problème toute seule et j'ai essayer aussi mais j'ai pas réussi... Donc, elle est sous Windows Vista, Edition Familiale Premium Système d'exploitation 32 bits Le service Pack 1 Vista est installé (peut-être mal installé?) Avira antivirus est installé et est à jour, en faisant une analyse, il détecte rien. Les problème: -dès le démarrage de l'ordi et systématiquement, y'a un message qui dit que Windows Host a cessé de fonctionner et qu'il va fermer -windows update n'arrive plus à télécharger et à installer les mises à jours -internet explorer rame un max, quasi impossible de naviguer, donc on a installé Mozilla Firefox qui fonctionne correctement Si vous pouvez m'aider à partir de là , ce serait vraiment sympa de votre part... Je suis prêt à faire toutes les analyses possibles et à poster les rapports. Merci encore, @+ Mara
  19. Mara
    Ok Chrifleur! Merci beaucoup pour ton aide, je crois avoir compris pour les cracks, surtout que c'est mon 2ème PC infecté par bagle. J'avais les mêmes cracks sur les 2 ordi, et j'ai eu bien peur de perdre tout mon travail.... Je ferais toutes les étapes que tu m'as donné, et je pense que tout rentrera dans l'ordre... Merci encore!! Mara
  20. Mara
    Le PC a l'air de se comporter normalement, tout à l'air d'être rentré dans l'ordre Voilà le rapport Kaspersky on-line: KASPERSKY ON-LINE SCANNER REPORT Thursday, June 05, 2008 11:49:09 AM Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 5/06/2008 Enregistrements dans la base antivirus Kaspersky : 739649 Paramètres d'analyse Analyser avec la base antivirus suivante standard Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail A:\ C:\ D:\ E:\ Statistiques de l'analyse Total d'objets analysés 126477 Nombre de virus trouvés 0 Nombre d'objets infectés 0 / 0 Nombre d'objets suspects 0 Durée de l'analyse 02:47:39 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Bureau\Atelier\Laser.xlsx L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Application Data\Yahoo\Widget Engine\Widget Data\Yahoo! Weather\location data.db L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Application Data\Yahoo\Widget Engine\Widgets DB\widgets.db L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Historique\History.IE5\MSHist012008060520080606\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Temp\Perflib_Perfdata_11c.dat L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Temp\Perflib_Perfdata_210.dat L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Temp\WT1175.tmp L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Temp\WT1176.tmp L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Temp\WT1177.tmp L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Temp\WT15B.tmp L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Temp\WT15C.tmp L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Temp\WT15D.tmp L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Temp\WT16A4.tmp L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Temp\WT16A5.tmp L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Temp\WT16A6.tmp L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Temp\WT16A9.tmp L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Temp\WT16AA.tmp L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Temp\WT16AB.tmp L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Temp\~DF66CB.tmp L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Temp\~DF66E5.tmp L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Temp\~DFCADF.tmp L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Temp\~DFCAFC.tmp L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Temp\~DFEB21.tmp L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Temp\~DFEB3B.tmp L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Temp\~VM14.tmp L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Temp\~VM15.tmp L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Temp\~VM16.tmp L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Temp\~VM17.tmp L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Temp\~VM18.tmp L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Temp\~VM19.tmp L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Temp\~VM1A.tmp L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Temp\~VM1B.tmp L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\Mes documents\Corel User Files\WT13FR.UWL L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\SHUTTLE--5\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Program Files\HP\hpcoretech\hpcmerr.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\_restore{FC42CBC6-9C07-4CB6-A55A-DF510F42597B}\RP52\change.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\Debug\Setup\UpdSh.log L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\svcpack.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edbtmp.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\config\ACEEvent.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré E:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré Analyse terminée.
  21. Mara
    Hello! Voilà le rapport TCleaner: -->- Recherche: C:\Qoobox: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé ! C:\Documents and Settings\SHUTTLE--5\Bureau\HijackThis.lnk: trouvé ! C:\Program Files\Trend Micro\HijackThis: trouvé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé ! C:\Program Files\Yahoo!\Widgets\UnixUtils\usr\local\wbin\tar.exe: trouvé ! C:\Program Files\Yahoo!\Widgets\UnixUtils\usr\local\wbin\gzip.exe: trouvé ! --------------------------------- -->- Suppression: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé ! C:\Documents and Settings\SHUTTLE--5\Bureau\HijackThis.lnk: supprimé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé ! C:\Program Files\Yahoo!\Widgets\UnixUtils\usr\local\wbin\tar.exe: supprimé ! C:\Program Files\Yahoo!\Widgets\UnixUtils\usr\local\wbin\gzip.exe: supprimé ! C:\Qoobox: supprimé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé ! C:\Program Files\Trend Micro\HijackThis: supprimé !
  22. Mara
    Bon, j'ai finalement installé Antivir et Kerio FireWall, j'ai fait une analyse avec antivir en mode sans echec, voilà le rapport: Avira AntiVir Personal Report file date: mercredi 4 juin 2008 16:00 Scanning for 1310153 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Save mode Username: SHUTTLE--5 Computer name: SHUTTLE3 Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 21:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 20:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 20:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 20:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 22:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 01:08:58 ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 01/06/2008 01:43:38 ANTIVIR3.VDF : 7.0.4.143 92672 Bytes 04/06/2008 01:43:44 Engineversion : 8.1.0.51 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 21:58:21 AESCRIPT.DLL : 8.1.0.37 270715 Bytes 05/06/2008 01:44:59 AESCN.DLL : 8.1.0.20 119157 Bytes 05/06/2008 01:44:55 AERDL.DLL : 8.1.0.20 418165 Bytes 05/06/2008 01:44:50 AEPACK.DLL : 8.1.1.5 364918 Bytes 05/06/2008 01:44:39 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 05/06/2008 01:44:32 AEHEUR.DLL : 8.1.0.29 1253750 Bytes 05/06/2008 01:44:25 AEHELP.DLL : 8.1.0.15 115063 Bytes 05/06/2008 01:44:04 AEGEN.DLL : 8.1.0.25 307573 Bytes 05/06/2008 01:44:00 AEEMU.DLL : 8.1.0.6 430451 Bytes 05/06/2008 01:43:53 AECORE.DLL : 8.1.0.30 168311 Bytes 05/06/2008 01:43:48 AVWINLL.DLL : 1.0.0.7 14593 Bytes 24/01/2008 05:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 22:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 17/04/2007 01:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 24/01/2008 05:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 20:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 20:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/01/2008 05:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 24/01/2008 05:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 26/01/2008 00:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 11/03/2008 02:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 07/03/2008 00:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, E:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: high Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: mercredi 4 juin 2008 16:00 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'E:\' [iNFO] No virus was found! Starting to scan the registry. C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QT [NOTE] The file was moved to '48b64918.qua'! The registry was scanned ( '47' files ). Starting the file scan: Begin scan in 'C:\' <system> C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\SHUTTLE--5\Bureau\Combo-Fix.exe [DETECTION] Contains detection pattern of the application APPL/Tool.NirCmd.D [DETECTION] Contains detection pattern of the application APPL/Rmadmin.131072 [DETECTION] Contains detection pattern of the SPR/Tool.PV program [NOTE] The file was moved to '48b44973.qua'! C:\Documents and Settings\SHUTTLE--5\Bureau\13 mars 2008\Documents\Mara\Programs\Adobe\Photoshop CS2 9.0\Keygen Photoshop CS2 Fr.exe [DETECTION] Contains detection pattern of the worm WORM/Autorun.cxl [NOTE] The file was moved to '48c04a7f.qua'! C:\Documents and Settings\SHUTTLE--5\Bureau\13 mars 2008\Documents\Mara\Programs\Norton Antivirus 2005\Norton SystemWorks 2005\crack\kgnsw.exe [DETECTION] Is the Trojan horse TR/Dldr.Delf.BR.3 [NOTE] The file was moved to '48b54bee.qua'! C:\Documents and Settings\SHUTTLE--5\Bureau\13 mars 2008\Documents\Mara\Programs\Norton Antivirus 2005\Norton SystemWorks 2005\GoBack\Setup.exe [DETECTION] Contains detection pattern of the dial-up program DIAL/Generic [NOTE] The file was moved to '48bb4bf1.qua'! C:\Documents and Settings\SHUTTLE--5\Bureau\13 mars 2008\Documents\Mara\Programs\WinRAR\keygen.0xe [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.aac.4 Backdoor server programs [NOTE] The file was moved to '48c04ea7.qua'! C:\QooBox\Quarantine\catchme2008-06-03_105907.76.zip [0] Archive type: ZIP --> wintems.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B --> mdelk.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B --> hldrrr.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QT --> mdelk.exe.1 [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QT [NOTE] The file was moved to '48bb5f17.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\190-533 - DOMINO.DOC SYSTEM ADMINISTRATION 3.0 Practice Test Questions 1.0.zip.vir [0] Archive type: ZIP --> 190-533 - DOMINO.DOC SYSTEM ADMINISTRATION 3.0 Practice Test Questions 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48775eef.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\1st DVD Backup Pro 3.0.1 [With Crack].zip.vir [0] Archive type: ZIP --> 1st DVD Backup Pro 3.0.1 [With Crack].exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48bb5f2a.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\642-582 Free Test Exam Questions 10.0 KeyGen.zip.vir [0] Archive type: ZIP --> 642-582 Free Test Exam Questions 10.0 KeyGen.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48795eec.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Abilities Builder Fraction Facts 3.5 With Crack.zip.vir [0] Archive type: ZIP --> Abilities Builder Fraction Facts 3.5 With Crack.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b05f1b.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Active Audio Record 2.0.2006.918.zip.vir [0] Archive type: ZIP --> Active Audio Record 2.0.2006.918.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48bb5f1c.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Active Directory Collector 1.1.zip.vir [0] Archive type: ZIP --> Active Directory Collector 1.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48bb5f1d.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\AdRem Server Manager 6.0 [Patch].zip.vir [0] Archive type: ZIP --> AdRem Server Manager 6.0 [Patch].exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48995f1f.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Advanced DHTML Popup Pro 2.30.026.zip.vir [0] Archive type: ZIP --> Advanced DHTML Popup Pro 2.30.026.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48bd5f20.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Adventure Pinball Forgotten Island.zip.vir [0] Archive type: ZIP --> Adventure Pinball Forgotten Island.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '493b6941.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\All My Auctions 2.0.zip.vir [0] Archive type: ZIP --> All My Auctions 2.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b35f29.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Allmydata 1.7.4.zip.vir [0] Archive type: ZIP --> Allmydata 1.7.4.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b35f2a.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Allrecipes.com Recipe Finder 1.0.zip.vir [0] Archive type: ZIP --> Allrecipes.com Recipe Finder 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b35f2b.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\ALTools Lunar Zodiac Horse Wallpaper 2005.zip.vir [0] Archive type: ZIP --> ALTools Lunar Zodiac Horse Wallpaper 2005.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '489b5f0b.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Amplitude Imposer 1.00.zip.vir [0] Archive type: ZIP --> Amplitude Imposer 1.00.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b75f2e.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Antivir.Personal.Edition.Premium.7.-.Key.zip.vir [0] Archive type: ZIP --> Antivir.Personal.Edition.Premium.7.-.Key.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48bb5f2f.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Approver.com Document Alerts 0.9.1.zip.vir [0] Archive type: ZIP --> Approver.com Document Alerts 0.9.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b75f32.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Arafasoft Power Machine Cleaner 2.1.zip.vir [0] Archive type: ZIP --> Arafasoft Power Machine Cleaner 2.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48a85f35.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\ArchCalc 1.6.zip.vir [0] Archive type: ZIP --> ArchCalc 1.6.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48aa5f36.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\AskUsChat 2.0 (Key).zip.vir [0] Archive type: ZIP --> AskUsChat 2.0 (Key).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b25f38.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Aspose.Slides for Reporting Services 1.0.0.0 [Cracked].zip.vir [0] Archive type: ZIP --> Aspose.Slides for Reporting Services 1.0.0.0 [Cracked].exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b75f38.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\AudioRight Professional 2.0.zip.vir [0] Archive type: ZIP --> AudioRight Professional 2.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48ab5f3c.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Auslogics System Information 1.0.5.148.zip.vir [0] Archive type: ZIP --> Auslogics System Information 1.0.5.148.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48ba5f3d.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\avast-keygen.4.6.691.zip.vir [0] Archive type: ZIP --> avast-keygen.4.6.691.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48a85f3e.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Avi Previewer 2.26 Serial.zip.vir [0] Archive type: ZIP --> Avi Previewer 2.26 Serial.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b05f3f.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Bass Fretboard Addict 1.2 Key.zip.vir [0] Archive type: ZIP --> Bass Fretboard Addict 1.2 Key.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48ba5f2b.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Battlefield 1942 Forgotten Hope Patch 0.5f.zip.vir [0] Archive type: ZIP --> Battlefield 1942 Forgotten Hope Patch 0.5f.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48bb5f2c.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\BlubberPatrol 2.0.3.zip.vir [0] Archive type: ZIP --> BlubberPatrol 2.0.3.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48bc5f38.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Bridal Jewelry Screensaver 2.0.zip.vir [0] Archive type: ZIP --> Bridal Jewelry Screensaver 2.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b05f3e.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Cabri 3D 2.0.0.279.zip.vir [0] Archive type: ZIP --> Cabri 3D 2.0.0.279.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48a95f2e.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Calendar Builder 3.46 (Key).zip.vir [0] Archive type: ZIP --> Calendar Builder 3.46 (Key).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b35f2f.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Canasta 2006.1.zip.vir [0] Archive type: ZIP --> Canasta 2006.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b55f30.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Car Expense Tracker 1.1.21 (Key+Serial).zip.vir [0] Archive type: ZIP --> Car Expense Tracker 1.1.21 (Key+Serial).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b95f30.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\CD Banker 2.0.4.zip.vir [0] Archive type: ZIP --> CD Banker 2.0.4.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48675f14.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\CD Box Labeler Pro 1.9.9G (Key+Serial).zip.vir [0] Archive type: ZIP --> CD Box Labeler Pro 1.9.9G (Key+Serial).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48675f15.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\CDDB 0.5.zip.vir [0] Archive type: ZIP --> CDDB 0.5.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '488b5f16.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\CheckBox Ex 1.20 With Crack.zip.vir [0] Archive type: ZIP --> CheckBox Ex 1.20 With Crack.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48ac5f3b.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\ChessSolutions 1.0.zip.vir [0] Archive type: ZIP --> ChessSolutions 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '492a695c.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\CleanDisk 3.0 Crack.zip.vir [0] Archive type: ZIP --> CleanDisk 3.0 Crack.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48ac5f40.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Clear RSS News 2.0.zip.vir [0] Archive type: ZIP --> Clear RSS News 2.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48ac5f42.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Clipboard Buddy 1.04.zip.vir [0] Archive type: ZIP --> Clipboard Buddy 1.04.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b05f43.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\CoffeeCup Flash Blogger 4.5.zip.vir [0] Archive type: ZIP --> CoffeeCup Flash Blogger 4.5.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48ad5f46.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Color-by-Example 2.0 [With Crack].zip.vir [0] Archive type: ZIP --> Color-by-Example 2.0 [With Crack].exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b35f47.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Conquest Frontier Wars .ini fix patch.zip.vir [0] Archive type: ZIP --> Conquest Frontier Wars .ini fix patch.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b55f48.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Convert .NET 3.1.2664.zip.vir [0] Archive type: ZIP --> Convert .NET 3.1.2664.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b55f49.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Cool Paint 2.6.0.1.zip.vir [0] Archive type: ZIP --> Cool Paint 2.6.0.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b65f49.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Cool Plane Game 2.zip.vir [0] Archive type: ZIP --> Cool Plane Game 2.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b65f4a.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Covered by Love 1.0.zip.vir [0] Archive type: ZIP --> Covered by Love 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48bd5f4b.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\CZ-Pdf2Txt COM 2.0 (Key).zip.vir [0] Archive type: ZIP --> CZ-Pdf2Txt COM 2.0 (Key).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48745f37.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\DataThief 1.0.zip.vir [0] Archive type: ZIP --> DataThief 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48bb5f3f.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\dbDeveloper 2.19.00 [Patch].zip.vir [0] Archive type: ZIP --> dbDeveloper 2.19.00 [Patch].exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '488b5f41.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\DeskSpace (formerly Yod'm 3D) 1.4.zip.vir [0] Archive type: ZIP --> DeskSpace (formerly Yod'm 3D) 1.4.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48ba5f45.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Desktop Author 5.5.3.zip.vir [0] Archive type: ZIP --> Desktop Author 5.5.3.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48ba5f46.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Desktop Authority Express 6.60.zip.vir [0] Archive type: ZIP --> Desktop Authority Express 6.60.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48ba5f47.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Devils Planet toolbar for Firefox 1.5.0.4.zip.vir [0] Archive type: ZIP --> Devils Planet toolbar for Firefox 1.5.0.4.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48bd5f47.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Die by the Sword demo.zip.vir [0] Archive type: ZIP --> Die by the Sword demo.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48ac5f4c.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Drive2Drive 2.0 (KeyGen).zip.vir [0] Archive type: ZIP --> Drive2Drive 2.0 (KeyGen).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b05f56.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\DWGgateway 2.1.zip.vir [0] Archive type: ZIP --> DWGgateway 2.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '488e5f3d.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Easy wav mp3 Converter 3.7.zip.vir [0] Archive type: ZIP --> Easy wav mp3 Converter 3.7.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '493c6928.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\EasySetup 0.7.8b.zip.vir [0] Archive type: ZIP --> EasySetup 0.7.8b.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48ba5f48.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Email Compare & Remove Duplicate Lists Software 7.0.zip.vir [0] Archive type: ZIP --> Email Compare & Remove Duplicate Lists Software 7.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48a85f55.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Exact Test 1.0.0.1.zip.vir [0] Archive type: ZIP --> Exact Test 1.0.0.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48a85f61.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Expert Email Validator 3.0.6 (KeyGen).zip.vir [0] Archive type: ZIP --> Expert Email Validator 3.0.6 (KeyGen).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b75f61.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Ext-HTML 1.4.zip.vir [0] Archive type: ZIP --> Ext-HTML 1.4.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48bb5f62.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\EZVSoft 2.0.62.zip.vir [0] Archive type: ZIP --> EZVSoft 2.0.62.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '489d5f45.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\EzyEating 4.00.0026 (Serial).zip.vir [0] Archive type: ZIP --> EzyEating 4.00.0026 (Serial).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48c05f66.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\FileCarver 1.0.0.zip.vir [0] Archive type: ZIP --> FileCarver 1.0.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b35f56.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\FileMove Pro 1.50.02.zip.vir [0] Archive type: ZIP --> FileMove Pro 1.50.02.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b35f57.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\FlexCell Grid Control 5.1.zip.vir [0] Archive type: ZIP --> FlexCell Grid Control 5.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48ac5f5a.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Folder Cache 2.6.zip.vir [0] Archive type: ZIP --> Folder Cache 2.6.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b35f5e.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Folder Watchdog Service 1.6.zip.vir [0] Archive type: ZIP --> Folder Watchdog Service 1.6.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '4935693f.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\FollowUp 1.0.zip.vir [0] Archive type: ZIP --> FollowUp 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b35f60.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\FraiZZiBox 1.0 build 100.34.zip.vir [0] Archive type: ZIP --> FraiZZiBox 1.0 build 100.34.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48a85f64.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Frame Freeze 1.5 (Crack).zip.vir [0] Archive type: ZIP --> Frame Freeze 1.5 (Crack).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '492e6905.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\FroogleUp 1.2.3.zip.vir [0] Archive type: ZIP --> FroogleUp 1.2.3.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b65f65.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Fx Audio Editor 4.7.12.zip.vir [0] Archive type: ZIP --> Fx Audio Editor 4.7.12.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48675f6d.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Gearslutz - Music Equipment Forum Search 1.0.zip.vir [0] Archive type: ZIP --> Gearslutz - Music Equipment Forum Search 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48a85f5b.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Google Video Studio Pro 4.2.1.zip.vir [0] Archive type: ZIP --> Google Video Studio Pro 4.2.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '49306906.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Grandma Book of Recipes 1.00 (Crack).zip.vir [0] Archive type: ZIP --> Grandma Book of Recipes 1.00 (Crack).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48a85f69.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Harry Potter Goblet of Fire 1.zip.vir [0] Archive type: ZIP --> Harry Potter Goblet of Fire 1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b95f59.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\History Cleaner 3.13 KeyGen.zip.vir [0] Archive type: ZIP --> History Cleaner 3.13 KeyGen.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48ba5f62.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Hot Keyboard 2.7.zip.vir [0] Archive type: ZIP --> Hot Keyboard 2.7.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48bb5f69.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Hotkey Jumpstart 1.2.zip.vir [0] Archive type: ZIP --> Hotkey Jumpstart 1.2.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '493d690a.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\HotlinkBlocker 1.4 Crack.zip.vir [0] Archive type: ZIP --> HotlinkBlocker 1.4 Crack.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48bb5f6b.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\How To Teach 1.0 (Key+Serial).zip.vir [0] Archive type: ZIP --> How To Teach 1.0 (Key+Serial).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48be5f6b.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Imagizer 1.0.zip.vir [0] Archive type: ZIP --> Imagizer 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48a85f6a.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Imperator FLA 3.0.zip.vir [0] Archive type: ZIP --> Imperator FLA 3.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b75f6b.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\IMS Assesst Designer 1.4.5 (Patch).zip.vir [0] Archive type: ZIP --> IMS Assesst Designer 1.4.5 (Patch).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '489a5f4c.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\InfoBox 3.0 Crack.zip.vir [0] Archive type: ZIP --> InfoBox 3.0 Crack.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48ad5f6e.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Inzomia Image Encrypt 1.02.zip.vir [0] Archive type: ZIP --> Inzomia Image Encrypt 1.02.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48c15f6f.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\IP_SpaceMon 3.4.10.zip.vir [0] Archive type: ZIP --> IP_SpaceMon 3.4.10.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48a65f51.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\iUnformat NTFS 1.9.757.zip.vir [0] Archive type: ZIP --> iUnformat NTFS 1.9.757.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b55f58.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\JPEG Lossless Resave plug-in for Photoshop 1.1.zip.vir [0] Archive type: ZIP --> JPEG Lossless Resave plug-in for Photoshop 1.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '488c5f54.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Kaspersky_Personal_Network_Security_(Windows).zip.vir [0] Archive type: ZIP --> Kaspersky_Personal_Network_Security_(Windows).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48ba5f65.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Keygen.BitDefender.v9.Pro.Plus.par.eMule-Paradise.com.+.Argent.avec.logique.mathématique.zip.vir [0] Archive type: ZIP --> Keygen.BitDefender.v9.Pro.Plus.par.eMule-Paradise.com.+.Argent.avec.logique.mathᅢᄅmatique.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48c05f6a.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\KeyScrambler Professional 1.0.1 Key+Serial.zip.vir [0] Archive type: ZIP --> KeyScrambler Professional 1.0.1 Key+Serial.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48c05f6b.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Korg EM-1 Editor 2.00.zip.vir [0] Archive type: ZIP --> Korg EM-1 Editor 2.00.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b95f76.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Lan Dial 1.03.zip.vir [0] Archive type: ZIP --> Lan Dial 1.03.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b55f69.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\LinesHelper 1.0.zip.vir [0] Archive type: ZIP --> LinesHelper 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b55f71.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\LingvoSoft Talking Dictionary 2006 Spanish Chinese Traditional 3.1.41 Patch.zip.vir [0] Archive type: ZIP --> LingvoSoft Talking Dictionary 2006 Spanish Chinese Traditional 3.1.41 Patch.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b55f72.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\LvBsX Virtual music composer 1.0.2D Key+Serial.zip.vir [0] Archive type: ZIP --> LvBsX Virtual music composer 1.0.2D Key+Serial.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48895f80.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MagicScore MIDI to WAV 1.016 [Key+Serial].zip.vir [0] Archive type: ZIP --> MagicScore MIDI to WAV 1.016 [Key+Serial].exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48ae5f6c.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MaltaDiving 2.2.zip.vir [0] Archive type: ZIP --> MaltaDiving 2.2.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b35f6d.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Matrix Code Emulator Screensaver 1.5.zip.vir [0] Archive type: ZIP --> Matrix Code Emulator Screensaver 1.5.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48bb5f6e.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Micro C 8096 Development System 2.16l.zip.vir [0] Archive type: ZIP --> Micro C 8096 Development System 2.16l.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48aa5f76.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Microsoft iSNS Server RC 2.3.zip.vir [0] Archive type: ZIP --> Microsoft iSNS Server RC 2.3.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48aa5f78.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Microsoft Windows Media Player 11 build 11.0.5721.5145 FINAL.zip.vir [0] Archive type: ZIP --> Microsoft Windows Media Player 11 build 11.0.5721.5145 FINAL.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '492c6919.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Military Operation 2.zip.vir [0] Archive type: ZIP --> Military Operation 2.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b35f79.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MISPBO Registry Cleaner 3.0.zip.vir [0] Archive type: ZIP --> MISPBO Registry Cleaner 3.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '489a5f5b.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MITCalc 1.40 (Key).zip.vir [0] Archive type: ZIP --> MITCalc 1.40 (Key).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '489b5f5b.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Moveo Movies Pro 1.00.zip.vir [0] Archive type: ZIP --> Moveo Movies Pro 1.00.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48bd5f82.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Movies Database 1.39.zip.vir [0] Archive type: ZIP --> Movies Database 1.39.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48bd5f83.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MP3 Search Premium 2.2.zip.vir [0] Archive type: ZIP --> MP3 Search Premium 2.2.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '487a5f65.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MP3i Creator LX 3.0.1.03.zip.vir [0] Archive type: ZIP --> MP3i Creator LX 3.0.1.03.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '49fc6906.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Multi User Desktop 2004 2.0.zip.vir [0] Archive type: ZIP --> Multi User Desktop 2004 2.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b35f8c.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MyLib 0.92 RC.zip.vir [0] Archive type: ZIP --> MyLib 0.92 RC.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48935f90.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MySurf Easy UninstAll 2.0 [Key+Serial].zip.vir [0] Archive type: ZIP --> MySurf Easy UninstAll 2.0 [Key+Serial].exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '489a5f91.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Neat Video plug-in for VirtualDub 1.5.zip.vir [0] Archive type: ZIP --> Neat Video plug-in for VirtualDub 1.5.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48a85f7e.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Net Tools 4.5.74.zip.vir [0] Archive type: ZIP --> Net Tools 4.5.74.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48bb5f7f.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\NetCFax Pro+ networked fax system 3.52.zip.vir [0] Archive type: ZIP --> NetCFax Pro+ networked fax system 3.52.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48bb5f80.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\NFL Office Pool 2.0.0.6 [Patch].zip.vir [0] Archive type: ZIP --> NFL Office Pool 2.0.0.6 [Patch].exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48935f62.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Nicepodweb 1.01.zip.vir [0] Archive type: ZIP --> Nicepodweb 1.01.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48aa5f85.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\nod32.nod.32.pass.2005.funzionante!!!!!!!!!!.100%.working.zip.vir [0] Archive type: ZIP --> nod32.nod.32.pass.2005.funzionante!!!!!!!!!!.100%.working.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48ab5f8c.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\NovaBACKUP Server Edition 8.0.3.0.zip.vir [0] Archive type: ZIP --> NovaBACKUP Server Edition 8.0.3.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48bd5f8d.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Novell 50-664 Exam (Key).zip.vir [0] Archive type: ZIP --> Novell 50-664 Exam (Key).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48bd5f8e.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Okoker RM to AVI DIVX MPEG DVD Converter&Burner 2.5.zip.vir [0] Archive type: ZIP --> Okoker RM to AVI DIVX MPEG DVD Converter&Burner 2.5.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b65f8b.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\One Vision - Church Membership Software 5.17.62.zip.vir [0] Archive type: ZIP --> One Vision - Church Membership Software 5.17.62.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48ac5f8f.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Operation Flashpoint Cold War Crisis - Introduction map.zip.vir [0] Archive type: ZIP --> Operation Flashpoint Cold War Crisis - Introduction map.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48ac5f91.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Panda.platinum.internet.security.8.05.01.(TruePrevent).Codigos.de.actualiza cion.zip.vir [0] Archive type: ZIP --> Panda.platinum.internet.security.8.05.01.(TruePrevent).Codigos.de.actualizacion. exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b55f84.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\PDF Split Merge Page Box 1.0 [Cracked].zip.vir [0] Archive type: ZIP --> PDF Split Merge Page Box 1.0 [Cracked].exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '488d5f67.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\PDF Stamp 2.0.zip.vir [0] Archive type: ZIP --> PDF Stamp 2.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '488d5f68.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\PicDownloader 4.0.zip.vir [0] Archive type: ZIP --> PicDownloader 4.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48aa5f8e.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Pocket Notepad 1.4.zip.vir [0] Archive type: ZIP --> Pocket Notepad 1.4.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48aa5f95.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\ProfCast 1.zip.vir [0] Archive type: ZIP --> ProfCast 1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b65f99.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\QBAutomation - Merchant 1.0.0 [Patch].zip.vir [0] Archive type: ZIP --> QBAutomation - Merchant 1.0.0 [Patch].exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48885f6a.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\QuadSucker-News 4.8.zip.vir [0] Archive type: ZIP --> QuadSucker-News 4.8.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48a85f9d.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Query Tool (using ODBC) 6.1.2.8 Cracked.zip.vir [0] Archive type: ZIP --> Query Tool (using ODBC) 6.1.2.8 Cracked.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48ac5f9e.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Random Number Generator Pro 1.38.zip.vir [0] Archive type: ZIP --> Random Number Generator Pro 1.38.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b55f8c.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\RealLastLogon 1.0.zip.vir [0] Archive type: ZIP --> RealLastLogon 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48a85f90.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Repacer 1.5.1.zip.vir [0] Archive type: ZIP --> Repacer 1.5.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b75f91.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\ROTATE3D 1.0C.zip.vir [0] Archive type: ZIP --> ROTATE3D 1.0C.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '489b5f7c.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\rss2twitter 0.2.zip.vir [0] Archive type: ZIP --> rss2twitter 0.2.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48ba5fa1.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\RSScrawler 2.0.9.zip.vir [0] Archive type: ZIP --> RSScrawler 2.0.9.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '489a5f82.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Schedules4Team 3.00.0455.zip.vir [0] Archive type: ZIP --> Schedules4Team 3.00.0455.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48af5f93.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Science of Getting Rich 1.0 KeyGen.zip.vir [0] Archive type: ZIP --> Science of Getting Rich 1.0 KeyGen.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b05f94.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Seavus Project Viewer 2.6.5.zip.vir [0] Archive type: ZIP --> Seavus Project Viewer 2.6.5.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48a85f97.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Secure Login 0.8.1.3.zip.vir [0] Archive type: ZIP --> Secure Login 0.8.1.3.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48aa5f98.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Seeker 3.2.zip.vir [0] Archive type: ZIP --> Seeker 3.2.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48ac5f99.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Selkie Rescue 2.0.0 (Cracked).zip.vir [0] Archive type: ZIP --> Selkie Rescue 2.0.0 (Cracked).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b35f99.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Selteco Image Mapper 1.0 Patch.zip.vir [0] Archive type: ZIP --> Selteco Image Mapper 1.0 Patch.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b35f9a.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Serial.Panda.2007.Panda.Firewall.2007.Panda.Internet.Security.2007.Titanium .2007.Platinum.2007.zip.vir [0] Archive type: ZIP --> Serial.Panda.2007.Panda.Firewall.2007.Panda.Internet.Security.2007.Titanium.2007 .Platinum.2007.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b95f9b.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\ServiceView 1.3.903.8.zip.vir [0] Archive type: ZIP --> ServiceView 1.3.903.8.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b95f9c.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Shanghai Street Racer demo.zip.vir [0] Archive type: ZIP --> Shanghai Street Racer demo.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48a85fa0.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Simply go! 1.5.zip.vir [0] Archive type: ZIP --> Simply go! 1.5.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b45fa1.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\SiSoftware Sandra Lite 2007.7.11.80 XI.SP4a.zip.vir [0] Archive type: ZIP --> SiSoftware Sandra Lite 2007.7.11.80 XI.SP4a.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '489a5fa2.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\SmartScore Pro 3.3.1.zip.vir [0] Archive type: ZIP --> SmartScore Pro 3.3.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48a85fa7.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Smash 2.0 build 177.zip.vir [0] Archive type: ZIP --> Smash 2.0 build 177.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48a85fa8.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\SMS PC text to Mobile 1.01.zip.vir [0] Archive type: ZIP --> SMS PC text to Mobile 1.01.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '489a5f89.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\SOAPtest 3.0.2.zip.vir [0] Archive type: ZIP --> SOAPtest 3.0.2.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48885f8b.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Source Edit 4.0 revision 3.zip.vir [0] Archive type: ZIP --> Source Edit 4.0 revision 3.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48bc5fac.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\SpamJam 2.1.zip.vir [0] Archive type: ZIP --> SpamJam 2.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48a85fae.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Spy2Bust 1.zip.vir [0] Archive type: ZIP --> Spy2Bust 1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48c05faf.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Spytector 1.3.1.zip.vir [0] Archive type: ZIP --> Spytector 1.3.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48c05fb0.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Star Trek Armada II Adon Mod.zip.vir [0] Archive type: ZIP --> Star Trek Armada II Adon Mod.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48a85fb4.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Stellar Phoenix BSD Recovery Software 1.zip.vir [0] Archive type: ZIP --> Stellar Phoenix BSD Recovery Software 1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48ac5fb5.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\SUPER 2007 Build 23.zip.vir [0] Archive type: ZIP --> SUPER 2007 Build 23.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48975f97.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Super Jigsaw Puzzle 1.0.zip.vir [0] Archive type: ZIP --> Super Jigsaw Puzzle 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b75fb8.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\SurfSaver 6 1.0.zip.vir [0] Archive type: ZIP --> SurfSaver 6 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b95fb9.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Swarm Racer 2.zip.vir [0] Archive type: ZIP --> Swarm Racer 2.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48a85fbb.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\System Scheduler Professional 3.73 (Patch).zip.vir [0] Archive type: ZIP --> System Scheduler Professional 3.73 (Patch).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48ba5fbe.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\The Ringtone Maker 3.4.0.zip.vir [0] Archive type: ZIP --> The Ringtone Maker 3.4.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48ac5fae.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Times Up 3.1 (Crack).zip.vir [0] Archive type: ZIP --> Times Up 3.1 (Crack).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b45fb0.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\TruAudit 1.8.1.zip.vir [0] Archive type: ZIP --> TruAudit 1.8.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48bc5fba.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\TSMVersionInfo component.zip.vir [0] Archive type: ZIP --> TSMVersionInfo component.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48945f9c.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Turbo-Locator x86 6.01.zip.vir [0] Archive type: ZIP --> Turbo-Locator x86 6.01.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b95fbf.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\TweakNow RegCleaner Professional 2.9.9a.zip.vir [0] Archive type: ZIP --> TweakNow RegCleaner Professional 2.9.9a.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48ac5fc1.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\UBCD4WIN 3.0.6.zip.vir [0] Archive type: ZIP --> UBCD4WIN 3.0.6.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '488a5f8e.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Uri Fridman Cat 1.0.zip.vir [0] Archive type: ZIP --> Uri Fridman Cat 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b05fbf.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Vinyl Ripper 2.0 [Crack].zip.vir [0] Archive type: ZIP --> Vinyl Ripper 2.0 [Crack].exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b55fb6.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Virtual Stopwatch 3.14 [Crack].zip.vir [0] Archive type: ZIP --> Virtual Stopwatch 3.14 [Crack].exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b95fb7.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Visonair.tv Ogg Streamer 1.1.2.240.zip.vir [0] Archive type: ZIP --> Visonair.tv Ogg Streamer 1.1.2.240.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48ba5fb8.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Vivid Report for C++ Builder 5 3.0 Std Crack.zip.vir [0] Archive type: ZIP --> Vivid Report for C++ Builder 5 3.0 Std Crack.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48bd5fb9.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Volume [Cracked].zip.vir [0] Archive type: ZIP --> Volume [Cracked].exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b35fc0.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\VRS Recording System 4.04.zip.vir [0] Archive type: ZIP --> VRS Recording System 4.04.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '489a5fa4.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Warcraft III - To Outrace the Griffin map.zip.vir [0] Archive type: ZIP --> Warcraft III - To Outrace the Griffin map.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b95fb3.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Web Easy Express 6.0 [Key+Serial].zip.vir [0] Archive type: ZIP --> Web Easy Express 6.0 [Key+Serial].exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48a95fb8.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\WebLog Expert 4.2 Beta 2 (Crack).zip.vir [0] Archive type: ZIP --> WebLog Expert 4.2 Beta 2 (Crack).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48a95fb9.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\WebPosition Standard 4.0a build 763 [With Crack].zip.vir [0] Archive type: ZIP --> WebPosition Standard 4.0a build 763 [With Crack].exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48a95fba.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Webutility (French) 7.7.zip.vir [0] Archive type: ZIP --> Webutility (French) 7.7.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48a95fbb.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\WhosOn 4.3.374 (Key).zip.vir [0] Archive type: ZIP --> WhosOn 4.3.374 (Key).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b65fbf.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\WinAmp IRemote 1.0.zip.vir [0] Archive type: ZIP --> WinAmp IRemote 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b55fc1.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Windows Me Malformed IPX NMPI Packet Vulnerability Patch.zip.vir [0] Archive type: ZIP --> Windows Me Malformed IPX NMPI Packet Vulnerability Patch.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '493369a2.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\WinSpeedUp 2.8 KeyGen.zip.vir [0] Archive type: ZIP --> WinSpeedUp 2.8 KeyGen.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b55fc2.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\WordBanker English-Chinese(Simplified) 5.1.0.zip.vir [0] Archive type: ZIP --> WordBanker English-Chinese(Simplified) 5.1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b95fc9.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\World Shirts 1.1.zip.vir [0] Archive type: ZIP --> World Shirts 1.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48b95fca.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\XP Tools Software Aquarium Screensaver 1.0.zip.vir [0] Archive type: ZIP --> XP Tools Software Aquarium Screensaver 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48675fac.qua'! C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Yahoo Search Tool Bar 1.zip.vir [0] Archive type: ZIP --> Yahoo Search Tool Bar 1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IO [NOTE] The file was moved to '48af5fbe.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '492f4042.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\wintems.exe.vir [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '48b55fc6.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\hldrrr.exe.vir [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '48ab5fca.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\mdelk.exe.vir [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '48ac5fc3.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\15178609.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [NOTE] The file was moved to '48785f95.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\1693640.0xe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [NOTE] The file was moved to '48805f97.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\17316812.0xe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [NOTE] The file was moved to '487a5f99.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\23142859.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [NOTE] The file was moved to '48785f97.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\34023140.0xe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [NOTE] The file was moved to '48775f9a.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\80437.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [NOTE] The file was moved to '487b5f99.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\81421.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [NOTE] The file was moved to '487b5f9a.qua'! Begin scan in 'E:\' <data> End of the scan: mercredi 4 juin 2008 17:59 Used time: 1:59:11 min The scan has been done completely. 16882 Scanning directories 476021 Files were scanned 219 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 214 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 475802 Files not concerned 4083 Archives were scanned 1 Warnings 214 Notes
  23. Mara
    Re-bonjour! Alors voilà, j'ai enfin fait tout ce que tu as demandé, tout s'est bien passé, bien que ce fut un peu long... Je te mets les différents rapports, cependant je n'ai pas encore installer antivir, ni kerio, j'attends que tout soit clean. Ensuite je terminerais par une analyse avec antivir... Voilà le rapport Elibagla: Tue Jun 03 09:07:24 2008 EliBagle v11.45 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2008) ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado. C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. C:\DOCUMENTS AND SETTINGS\SHUTTLE--5\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado. C:\DOCUMENTS AND SETTINGS\SHUTTLE--5\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle Restaurada Clave: "SafeBoot\Minimal y Network" Reinicie para Completar la Limpieza. Wed Jun 04 08:51:00 2008 EliBagle v11.45 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2008) ---------------------------------------------- Lista de Acciones (por Acción Directa): Wed Jun 04 08:51:06 2008 EliBagle v11.45 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2008) ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ C:\QooBox\Quarantine\C\Documents and Settings\SHUTTLE--5\Application Data\m\DATA.OCT.VIR --> Eliminado Bagle.dldr C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\15326984.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\1725984.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\1912312.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\23206343.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\259265.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\34247750.0XE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\49303937.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\64262109.0XE.VIR --> Eliminado Bagle Nº Total de Directorios: 16772 Nº Total de Ficheros: 108920 Nº de Ficheros Analizados: 13753 Nº de Ficheros Infectados: 9 Nº de Ficheros Limpiados: 9 Voilà le rapport Malwarebytes': Malwarebytes' Anti-Malware 1.14 Version de la base de données: 824 15:10:23 04/06/2008 mbam-log-6-4-2008 (15-10-23).txt Type de recherche: Examen complet (C:\|E:\|) Eléments examinés: 163737 Temps écoulé: 5 hour(s), 59 minute(s), 31 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowNetPlaces (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Et enfin, le rapport HiJackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:29:38, on 04/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [uberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/P...000022.0000004e O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://toolbar.imageshack.us O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://www.adobe.com/products/acrobat/nos/gp.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Moon Secure Antivirus Core (msav) - Unknown owner - C:\Program Files\Moon Secure Antivirus\msavcore.exe (file missing) O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 8285 bytes
  24. Mara
    Voilà le rapport ComboFix, qu'en penses-tu, merci... : ComboFix 08-06-01.6 - SHUTTLE--5 2008-06-03 10:55:37.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.203 [GMT -10:00] Endroit: C:\Documents and Settings\SHUTTLE--5\Bureau\Combo-Fix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\SHUTTLE--5\Application Data\m C:\Documents and Settings\SHUTTLE--5\Application Data\m\data.oct C:\Documents and Settings\SHUTTLE--5\Application Data\m\list.oct C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\190-533 - DOMINO.DOC SYSTEM ADMINISTRATION 3.0 Practice Test Questions 1.0.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\1st DVD Backup Pro 3.0.1 [With Crack].zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\642-582 Free Test Exam Questions 10.0 KeyGen.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Abilities Builder Fraction Facts 3.5 With Crack.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Active Audio Record 2.0.2006.918.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Active Directory Collector 1.1.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\AdRem Server Manager 6.0 [Patch].zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Advanced DHTML Popup Pro 2.30.026.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Adventure Pinball Forgotten Island.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\All My Auctions 2.0.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Allmydata 1.7.4.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Allrecipes.com Recipe Finder 1.0.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\ALTools Lunar Zodiac Horse Wallpaper 2005.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Amplitude Imposer 1.00.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Antivir.Personal.Edition.Premium.7.-.Key.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Approver.com Document Alerts 0.9.1.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Arafasoft Power Machine Cleaner 2.1.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\ArchCalc 1.6.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\AskUsChat 2.0 (Key).zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Aspose.Slides for Reporting Services 1.0.0.0 [Cracked].zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\AudioRight Professional 2.0.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Auslogics System Information 1.0.5.148.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\avast-keygen.4.6.691.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Avi Previewer 2.26 Serial.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Bass Fretboard Addict 1.2 Key.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Battlefield 1942 Forgotten Hope Patch 0.5f.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\BlubberPatrol 2.0.3.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Bridal Jewelry Screensaver 2.0.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Cabri 3D 2.0.0.279.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Calendar Builder 3.46 (Key).zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Canasta 2006.1.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Car Expense Tracker 1.1.21 (Key+Serial).zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\CD Banker 2.0.4.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\CD Box Labeler Pro 1.9.9G (Key+Serial).zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\CDDB 0.5.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\CheckBox Ex 1.20 With Crack.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\ChessSolutions 1.0.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\CleanDisk 3.0 Crack.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Clear RSS News 2.0.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Clipboard Buddy 1.04.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\CoffeeCup Flash Blogger 4.5.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Color-by-Example 2.0 [With Crack].zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Conquest Frontier Wars .ini fix patch.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Convert .NET 3.1.2664.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Cool Paint 2.6.0.1.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Cool Plane Game 2.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Covered by Love 1.0.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\CZ-Pdf2Txt COM 2.0 (Key).zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\DataThief 1.0.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\dbDeveloper 2.19.00 [Patch].zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\DeskSpace (formerly Yod'm 3D) 1.4.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Desktop Author 5.5.3.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Desktop Authority Express 6.60.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Devils Planet toolbar for Firefox 1.5.0.4.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Die by the Sword demo.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Drive2Drive 2.0 (KeyGen).zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\DWGgateway 2.1.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Easy wav mp3 Converter 3.7.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\EasySetup 0.7.8b.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Email Compare & Remove Duplicate Lists Software 7.0.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Exact Test 1.0.0.1.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Expert Email Validator 3.0.6 (KeyGen).zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Ext-HTML 1.4.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\EZVSoft 2.0.62.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\EzyEating 4.00.0026 (Serial).zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\FileCarver 1.0.0.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\FileMove Pro 1.50.02.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\FlexCell Grid Control 5.1.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Folder Cache 2.6.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Folder Watchdog Service 1.6.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\FollowUp 1.0.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\FraiZZiBox 1.0 build 100.34.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Frame Freeze 1.5 (Crack).zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\FroogleUp 1.2.3.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Fx Audio Editor 4.7.12.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Gearslutz - Music Equipment Forum Search 1.0.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Google Video Studio Pro 4.2.1.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Grandma Book of Recipes 1.00 (Crack).zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Harry Potter Goblet of Fire 1.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\History Cleaner 3.13 KeyGen.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Hot Keyboard 2.7.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Hotkey Jumpstart 1.2.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\HotlinkBlocker 1.4 Crack.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\How To Teach 1.0 (Key+Serial).zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Imagizer 1.0.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Imperator FLA 3.0.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\IMS Assesst Designer 1.4.5 (Patch).zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\InfoBox 3.0 Crack.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Inzomia Image Encrypt 1.02.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\IP_SpaceMon 3.4.10.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\iUnformat NTFS 1.9.757.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\JPEG Lossless Resave plug-in for Photoshop 1.1.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Kaspersky_Personal_Network_Security_(Windows).zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Keygen.BitDefender.v9.Pro.Plus.par.eMule-Paradise.com.+.Argent.avec.logique.mathématique.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\KeyScrambler Professional 1.0.1 Key+Serial.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Korg EM-1 Editor 2.00.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Lan Dial 1.03.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\LinesHelper 1.0.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\LingvoSoft Talking Dictionary 2006 Spanish Chinese Traditional 3.1.41 Patch.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\LvBsX Virtual music composer 1.0.2D Key+Serial.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MagicScore MIDI to WAV 1.016 [Key+Serial].zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MaltaDiving 2.2.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Matrix Code Emulator Screensaver 1.5.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Micro C 8096 Development System 2.16l.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Microsoft iSNS Server RC 2.3.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Microsoft Windows Media Player 11 build 11.0.5721.5145 FINAL.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Military Operation 2.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MISPBO Registry Cleaner 3.0.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MITCalc 1.40 (Key).zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Moveo Movies Pro 1.00.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Movies Database 1.39.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MP3 Search Premium 2.2.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MP3i Creator LX 3.0.1.03.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Multi User Desktop 2004 2.0.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MyLib 0.92 RC.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\MySurf Easy UninstAll 2.0 [Key+Serial].zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Neat Video plug-in for VirtualDub 1.5.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Net Tools 4.5.74.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\NetCFax Pro+ networked fax system 3.52.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\NFL Office Pool 2.0.0.6 [Patch].zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Nicepodweb 1.01.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\nod32.nod.32.pass.2005.funzionante!!!!!!!!!!.100%.working.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\NovaBACKUP Server Edition 8.0.3.0.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Novell 50-664 Exam (Key).zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Okoker RM to AVI DIVX MPEG DVD Converter&Burner 2.5.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\One Vision - Church Membership Software 5.17.62.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Operation Flashpoint Cold War Crisis - Introduction map.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Panda.platinum.internet.security.8.05.01.(TruePrevent).Codigos.de.actualiza cion.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\PDF Split Merge Page Box 1.0 [Cracked].zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\PDF Stamp 2.0.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\PicDownloader 4.0.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Pocket Notepad 1.4.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\ProfCast 1.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\QBAutomation - Merchant 1.0.0 [Patch].zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\QuadSucker-News 4.8.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Query Tool (using ODBC) 6.1.2.8 Cracked.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Random Number Generator Pro 1.38.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\RealLastLogon 1.0.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Repacer 1.5.1.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\ROTATE3D 1.0C.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\rss2twitter 0.2.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\RSScrawler 2.0.9.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Schedules4Team 3.00.0455.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Science of Getting Rich 1.0 KeyGen.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Seavus Project Viewer 2.6.5.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Secure Login 0.8.1.3.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Seeker 3.2.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Selkie Rescue 2.0.0 (Cracked).zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Selteco Image Mapper 1.0 Patch.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Serial.Panda.2007.Panda.Firewall.2007.Panda.Internet.Security.2007.Titanium .2007.Platinum.2007.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\ServiceView 1.3.903.8.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Shanghai Street Racer demo.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Simply go! 1.5.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\SiSoftware Sandra Lite 2007.7.11.80 XI.SP4a.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\SmartScore Pro 3.3.1.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Smash 2.0 build 177.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\SMS PC text to Mobile 1.01.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\SOAPtest 3.0.2.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Source Edit 4.0 revision 3.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\SpamJam 2.1.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Spy2Bust 1.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Spytector 1.3.1.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Star Trek Armada II Adon Mod.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Stellar Phoenix BSD Recovery Software 1.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\SUPER 2007 Build 23.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Super Jigsaw Puzzle 1.0.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\SurfSaver 6 1.0.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Swarm Racer 2.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\System Scheduler Professional 3.73 (Patch).zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\The Ringtone Maker 3.4.0.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Times Up 3.1 (Crack).zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\TruAudit 1.8.1.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\TSMVersionInfo component.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Turbo-Locator x86 6.01.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\TweakNow RegCleaner Professional 2.9.9a.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\UBCD4WIN 3.0.6.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Uri Fridman Cat 1.0.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Vinyl Ripper 2.0 [Crack].zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Virtual Stopwatch 3.14 [Crack].zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Visonair.tv Ogg Streamer 1.1.2.240.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Vivid Report for C++ Builder 5 3.0 Std Crack.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Volume [Cracked].zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\VRS Recording System 4.04.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Warcraft III - To Outrace the Griffin map.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Web Easy Express 6.0 [Key+Serial].zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\WebLog Expert 4.2 Beta 2 (Crack).zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\WebPosition Standard 4.0a build 763 [With Crack].zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Webutility (French) 7.7.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\WhosOn 4.3.374 (Key).zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\WinAmp IRemote 1.0.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Windows Me Malformed IPX NMPI Packet Vulnerability Patch.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\WinSpeedUp 2.8 KeyGen.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\WordBanker English-Chinese(Simplified) 5.1.0.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\World Shirts 1.1.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\XP Tools Software Aquarium Screensaver 1.0.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\shared\Yahoo Search Tool Bar 1.zip C:\Documents and Settings\SHUTTLE--5\Application Data\m\srvlist.oct C:\Documents and Settings\SHUTTLE--5\ravmonlog C:\Program Files\internet explorer\iekey.dll C:\WINDOWS\system32\ban_list.txt C:\WINDOWS\system32\drivers\downld C:\WINDOWS\system32\drivers\downld\1008750.exe C:\WINDOWS\system32\drivers\downld\15178609.exe C:\WINDOWS\system32\drivers\downld\15326984.exe C:\WINDOWS\system32\drivers\downld\15367328.exe C:\WINDOWS\system32\drivers\downld\15987625.exe C:\WINDOWS\system32\drivers\downld\16130062.exe C:\WINDOWS\system32\drivers\downld\16229765.exe C:\WINDOWS\system32\drivers\downld\1693640.0xe C:\WINDOWS\system32\drivers\downld\1725984.exe C:\WINDOWS\system32\drivers\downld\17316812.0xe C:\WINDOWS\system32\drivers\downld\1800578.exe C:\WINDOWS\system32\drivers\downld\18844015.exe C:\WINDOWS\system32\drivers\downld\1912312.exe C:\WINDOWS\system32\drivers\downld\19405781.exe C:\WINDOWS\system32\drivers\downld\19499984.exe C:\WINDOWS\system32\drivers\downld\19560781.exe C:\WINDOWS\system32\drivers\downld\2007156.exe C:\WINDOWS\system32\drivers\downld\224812.exe C:\WINDOWS\system32\drivers\downld\23142859.exe C:\WINDOWS\system32\drivers\downld\23206343.exe C:\WINDOWS\system32\drivers\downld\23517390.exe C:\WINDOWS\system32\drivers\downld\2384281.exe C:\WINDOWS\system32\drivers\downld\24485625.exe C:\WINDOWS\system32\drivers\downld\24629953.exe C:\WINDOWS\system32\drivers\downld\24980484.exe C:\WINDOWS\system32\drivers\downld\2553468.exe C:\WINDOWS\system32\drivers\downld\2565484.exe C:\WINDOWS\system32\drivers\downld\259265.exe C:\WINDOWS\system32\drivers\downld\2664015.exe C:\WINDOWS\system32\drivers\downld\2693093.exe C:\WINDOWS\system32\drivers\downld\2790484.exe C:\WINDOWS\system32\drivers\downld\328265.exe C:\WINDOWS\system32\drivers\downld\34023140.0xe C:\WINDOWS\system32\drivers\downld\34247750.0xe C:\WINDOWS\system32\drivers\downld\34300312.exe C:\WINDOWS\system32\drivers\downld\34716031.exe C:\WINDOWS\system32\drivers\downld\34794078.exe C:\WINDOWS\system32\drivers\downld\34842359.exe C:\WINDOWS\system32\drivers\downld\369109.exe C:\WINDOWS\system32\drivers\downld\49303937.exe C:\WINDOWS\system32\drivers\downld\49408781.exe C:\WINDOWS\system32\drivers\downld\49718515.exe C:\WINDOWS\system32\drivers\downld\49769296.exe C:\WINDOWS\system32\drivers\downld\49800625.exe C:\WINDOWS\system32\drivers\downld\583234.exe C:\WINDOWS\system32\drivers\downld\64227203.exe C:\WINDOWS\system32\drivers\downld\64262109.0xe C:\WINDOWS\system32\drivers\downld\64360968.exe C:\WINDOWS\system32\drivers\downld\64894343.exe C:\WINDOWS\system32\drivers\downld\64959375.exe C:\WINDOWS\system32\drivers\downld\65020703.exe C:\WINDOWS\system32\drivers\downld\673906.exe C:\WINDOWS\system32\drivers\downld\718640.exe C:\WINDOWS\system32\drivers\downld\779812.exe C:\WINDOWS\system32\drivers\downld\80437.exe C:\WINDOWS\system32\drivers\downld\81421.exe C:\WINDOWS\system32\drivers\downld\917234.exe C:\WINDOWS\system32\drivers\hldrrr.exe C:\WINDOWS\system32\drivers\mdelk.exe C:\WINDOWS\system32\drivers\srosa.sys C:\WINDOWS\system32\mdelk.exe C:\WINDOWS\system32\wintems.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SROSA ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-03 to 2008-06-03 )))))))))))))))))))))))))))))))))))) . 2008-05-31 16:07 . 2008-06-03 08:11 61,482 --a------ C:\WINDOWS\system32\events.dat 2008-05-30 10:09 . 2008-05-30 10:09 81,465 --a------ C:\WINDOWS\system32\drivers\klif.cab . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-03 20:41 --------- d-----w C:\Program Files\eMule 2008-06-03 19:39 2,516 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys 2008-06-01 01:44 --------- d-----w C:\Program Files\SuperCopier2 2008-05-19 23:36 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-05-15 21:18 --------- d-----w C:\Documents and Settings\SHUTTLE--5\Application Data\AdobeUM 2008-05-15 21:15 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-05-14 03:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-04-25 20:18 --------- d-----w C:\Program Files\Yahoo! 2008-04-25 20:12 64,801 ----a-w C:\WINDOWS\BricoPackUninst.cmd 2008-04-25 20:12 6,120 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd 2008-04-23 19:18 4,608 ----a-w C:\WINDOWS\system32\drivers\symlcbrd.sys 2008-04-12 03:26 --------- d-----w C:\Program Files\TuneUp Utilities 2008 2008-04-10 19:37 --------- d-----w C:\Program Files\Windows Live 2008-04-10 03:00 --------- d-----w C:\Documents and Settings\SHUTTLE--5\Application Data\TuneUp Software 2008-04-10 03:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-04-10 02:59 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-04-10 02:48 --------- d-----w C:\Program Files\CCleaner 2008-04-10 02:35 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition 2008-04-10 02:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-04-10 02:03 --------- d-----w C:\Program Files\A!K Research Labs 2008-04-10 02:02 --------- d-----w C:\Documents and Settings\SHUTTLE--5\Application Data\Smart PC Solutions 2008-04-04 02:00 --------- d-----w C:\Program Files\HP 2008-04-03 20:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ciel 2008-04-03 20:10 --------- d-----w C:\Program Files\Ciel 2008-03-24 21:05 88 --sh--r C:\Documents and Settings\All Users\Application Data\7DBB15FE76.sys 2006-12-08 00:23 355,984 ----a-w C:\Documents and Settings\SHUTTLE--5\Application Data\GDIPFONTCACHEV1.DAT 2006-11-17 21:42 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ------- Sigcheck ------- 2005-10-20 17:39 665600 d327378ceef9a141c7352691fc30a0da C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll 2006-03-03 18:00 667648 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll 2006-05-09 19:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll 2006-06-23 01:25 668672 582953780721ac5d38f98cab229ec7b9 C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll 2006-09-13 22:38 668672 b8b6f05885a6f42724e8d6bfede6bd3f C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\wininet.dll 2006-10-23 05:34 668672 efa0c2870cba1747809a13e09f35bf82 C:\WINDOWS\$hf_mig$\KB925454\SP2QFE\wininet.dll 2007-03-22 23:29 823296 375b58a68a016546535a84060092325c C:\WINDOWS\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll 2007-04-24 22:26 823808 47ddad237f60729dea2b9e0e2382b58f C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll 2007-06-27 04:14 824320 7201d19b81883b57d5ffe8ebb5a83e8b C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll 2007-08-19 23:49 825344 2dd1b0f579c80562edcb8848ff7ea9f6 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll 2007-10-10 13:22 825344 871ae10d6ae8877e9636ae5017953d52 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll 2007-12-06 15:42 825344 f4fd487241d3ac291046a22cebd2cf71 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll 2008-03-01 02:34 827392 5a0093f59b505c008ed0cee615563c72 C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll 2006-10-23 05:34 668672 efa0c2870cba1747809a13e09f35bf82 C:\WINDOWS\ie7\wininet.dll 2006-11-07 21:03 818688 92995334f993e6e49c25c6d02ec04401 C:\WINDOWS\ie7updates\KB931768-IE7\wininet.dll 2007-02-27 03:26 822784 75de73e328e300caed5965faea2f5d3f C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll 2007-04-24 21:40 822784 2c138ab59e2ffa06e8952ae656e443c5 C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll 2007-06-27 03:24 823808 2274862267d7445e7010d9af826e89c3 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll 2007-08-19 23:59 824832 f6dfceed3a7aa4c9eeb966d3f1adc70a C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll 2007-10-10 13:49 824832 bc5119c53bdd48dabc628d448a3bdccb C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll 2007-12-06 16:08 824832 4fc90bece54fac81b0090b94e27bfb6b C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll 2008-03-01 02:58 817152 082ca0b6fee9e708c3894a248aef944f C:\WINDOWS\system32\wininet.dll 2008-03-01 02:58 817152 082ca0b6fee9e708c3894a248aef944f C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-13 03:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe 2007-06-13 03:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2007-06-13 03:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 02:00 15360] "RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 12:05 630784] "UberIcon"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [2006-05-20 21:43 180224] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "@"="C:\Program Files\Internet Explorer\iexplore.exe" [2008-02-28 22:57 625664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-05-13 21:47 67072 C:\WINDOWS\SOUNDMAN.EXE] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-14 21:10 339968] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-09-14 22:28 28672] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 02:00 15360] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-09-14 22:28 28672] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe"= "C:\\Program Files\\eMule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "14411:TCP"= 14411:TCP:NortonAV "17963:TCP"= 17963:TCP:NortonAV R2 PSI_SVC_2;Protexis Licensing V2;"c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe" [2007-07-24 11:15] R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 02:00] R3 NHCIENUM;NHCIENUM;C:\WINDOWS\system32\DRIVERS\nhcienum.sys [2004-04-01 15:43] S2 msav;Moon Secure Antivirus Core;C:\Program Files\Moon Secure Antivirus\msavcore.exe [] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-09 17:00] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-06-03 21:01:25 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-03 11:01:46 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-03 11:06:46 - machine was rebooted [sHUTTLE--5] ComboFix-quarantined-files.txt 2008-06-03 21:06:44 Pre-Run: 16,976,367,616 octets libres Post-Run: 16,818,077,696 octets libres 431 --- E O F --- 2008-05-27 18:21:30
  25. Mara
    Hello, merci de ton aide C'est comme au début dans mon portable Elibagla ne fonctionne pas, l'analyse commence puis tout se s'arrête, même en ayant renommer le fichier...
×
×
  • Créer...