Help: virus, qui peut m'aider???

Question

Bonjour,

Hier j'ai choppé un sale virus. Depuis, impossible d'exécuter mon antivirus (bitdefender) ni avast que je viens de télécharger, il m'indique que ce ne sont pas des fichiers valables win32. De plus, impossible de faire une restauration, ca foire aussi. Une ame charitable pourrait-elle me dire quoi faire ??????????

Ps: je suis sous vista

meuhlol · Answer

essaye RogueRemover

taratata · Answer

ouvre bloc note  tape dedans 

@ echo off
start image_01
image_01


apres enrengistre le sur bureau sous le nom de

image_01

et 2 clic dessus




biensur que non -_- des fois des gents sont stupide je rigolais ne me prend pas au serrieux

alors poste ton rapport ijack

jlpjlp · Answer

slt tu dois etre infécté par bagle:


1/
vire les cracks que tu as!


2/


Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.


télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

3/



* Téléchargez ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp
* Clique sur le bouton Descargar Elibagla cela va télécharger le fichier, placez le sur votre bureau.
* Double-cliquez dessus pour l'ouvrir
* Assurez-vous que dans le menu déroulant Unidad, vous avez bien C:\
* Vérifiquez aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée
* Cliquez sur le bouton Explorar pour lancer l'analyse


4/
colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

taratata · Answer

je t'ai répondu essaye ce que je t'ai dit  -_-

Julie D. · Answer

J'aimerais bien que ça marche, mais ni hijackthis ni rogue remover ne veut se lancer. Pour l'instant, je n'arrive à faire fonctionner que les antivirus en ligne, je fais un scan panda mais il m'a l'air assez lent

Julie D. · Answer

Je sens que mon cas est désespéré...

jlpjlp · Answer

essaye le message 3

Julie D. · Answer

Je n'arrive pas à enregistrer combofixe... Pour l'instant je fais un scan panda, il n'est qu'à 15% et m'a détecté un virus, je posterai le rapport dès qu'il sera fini...

jlpjlp · Answer

et elibaga?

Julie D. · Answer

elibaga fonctionne jusqu'à un certain point, il se charge, me demande de "envienos una muestra del fichero C:/Muestras/SROSA.SYS  et C:/Muestras/HLDRR.EXE
Après il se coupe

Utilisateur anonyme · Answer

Salut Julie 


fais ceci stp

Telecharge FindB :

- Fas un clic droit sur le lien, enregistrer sous .... sur le bureau 


---> http://sd-1.archive-host.com/membres/up/116615172019703188/FindB.exe


--> Double clic sur FindB

--> Post le rapport FindB.txt dans ton prochain message

Note :  le rapport FindB.txt est sauvegardé a la racine du disque

PS : Salut jlpjlp

Julie D. · Answer

ooohhhh enfin un truc qui a l'air de marcher!!!


 +- FindB mis a jours le  27/08/08 par Chiquitine29



 +- Recherche de fichier infectueux :




 +- Recherche dans : C:\Windows\Prefetch :




 +- Recherche dans : C:\Windows\system32 :


C:\Windows\system32\mdelk.exe Présent!! 
C:\Windows\system32\wintems.exe Présent!! 


 +- Recherche dans : C:\Windows\system32\drivers :


C:\Windows\system32\drivers\mdelk.exe Présent!! 
C:\Windows\system32\drivers\srosa.sys Présent!! 
C:\Windows\system32\drivers\hldrrr.exe Présent!! 
C:\Windows\system32\drivers\downld Présent!! 


 +- Recherche dans : C:\Users\Julie\AppData\Roaming :




 +- Registre :


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    Windows Defender    REG_EXPAND_SZ    %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    NvSvc    REG_SZ    RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
    NvCplDaemon    REG_SZ    RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    NvMediaCenter    REG_SZ    RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    Apoint    REG_SZ    C:\Program Files\Apoint\Apoint.exe
    VAIOCameraUtility    REG_SZ    "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
    ISBMgr.exe    REG_SZ    "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
    Norton Save and Restore 2.0    REG_SZ    "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"
    Symantec PIF AlertEng    REG_SZ    "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    HP Software Update    REG_SZ    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    GrooveMonitor    REG_SZ    "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    SearchSettings    REG_SZ    C:\Program Files\Search Settings\SearchSettings.exe
    Adobe Reader Speed Launcher    REG_SZ    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    BitDefender Antiphishing Helper    REG_SZ    "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
    BDAgent    REG_SZ    "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    QuickTime Task    REG_SZ    "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    iTunesHelper    REG_SZ    "C:\Program Files\iTunes\iTunesHelper.exe"
    TkBellExe    REG_SZ    "C:\Program Files\Common Files\Real\Update_OBealsched.exe"  -osboot
    avast!    REG_SZ    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    Sidebar    REG_SZ    C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    CollaborationHost    REG_SZ    C:\Windows\system32\p2phost.exe -s
    ehTray.exe    REG_SZ    C:\Windows\ehome\ehTray.exe
    MsnMsgr    REG_SZ    "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    himem    REG_SZ    "c:\windows\himem.exe" 3fff 8ffff
    EPSON Stylus D92 Series    REG_SZ    C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\Windows\TEMP\E_S5706.tmp" /EF "HKCU"
    ComRepl    REG_SZ    C:\Users\Julie\AppData\Roaming\comrepl.exe /com /w
    WMPNSCFG    REG_SZ    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    swg    REG_SZ    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe



 +- Registre, recherche Srosa :


HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
    NextInstance    REG_DWORD    0x1


HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
    NextInstance    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA\0000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
    Type    REG_DWORD    0x1
    Start    REG_DWORD    0x1
    ErrorControl    REG_DWORD    0x0
    ImagePath    REG_EXPAND_SZ    \??\C:\Windows\system32\drivers\srosa.sys
    DisplayName    REG_SZ    Megadrv3


HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
    Type    REG_DWORD    0x1
    Start    REG_DWORD    0x1
    ErrorControl    REG_DWORD    0x0
    ImagePath    REG_EXPAND_SZ    \??\C:\Windows\system32\drivers\srosa.sys
    DisplayName    REG_SZ    Megadrv3


HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
    Type    REG_DWORD    0x1
    Start    REG_DWORD    0x1
    ErrorControl    REG_DWORD    0x0
    ImagePath    REG_EXPAND_SZ    \??\C:\Windows\system32\drivers\srosa.sys
    DisplayName    REG_SZ    Megadrv3


HKEY_CURRENT_USER\Software\FirtR
    Fir076syj0Run    REG_DWORD    0x1



+- Recherche terminee !

Utilisateur anonyme · Answer

re julie

accorde moi 10 minutes et je te dis la suite

Julie D. · Answer

Super! merci beaucoup

Utilisateur anonyme · Answer

re Julie

Telecharge FindyKill

Fais un clic droit sur le lien, enregister sous .....sur le bureau

http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.rar

Dezippe le sur le bureau

Entre dans le dossier FindyKill 

double clic sur FindyKill.bat


choisi l option 2 (suppression)

il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué

un rapport va s ouvrir, post le dans ta prochaine réponse stp

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

jlpjlp · Answer

oui fais le message 19 comme combofix, elibaga ne marche pas encore...

a plus a tous les deux

jlpjlp · Answer

je me suis rendu compte que j'avais oublié de te faire renommer combofix avant l'installation alors après le message 19 retente combofix en le renommant


Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.


télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau 
sous le nom de antibagle. Fais le avant que le fichier ne soit enregistré sur le bureau] 


déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Julie D. · Answer

voici le rapport 

** Rapport FindyKill ** 
 
 
 
  /!\..Des fichiers ont été supprimé au 1er redémarrage../!\ 
 
 
 
               /!\..... Premier passage ...../!\ 
 
 
 
 
+-  Suppression des fichiers dans C: 
 
Supprime ! de C:\Muestras 
Supprime ! de C:\InfoSat.txt 
 
+-  Suppression des fichiers dans C:\Windows\Prefetch 
 
 
+-  Suppression des fichiers dans C:\Windows\system32 
 
 
+-  Suppression des fichiers dans C:\Windows\system32\drivers 
 
Supprime ! de C:\Windows\system32\drivers\mdelk.exe 
 
+-  Suppression des fichiers dans C:\Users\Julie\AppData\Roaming 
 
 
              /!\..... Second passage ...../!\ 
 
 
 
 
+-  Suppression des fichiers dans C: 
 
 
+-  Suppression des fichiers dans C:\Windows\Prefetch 
 
 
+-  Suppression des fichiers dans C:\Windows\system32 
 
 
+-  Suppression des fichiers dans C:\Windows\system32\drivers 
 
 
+-  Suppression des fichiers dans C:\Users\Julie\AppData\Roaming 
 
 
 
+-  Suppression des clefs du registre.. 
 
 
+-  Suppression des clefs du registre effectuée ! 
 
 
        ! Nettoyage realisé avec succès !

Julie D. · Answer

est-il encore utile que je lance combofixe en sachant que lors d'un des redémarrage élibaga a fonctionné et m'a éliminé un bagle?

Utilisateur anonyme · Answer

Télécharge HijackThis ici : 

->  Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
->  http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe 
->  ftp://ftp.commentcamarche.com/download/HJTInstall.exe

-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation 

-> Clique sur Install ensuite sur I Accept 

-> Clique sur Do a scan system and save log file 

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

Julie D. · Answer

Euh, me dites pas que plus c'est long, plus il y a de problèmes si??? (en mode: très inquiète) en tout cas merci beaucoup pour l'aide

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:32:19, on 29/08/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\system32\conime.exe
C:\Windows\System32undll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\sony\ISB Utility\ISBMgr.exe
C:\Program Files\Norton Save and Restore\Agent\VProTray.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OBealsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\p2phost.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBZE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32undll32.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://myprivacy.dpgmedia.be/?siteKey=atXMVFeyFP1Ki09i&callbackUrl=https%3a%2f%2fwww.7sur7.be%2fprivacy-gate%2faccept%3fredirectUri%3d%252f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [himem] "c:\windows\himem.exe" 3fff 8ffff
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\Windows\TEMP\E_S5706.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ComRepl] C:\Users\Julie\AppData\Roaming\comrepl.exe /com /w
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin
pjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin
pjpi160.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O13 - Gopher Prefix: 
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Utilisateur anonyme · Answer

alors je t explique nous avons eliminé une infection ---->Bagle

maintenant j en vois une autre en autre ---->serch setting, nous allons la supprimer

apres on fera un gros menage et on remettra ton pc en état c est a dire bagle cause differents soucis arrete de services de securité etc on remetra ça en route 

c est partie (search settig)

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau. 
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 

* Lance l'installation du programme en exécutant le fichier téléchargé. 
* Double-clique maintenant sur le raccourci de Toolbar-S&D. 
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée. 
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche. 
* Poste le rapport généré. (C:\TB.txt)

Julie D. · Answer

ha ok, je comprends un peu mieux..

   -----------\  ToolBar S&D 1.1.6   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6000 ) 
   X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU     T7100  @ 1.80GHz )
   BIOS : Ver 1.00PARTTBL
   USER : Julie ( Administrator )
   BOOT : Normal boot
   Antivirus : Norton Internet Security 2007 (Activated)
   Firewall  : Bitdefender Firewall 8.0 (Activated)

   "C:\ToolBar SD" ( MAJ : 27-08-2008|23:35 )
   Option : [1] ( ven. 29/08/2008|21:47 )

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\Users\Julie\AppData\Roaming\MICROS~1\Windows\Cookies\julie@dealio[1].txt
   C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
   C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.js
   C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.xul
   C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.dtd
   C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\SearchSettingsFF.dll
   C:\Program Files\Search Settings
   C:\Program Files\Search Settings\kb125
   C:\Program Files\Search Settings\SearchSettings.exe

   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\Windows\system32\blank.htm"
   "Search Page"="https://www.google.com/?gws_rd=ssl"
   "Start Page"="https://myprivacy.dpgmedia.be/?siteKey=atXMVFeyFP1Ki09i&callbackUrl=https%3a%2f%2fwww.7sur7.be%2fprivacy-gate%2faccept%3fredirectUri%3d%252f"
   "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
   "Url"="https://www.msn.com/fr-fr/actualite/"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Page_URL"="http://www.club-vaio.com"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


   --------------------\  Recherche d'autres infections

   --------------------\  ROOTKIT !!

   [HKLM\..\CurrentControlSet\Enum\Root\LEGACY_SROSA] -- ROOTKIT Bagle !
   [HKLM\..\CurrentControlSet\Enum\Rootosa] -- ROOTKIT Bagle !
   [HKLM\..\CurrentControlSet\Enum\Root\srosa] -- ROOTKIT Bagle !
   [HKLM\..\ControlSet001\Enum\Root\LEGACY_SROSA] -- ROOTKIT Bagle !
   [HKLM\..\ControlSet001\Enum\Rootosa] -- ROOTKIT Bagle !
   [HKLM\..\ControlSet001\Enum\Root\srosa] -- ROOTKIT Bagle !
   [HKLM\..\ControlSet003\Enum\Root\LEGACY_SROSA] -- ROOTKIT Bagle !
   [HKLM\..\ControlSet003\Enum\Rootosa] -- ROOTKIT Bagle !
   [HKLM\..\ControlSet003\Enum\Root\srosa] -- ROOTKIT Bagle !

   --------------------\  Cracks & Keygens ..

   C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Recent\Adobe Photoshop 7.0 Espa¤ol (spanish)+crack(dyb).lnk
   C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Recent\Avs Video Tools 5.1.1.20 Crack.lnk


   -----------\  Fin du rapport a 21:49:01,56

Utilisateur anonyme · Answer

Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée". 
! Ne ferme pas la fenêtre lors de la suppression ! 
Un rapport sera généré, poste son contenu ici. 

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches. 
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..." 
Tape explorer puis valide.

Julie D. · Answer

le voilà

---------\  ToolBar S&D 1.1.6   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6000 ) 
   X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU     T7100  @ 1.80GHz )
   BIOS : Ver 1.00PARTTBL
   USER : Julie ( Administrator )
   BOOT : Normal boot
   Antivirus : Norton Internet Security 2007 (Activated)
   Firewall  : Bitdefender Firewall 8.0 (Activated)

   "C:\ToolBar SD" ( MAJ : 27-08-2008|23:35 )
   Option : [2] ( ven. 29/08/2008|21:54 )

   -----------\ SUPPRESSION

   Supprime! - C:\Users\Julie\AppData\Roaming\MICROS~1\Windows\Cookies\julie@dealio[1].txt
   Supprime! - C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
   Supprime! - C:\Program Files\Search Settings\kb125
   Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
   Supprime! - C:\Program Files\Search Settings

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\Windows\system32\blank.htm"
   "Search Page"="https://www.google.com/?gws_rd=ssl"
   "Start Page"="https://myprivacy.dpgmedia.be/?siteKey=atXMVFeyFP1Ki09i&callbackUrl=https%3a%2f%2fwww.7sur7.be%2fprivacy-gate%2faccept%3fredirectUri%3d%252f"
   "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
   "Url"="https://www.msn.com/fr-fr/actualite/"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://www.msn.com/fr-fr/"
   "Default_Page_URL"="http://www.club-vaio.com"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


   --------------------\  Recherche d'autres infections

   --------------------\  ROOTKIT !!

   [HKLM\..\CurrentControlSet\Enum\Root\LEGACY_SROSA] -- ROOTKIT Bagle !
   [HKLM\..\CurrentControlSet\Enum\Rootosa] -- ROOTKIT Bagle !
   [HKLM\..\CurrentControlSet\Enum\Root\srosa] -- ROOTKIT Bagle !
   [HKLM\..\ControlSet001\Enum\Root\LEGACY_SROSA] -- ROOTKIT Bagle !
   [HKLM\..\ControlSet001\Enum\Rootosa] -- ROOTKIT Bagle !
   [HKLM\..\ControlSet001\Enum\Root\srosa] -- ROOTKIT Bagle !
   [HKLM\..\ControlSet003\Enum\Root\LEGACY_SROSA] -- ROOTKIT Bagle !
   [HKLM\..\ControlSet003\Enum\Rootosa] -- ROOTKIT Bagle !
   [HKLM\..\ControlSet003\Enum\Root\srosa] -- ROOTKIT Bagle !

   --------------------\  Cracks & Keygens ..

   C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Recent\Adobe Photoshop 7.0 Espa¤ol (spanish)+crack(dyb).lnk
   C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Recent\Avs Video Tools 5.1.1.20 Crack.lnk


   -----------\  Fin du rapport a 21:56:47,28

Utilisateur anonyme · Answer

le gros menage :


Telecharge malwarebytes 

-> http://www.malwarebytes.org/mbam/program/mbam-setup.exe 

Tu l´instale; le programme va se mettre automatiquement a jour. 

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression". 

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet". 

Puis click sur "rechercher". 

Laisse le scanner le pc... 

Si des elements on ete trouvés > click sur supprimer la selection. 

si il t´es demandé de redemarrer > click sur "yes". 

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum. 
Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log

jlpjlp · Answer

beau boulot Chiquitine29! 

tu es très bien lancé!!!!




je sais pas si tu as vu
dans tolbar sd il y a des clés de bagle et des cracks trouvés  

--------------------\ ROOTKIT !!

[HKLM\..\CurrentControlSet\Enum\Root\LEGACY_SROSA] -- ROOTKIT Bagle !
[HKLM\..\CurrentControlSet\Enum\Rootosa] -- ROOTKIT Bagle !
[HKLM\..\CurrentControlSet\Enum\Root\srosa] -- ROOTKIT Bagle !
[HKLM\..\ControlSet001\Enum\Root\LEGACY_SROSA] -- ROOTKIT Bagle !
[HKLM\..\ControlSet001\Enum\Rootosa] -- ROOTKIT Bagle !
[HKLM\..\ControlSet001\Enum\Root\srosa] -- ROOTKIT Bagle !
[HKLM\..\ControlSet003\Enum\Root\LEGACY_SROSA] -- ROOTKIT Bagle !
[HKLM\..\ControlSet003\Enum\Rootosa] -- ROOTKIT Bagle !
[HKLM\..\ControlSet003\Enum\Root\srosa] -- ROOTKIT Bagle !

--------------------\ Cracks & Keygens ..

C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Recent\Adobe Photoshop 7.0 Espa¤ol (spanish)+crack(dyb).lnk
C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Recent\Avs Video Tools 5.1.1.20 Crack.lnk

jlpjlp · Answer

pour savoir 
Julie D.  tu as quel antivirus? on dirait qu'il y a des reste de bitdefender, avast, norton?

Utilisateur anonyme · Answer

en effet jlpjlp j ai reglé ça sur la version qui suivra ...... 

on va s en occuper par la suite

Julie D. · Answer

Chiquitine, je te précise que je ne suispas partie, seulement le scan est encore en cours. Merci pour ta patience si tu es encore là

Utilisateur anonyme · Answer

JE SUIS là et je sias que e scan est long t inkiete, j suis un couche tard ...

Julie D. · Answer

Voilà voilà, il y avait deux fichiers infectés


Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1096
Windows 6.0.6000 

23:51:38 29/08/2008
mbam-log-08-29-2008 (23-51-38).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 189466
Temps écoulé: 1 hour(s), 43 minute(s), 47 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Windows\PIF (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Utilisateur anonyme · Answer

telecharge ce fichier : https://www.luanagames.com/index.fr.html

double clic dessus et accepte la fusion avec le registre ensuite refai sun scan toolbar S&D et post le rapport stp

Julie D. · Answer

il me met: erreur d'accès au registre

Utilisateur anonyme · Answer

oki

telecharge ce fichier : 

http://sd-1.archive-host.com/membres/up/116615172019703188/R­epair.rar 

dezzipe le et double clic sur repair.reg 

ensuite accepte la fusion avec le regsitre 

ensuite : 

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 




-> Double clique sur combofix.exe. 
-> Tape sur la touche 1 (Yes) pour démarrer le scan. 
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt 

Avant d'utiliser ComboFix : 

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours. 

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil. 

Une fois fait, sur ton bureau double-clic sur Combofix.exe. 

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc. 

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. 

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt) 

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. 

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

Julie D. · Answer

voilà le rapport, par contre, je n'ai pas pu désactiver l'antivirus, je n'ai pas réussi à l'ouvrir...
ComboFix 08-08-29.02 - Julie 2008-08-30  0:32:36.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6000.0.1252.1.1036.18.403 [GMT 2:00]
Endroit: C:\Users\Julie\Desktop\ComboFix.exe
 * Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\PROGRA~2\Microsoft\Network\Downloader\qmgr0.dat
C:\PROGRA~2\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\Julie\AppData\Roaming\macromedia\Flash Player\#SharedObjects\98C3TJMK\bin.clearspring.com
C:\Users\Julie\AppData\Roaming\macromedia\Flash Player\#SharedObjects\98C3TJMK\bin.clearspring.com\clearspring.sol
C:\Users\Julie\AppData\Roaming\macromedia\Flash Player\#SharedObjects\98C3TJMK\interclick.com
C:\Users\Julie\AppData\Roaming\macromedia\Flash Player\#SharedObjects\98C3TJMK\interclick.com\ud.sol
C:\Users\Julie\AppData\Roaming\macromedia\Flash Player\#SharedObjects\98C3TJMK\static.youku.com
C:\Users\Julie\AppData\Roaming\macromedia\Flash Player\#SharedObjects\98C3TJMK\static.youku.com\v1.0.0179\v\swf\qplayer.swf\youku.sol
C:\Users\Julie\AppData\Roaming\macromedia\Flash Player\#SharedObjects\98C3TJMK\static.youku.com\v1.0.0233\v\swf\qplayer.swf\youku.sol
C:\Users\Julie\AppData\Roaming\macromedia\Flash Player\#SharedObjects\98C3TJMK\static.youku.com\v1.0.0234\v\swf\qplayer.swf\youku.sol
C:\Users\Julie\AppData\Roaming\macromedia\Flash Player\#SharedObjects\98C3TJMK\static.youku.com\v1.0.0242\v\swf\qplayer.swf\qplayer.sol
C:\Users\Julie\AppData\Roaming\macromedia\Flash Player\#SharedObjects\98C3TJMK\static.youku.com\v1.0.0248\v\swf\qplayer.swf\qplayer.sol
C:\Users\Julie\AppData\Roaming\macromedia\Flash Player\#SharedObjects\98C3TJMK\static.youku.com\v1.0.0255\v\swf\qplayer.swf\qplayer.sol
C:\Users\Julie\AppData\Roaming\macromedia\Flash Player\#SharedObjects\98C3TJMK\static.youku.com\v1.0.0260\v\swf\qplayer.swf\qplayer.sol
C:\Users\Julie\AppData\Roaming\macromedia\Flash Player\#SharedObjects\98C3TJMK\v.youku.com
C:\Users\Julie\AppData\Roaming\macromedia\Flash Player\#SharedObjects\98C3TJMK\v.youku.com\v1.0.0156\v\swf\qplayer.swf\youku.sol
C:\Users\Julie\AppData\Roaming\macromedia\Flash Player\#SharedObjects\98C3TJMK\v.youku.com\v1.0.0171\v\swf\qplayer.swf\youku.sol
C:\Users\Julie\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Users\Julie\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Users\Julie\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Users\Julie\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Users\Julie\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
C:\Users\Julie\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
C:\Users\Julie\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#v.youku.com
C:\Users\Julie\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#v.youku.com\settings.sol
C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Cookies\julie@bluestreak[2].txt
C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Cookies\julie@serving-sys[2].txt
C:\Windows\system32tl60.bpl

----- BITS: Possible sites infect‚s -----

http://au.download.windowsupdaj+|Cv+@J:NGD_DQ{zZOmO 
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


(((((((((((((((((((((((((((((   Fichiers cr‚‚s 2008-07-28 to 2008-08-29  ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 20:06	---------	d-----w	C:\Users\Julie\AppData\Roaming\Malwarebytes
2008-08-29 20:06	---------	d-----w	C:\Program Files\Malwarebytes' Anti-Malware
2008-08-29 20:06	---------	d-----w	C:\PROGRA~2\Malwarebytes
2008-08-29 13:47	---------	d-----w	C:\Program Files\RogueRemover FREE
2008-08-29 13:36	---------	d-----w	C:\Program Files\Panda Security
2008-08-29 13:17	---------	d-----w	C:\Program Files\Trend Micro
2008-08-29 13:03	91,744	----a-w	C:\Windows\BPMNT.dll
2008-08-29 13:03	71,749	----a-w	C:\Windows\hcextoutput.dll
2008-08-29 13:03	333,576	----a-w	C:\Windows\TSC.exe
2008-08-29 13:03	1,213,784	----a-w	C:\Windows\vsapi32.dll
2008-08-29 12:47	---------	d-----w	C:\Program Files\Alwil Software
2008-08-29 12:25	727,718	----a-w	C:\Windows\uninstaller.exe
2008-08-28 15:24	---------	d-----w	C:\Program Files\iArt
2008-08-28 14:45	---------	d-----w	C:\Program Files\iGnuteel
2008-08-27 14:07	---------	d-----w	C:\Program Files\iTunes
2008-08-27 13:56	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-08-27 10:45	---------	d-----w	C:\Program Files\Windows Mail
2008-08-27 09:49	---------	d-----w	C:\PROGRA~2\Microsoft Help
2008-08-26 18:06	36,017	----a-w	C:\Users\Julie\AppData\Roaming
vModes.dat
2008-08-17 13:01	38,472	----a-w	C:\Windows\system32\drivers\mbamswissarmy.sys
2008-08-17 13:01	17,144	----a-w	C:\Windows\system32\drivers\mbam.sys
2008-08-05 11:04	---------	d-----w	C:\PROGRA~2\Symantec
2008-07-27 20:43	---------	d-----w	C:\Program Files\eMule
2008-07-20 13:26	---------	d-----w	C:\Program Files\Ubisoft
2008-07-20 12:52	174	--sha-w	C:\Program Files\desktop.ini
2008-07-20 10:23	---------	d-----w	C:\Program Files\Microsoft SQL Server
2008-07-19 14:36	51,280	----a-w	C:\Windows\system32\drivers\aswMonFlt.sys
2008-06-28 12:07	---------	d-----w	C:\PROGRA~2\WinZip
2008-06-27 03:54	52,736	----a-w	C:\Windows\AppPatch\iebrshim.dll
2008-06-12 06:54	537,600	----a-w	C:\Windows\AppPatch\AcLayers.dll
2008-06-12 06:54	173,056	----a-w	C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 01:21	2,560	----a-w	C:\Windows\AppPatch\AcRes.dll
2008-01-31 19:22	654	----a-w	C:\Users\Julie\AppData\Roaming\wklnhst.dat
.

(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 14:38 1232896]
"CollaborationHost"="C:\Windows\system32\p2phost.exe" [2006-11-02 14:35 191488]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"EPSON Stylus D92 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE" [2006-09-27 06:00 139264]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32
vsvc.dll" [2007-04-17 04:47 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-17 04:47 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-17 04:47 81920]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-01-12 07:52 118784]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2007-05-16 20:07 411768]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-01-22 20:39 321656]
"Norton Save and Restore 2.0"="C:\Program Files\Norton Save and Restore\Agent\VProTray.exe" [2008-01-10 05:43 2037088]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-08-29 20:38 368640]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OBealsched.exe" [2008-04-21 13:13 185896]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-08-29 14:50 78008]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\VESWinlogon]
2007-02-13 15:19 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4148930769-3442907755-3476821119-1003]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B6C7C473-EFA4-4D26-B644-7764CE7F001A}"= Disabled:UDP:C:\Program Files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{40508795-C65A-4C7D-8927-0000669B6EFC}"= Disabled:TCP:C:\Program Files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{A53F68C5-C204-4A05-ACC5-0A3A403E1256}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{30953F5D-B7CE-4528-A38B-EDB0E77515DB}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{BA1A206F-E302-4B94-8534-FE1344DA1341}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{54B5BD03-8A61-48EF-9495-B6AC6FA44257}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{266541D7-9937-4372-A3A0-256C9C14129B}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{05D34844-2CE4-4271-9309-A18E569840CA}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"TCP Query User{AE361811-0825-4DEC-81E7-6F7B48F00849}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{F4D042B7-7C73-49D9-8C92-67522E281257}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{419959EA-10A3-4BBF-AA16-0BF2E1DBF574}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{25C83AE5-D081-4704-B11A-2BEEF7A904FC}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{D349683C-3B2F-4915-B30B-3A58F9E2169D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{127AB159-0824-4F95-9F4D-2FF6523617A5}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 22:08]
R2 Norton Save and Restore;Norton Save and Restore;C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe [2008-01-10 05:43]
R2 regi;regi;C:\Windows\system32\driversegi.sys [2007-04-17 20:09]
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;C:\Windows\system32\DRIVERS\Ma730Pt.sys [2005-12-22 03:52]
R3 Ma730Vad;MA730 Bluetooth Audio;C:\Windows\system32\DRIVERS\Ma730Vad.sys [2005-11-22 08:32]
R3 R5U870FLx86;R5U870 UVC Lower Filter  ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-03-15 21:19]
R3 R5U870FUx86;R5U870 UVC Upper Filter  ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-03-15 21:19]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [2007-04-05 03:03]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers	i21sony.sys [2007-04-23 13:29]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-02-08 05:10]
S2 IcRecUsb;IC Recorder Driver;C:\Windows\system32\Drivers\IcRecUsb.sys [2001-10-02 08:37]
S3 Ma730c;MA730 Bluetooth Core Driver;C:\Windows\system32\DRIVERS\MA730C.sys [2006-01-02 11:36]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 16:51]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-01-08 17:06]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 14:05]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
bdx	REG_MULTI_SZ   	scan
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-himem - c:\windows\himem.exe
HKCU-Run-ComRepl - C:\Users\Julie\AppData\Roaming\comrepl.exe
HKCU-Run-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\1dsde73d.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 00:48:07
Windows 6.0.6000  NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\System32\stacsv.exe
C:\Program Files\sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\sony\VAIO Power Management\SPMgr.exe
C:\Windows\System32\conime.exe
C:\Windows\System32undll32.exe
C:\Windows\System32undll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Windows\System32\lpremove.exe
C:\Windows\System32\lpksetup.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-30  1:06:04 - machine was rebooted [Julie]
ComboFix-quarantined-files.txt  2008-08-29 23:04:49

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 47,685,857,280 octets libres

230	--- E O F ---	2008-08-27 09:50:49

Utilisateur anonyme · Answer

quel antivirus veux tu  garder ??

Julie D. · Answer

bitdefender

Utilisateur anonyme · Answer

je regarde tes  rapports .........

Utilisateur anonyme · Answer

Copie le texte ci-dessous : 


killall::

File:: 
C:\Windows\uninstaller.exe 
C:\Windows\system32\drivers\pavboot.sys 
C:\Windows\system32\drivers\aswSP.sys 
C:\Windows\system32\DRIVERS\aswFsBlk.sys 
C:\Windows\system32\DRIVERS\aswMonFlt.sys 

Folder:: 
C:\Program Files\RogueRemover FREE 
C:\Program Files\Panda Security 
C:\Program Files\Alwil Software
C:\PROGRA~2\Symantec 
C:\Program Files\Norton Save and Restore
C:\Program Files\Common Files\Symantec Shared
C:\PROGRA~1\ALWILS~1
C:\Program Files\Symantec

Registry:: 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"Norton Save and Restore 2.0"=-
"Symantec PIF AlertEng"=- 
"avast!"=-

Driver::
pavboot
Norton Save and Restore
aswSP
aswFsBlk
aswMonFlt


Ouvre le Bloc-Notes puis colle le texte copié. 
(Démarrer\Tous les programmes\Accessoires\Bloc notes.) 
Sauvegarde ce fichier sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous : 

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif 

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. 

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal! 

Ne touche à rien tant que le scan n'est pas terminé. 

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis. 

S'il n'y a pas de rédémarrage, poste quand même les rapports.

Utilisateur anonyme · Answer

je vais au dodo post les rapposrt on finira demain bonne nuit

Julie D. · Answer

Voilà le rapport. Je précise que j'ai relancé combofixe une deuxième fois car je l'ai arrêté la première, en pensant qu'il vait buggé... 


ComboFix 08-08-29.02 - Julie 2008-08-30  3:08:40.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6000.0.1252.1.1036.18.377 [GMT 2:00]
Endroit: C:\Users\Julie\Desktop\ComboFix.exe
Command switches used :: C:\Users\Julie\Desktop\CFScript.txt
 * Création d'un nouveau point de restauration

FILE ::
C:\Windows\system32\DRIVERS\aswFsBlk.sys
C:\Windows\system32\DRIVERS\aswMonFlt.sys
C:\Windows\system32\drivers\aswSP.sys
C:\Windows\system32\drivers\pavboot.sys
C:\Windows\uninstaller.exe
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll
C:\PROGRA~1\ALWILS~1\Avast4\AavmGuih.dll
C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll
C:\PROGRA~1\ALWILS~1\Avast4\AhResMai.dll
C:\PROGRA~1\ALWILS~1\Avast4\ahResMes.dll
C:\PROGRA~1\ALWILS~1\Avast4\AhResNS.dll
C:\PROGRA~1\ALWILS~1\Avast4\AhResOut.dll
C:\PROGRA~1\ALWILS~1\Avast4\ahResP2P.dll
C:\PROGRA~1\ALWILS~1\Avast4\AhResStd.dll
C:\PROGRA~1\ALWILS~1\Avast4\AhResWS.dll
C:\PROGRA~1\ALWILS~1\Avast4\AhRuiMai.dll
C:\PROGRA~1\ALWILS~1\Avast4\ahRuiMes.dll
C:\PROGRA~1\ALWILS~1\Avast4\AhRuiNS.dll
C:\PROGRA~1\ALWILS~1\Avast4\AhRuiOut.dll
C:\PROGRA~1\ALWILS~1\Avast4\ahRuiP2P.dll
C:\PROGRA~1\ALWILS~1\Avast4\AhRuiStd.dll
C:\PROGRA~1\ALWILS~1\Avast4\AhRuiWS.dll
C:\PROGRA~1\ALWILS~1\Avast4\ashAvast.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll
C:\PROGRA~1\ALWILS~1\Avast4\ashBug.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashCfgP.dll
C:\PROGRA~1\ALWILS~1\Avast4\ashCfgT.dll
C:\PROGRA~1\ALWILS~1\Avast4\ashChest.dll
C:\PROGRA~1\ALWILS~1\Avast4\ashChest.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashCnsnt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashLogV.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashOutXt.dll
C:\PROGRA~1\ALWILS~1\Avast4\ashPopWz.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashShA64.dll
C:\PROGRA~1\ALWILS~1\Avast4\ashShell.dll
C:\PROGRA~1\ALWILS~1\Avast4\ashSimp2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashSimpl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashSkPcc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashSkPck.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashSODBC.dll
C:\PROGRA~1\ALWILS~1\Avast4\ashSSqlt.dll
C:\PROGRA~1\ALWILS~1\Avast4\ashSXML.dll
C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll
C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll
C:\PROGRA~1\ALWILS~1\Avast4\ashUpd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashWsFtr.dll
C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll
C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll
C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll
C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll
C:\PROGRA~1\ALWILS~1\Avast4\aswEngin.dll
C:\PROGRA~1\ALWILS~1\Avast4\aswIdle.dll
C:\PROGRA~1\ALWILS~1\Avast4\aswInteg.dll
C:\PROGRA~1\ALWILS~1\Avast4\aswMonDS.sys
C:\PROGRA~1\ALWILS~1\Avast4\aswMonVD.dll
C:\PROGRA~1\ALWILS~1\Avast4\aswRawFS.dll
C:\PROGRA~1\ALWILS~1\Avast4\aswRegSvr.exe
C:\PROGRA~1\ALWILS~1\Avast4\aswRes.dll
C:\PROGRA~1\ALWILS~1\Avast4\aswRunDll.exe
C:\PROGRA~1\ALWILS~1\Avast4\aswScan.dll
C:\PROGRA~1\ALWILS~1\Avast4\aswUpdSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\AVASTSS.scr
C:\PROGRA~1\ALWILS~1\Avast4\avCommEx.dll
C:\PROGRA~1\ALWILS~1\Avast4\AVSSHOOK.dll
C:\PROGRA~1\ALWILS~1\Avast4\DATA\400.vps
C:\PROGRA~1\ALWILS~1\Avast4\DATA\avast4.ini
C:\PROGRA~1\ALWILS~1\Avast4\DATA\iNews.htm
C:\PROGRA~1\ALWILS~1\Avast4\DATA\log\Setup.log
C:\PROGRA~1\ALWILS~1\Avast4\DATA\Skin\__snake.aswf
C:\PROGRA~1\ALWILS~1\Avast4\DATA\Skin\__strike.aswf
C:\PROGRA~1\ALWILS~1\Avast4\DATA\Skin\__vizer.aswf
C:\PROGRA~1\ALWILS~1\Avast4\DATA\Skin\low res.asws
C:\PROGRA~1\ALWILS~1\Avast4\DATA\Skin\silver panel.asws
C:\PROGRA~1\ALWILS~1\Avast4\DATA\Skin\SZC-KDE.asws
C:\PROGRA~1\ALWILS~1\Avast4\DefTasks.xml
C:\PROGRA~1\ALWILS~1\Avast4\FRENCH\Base.dll
C:\PROGRA~1\ALWILS~1\Avast4\FRENCH\Boot.dll
C:\PROGRA~1\ALWILS~1\Avast4\FRENCH\ENHANCED.HTM
C:\PROGRA~1\ALWILS~1\Avast4\FRENCH\HELP\CheckListSimple.chm
C:\PROGRA~1\ALWILS~1\Avast4\FRENCH\HELP\help.chm
C:\PROGRA~1\ALWILS~1\Avast4\FRENCH\hover.wav
C:\PROGRA~1\ALWILS~1\Avast4\FRENCH\HtmlData\11001.htm
C:\PROGRA~1\ALWILS~1\Avast4\FRENCH\HtmlData\400.htm
C:\PROGRA~1\ALWILS~1\Avast4\FRENCH\HtmlData\401.htm
C:\PROGRA~1\ALWILS~1\Avast4\FRENCH\HtmlData\407.htm
C:\PROGRA~1\ALWILS~1\Avast4\FRENCH\HtmlData\502.htm
C:\PROGRA~1\ALWILS~1\Avast4\FRENCH\HtmlData\504.htm
C:\PROGRA~1\ALWILS~1\Avast4\FRENCH\HtmlData\Blocked.htm
C:\PROGRA~1\ALWILS~1\Avast4\FRENCH\HtmlData\image001.gif
C:\PROGRA~1\ALWILS~1\Avast4\FRENCH\Lang.dll
C:\PROGRA~1\ALWILS~1\Avast4\FRENCH\LangMai.dll
C:\PROGRA~1\ALWILS~1\Avast4\FRENCH\License.txt
C:\PROGRA~1\ALWILS~1\Avast4\FRENCH\malfound.wav
C:\PROGRA~1\ALWILS~1\Avast4\FRENCH\press.wav
C:\PROGRA~1\ALWILS~1\Avast4\FRENCH\Readme.txt
C:\PROGRA~1\ALWILS~1\Avast4\FRENCH\ready.wav
C:\PROGRA~1\ALWILS~1\Avast4\FRENCH\suspic.wav
C:\PROGRA~1\ALWILS~1\Avast4\FRENCH\virfound.gif
C:\PROGRA~1\ALWILS~1\Avast4\FRENCH\virfound.wav
C:\PROGRA~1\ALWILS~1\Avast4\FRENCH\vpsupd.wav
C:\PROGRA~1\ALWILS~1\Avast4\images\background.bmp
C:\PROGRA~1\ALWILS~1\Avast4\images\chest.gif
C:\PROGRA~1\ALWILS~1\Avast4\images\lense.gif
C:\PROGRA~1\ALWILS~1\Avast4\images\logo.gif
C:\PROGRA~1\ALWILS~1\Avast4\images\main_01.jpg
C:\PROGRA~1\ALWILS~1\Avast4\images\main_02.jpg
C:\PROGRA~1\ALWILS~1\Avast4\images\oranz.gif
C:\PROGRA~1\ALWILS~1\Avast4\images\resident.gif
C:\PROGRA~1\ALWILS~1\Avast4\images\setting.gif
C:\PROGRA~1\ALWILS~1\Avast4\images\slogan.gif
C:\PROGRA~1\ALWILS~1\Avast4\images\spacer.gif
C:\PROGRA~1\ALWILS~1\Avast4\images\update.gif
C:\PROGRA~1\ALWILS~1\Avast4\images\virusdat.gif
C:\PROGRA~1\ALWILS~1\Avast4\sched.exe
C:\PROGRA~1\ALWILS~1\Avast4\Setup\av_pro_core-471.vpu
C:\PROGRA~1\ALWILS~1\Avast4\Setup\av_pro_dll40c-93.vpu
C:\PROGRA~1\ALWILS~1\Avast4\Setup\av_pro_hlp40c-243.vpu
C:\PROGRA~1\ALWILS~1\Avast4\Setup\av_pro_skins-14.vpu
C:\PROGRA~1\ALWILS~1\Avast4\Setup\avast.setup
C:\PROGRA~1\ALWILS~1\Avast4\Setup\avscan-32e.vpu
C:\PROGRA~1\ALWILS~1\Avast4\Setup\INF\AavmKer4.inf
C:\PROGRA~1\ALWILS~1\Avast4\Setup\INF\Aavmker4.sys
C:\PROGRA~1\ALWILS~1\Avast4\Setup\INF\AMD64\Aavmker4.sys
C:\PROGRA~1\ALWILS~1\Avast4\Setup\INF\AMD64\aswFsBlk.sys
C:\PROGRA~1\ALWILS~1\Avast4\Setup\INF\AMD64\aswMon2.sys
C:\PROGRA~1\ALWILS~1\Avast4\Setup\INF\AMD64\aswMonFlt.sys
C:\PROGRA~1\ALWILS~1\Avast4\Setup\INF\AMD64\aswRdr.sys
C:\PROGRA~1\ALWILS~1\Avast4\Setup\INF\AMD64\aswSP.sys
C:\PROGRA~1\ALWILS~1\Avast4\Setup\INF\AMD64\aswTdi.sys
C:\PROGRA~1\ALWILS~1\Avast4\Setup\INF\aswFsBlk.inf
C:\PROGRA~1\ALWILS~1\Avast4\Setup\INF\aswFsBlk.sys
C:\PROGRA~1\ALWILS~1\Avast4\Setup\INF\aswMon.sys
C:\PROGRA~1\ALWILS~1\Avast4\Setup\INF\AswMon2.inf
C:\PROGRA~1\ALWILS~1\Avast4\Setup\INF\aswMon2.sys
C:\PROGRA~1\ALWILS~1\Avast4\Setup\INF\AswMonFlt.inf
C:\PROGRA~1\ALWILS~1\Avast4\Setup\INF\aswMonFlt.sys
C:\PROGRA~1\ALWILS~1\Avast4\Setup\INF\AswRdr.sys
C:\PROGRA~1\ALWILS~1\Avast4\Setup\INF\aswSP.sys
C:\PROGRA~1\ALWILS~1\Avast4\Setup\INF\AswTdi.sys
C:\PROGRA~1\ALWILS~1\Avast4\Setup\INF\IA64\aswFsBlk.sys
C:\PROGRA~1\ALWILS~1\Avast4\Setup\INF\IA64\aswMonFlt.sys
C:\PROGRA~1\ALWILS~1\Avast4\Setup\INF\IA64\aswRdr.sys
C:\PROGRA~1\ALWILS~1\Avast4\Setup\INF\IA64\aswSP.sys
C:\PROGRA~1\ALWILS~1\Avast4\Setup\INF\IA64\aswTdi.sys
C:\PROGRA~1\ALWILS~1\Avast4\Setup\jrog-49.vpu
C:\PROGRA~1\ALWILS~1\Avast4\Setup\news409-32.vpu
C:\PROGRA~1\ALWILS~1\Avast4\Setup\part-jrog-49.vpu
C:\PROGRA~1\ALWILS~1\Avast4\Setup\part-news-4b.vpu
C:\PROGRA~1\ALWILS~1\Avast4\Setup\part-prg_av_pro-4cd.vpu
C:\PROGRA~1\ALWILS~1\Avast4\Setup\part-setup_av_pro-4cd.vpu
C:\PROGRA~1\ALWILS~1\Avast4\Setup\part-vps-8082600.vpu
C:\PROGRA~1\ALWILS~1\Avast4\Setup\prod-av_pro.vpu
C:\PROGRA~1\ALWILS~1\Avast4\Setup\servers.def
C:\PROGRA~1\ALWILS~1\Avast4\Setup\setif_av_pro-4cd.vpu
C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll
C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.ovr
C:\PROGRA~1\ALWILS~1\Avast4\Setup\setup.ini
C:\PROGRA~1\ALWILS~1\Avast4\Setup\setup.log
C:\PROGRA~1\ALWILS~1\Avast4\Setup\setup.ovr
C:\PROGRA~1\ALWILS~1\Avast4\Setup\setup_av_pro-4cd.vpu
C:\PROGRA~1\ALWILS~1\Avast4\Setup\vps-8082600.vpu
C:\PROGRA~1\ALWILS~1\Avast4\Setup\vpsm-8082600.vpu
C:\PROGRA~1\ALWILS~1\Avast4\Setup\winsys-2.vpu
C:\PROGRA~1\ALWILS~1\Avast4\Setup\winsysgui-2.vpu
C:\PROGRA~1\ALWILS~1\Avast4\VisthAux.exe
C:\PROGRA~1\ALWILS~1\Avast4\VisthLic.exe
C:\PROGRA~1\ALWILS~1\Avast4\VisthUpd.exe
C:\PROGRA~1\ALWILS~1\Avast4\wdp-ash-updscript.vbs
C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll
C:\Program Files\Alwil Software
C:\Windows\system32\DRIVERS\aswFsBlk.sys
C:\Windows\system32\DRIVERS\aswMonFlt.sys
C:\Windows\system32\drivers\aswSP.sys
.
---- Previous Run -------
.
C:\PROGRA~1\ALWILS~1\Avast4\DATA\report\avast.xsl
C:\PROGRA~1\ALWILS~1\Avast4\DATA\report\background.gif
C:\PROGRA~1\ALWILS~1\Avast4\DATA\report\logo.gif
C:\PROGRA~1\ALWILS~1\Avast4\FRENCH\aswClnTg.htm
C:\PROGRA~1\ALWILS~1\Avast4\FRENCH\aswClnTg.txt
C:\PROGRA~1\ALWILS~1\Avast4\FRENCH\aswInfTg.htm
C:\PROGRA~1\ALWILS~1\Avast4\FRENCH\aswInfTg.txt
C:\PROGRA~2\Symantec
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20071116.001\IDS9xx86.dll
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20071116.001\IDSVia64.cat
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20071116.001\IDSVia64.INF
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20071116.001\IDSviA64.sys
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20071116.001\IDSVix86.cat
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20071116.001\IDSVix86.INF
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20071116.001\IDSvix86.sys
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20071116.001\IDSxpx86.dll
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20071116.001\SymIDSCo.sys
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20071116.001\SymIDSCo.vxd
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20071116.001\SymIDSI.dll
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20071120.002\IDS9xx86.dll
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20071120.002\IDSVia64.cat
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20071120.002\IDSVia64.INF
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20071120.002\IDSviA64.sys
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20071120.002\IDSVix86.cat
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20071120.002\IDSVix86.INF
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20071120.002\IDSvix86.sys
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20071120.002\IDSxpx86.dll
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20071120.002\SymIDSCo.sys
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20071120.002\SymIDSCo.vxd
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20071120.002\SymIDSI.dll
C:\PROGRA~2\Symantec\Definitions\SymcData\nco1.0defs\20071114.005\hub.scr
C:\PROGRA~2\Symantec\Definitions\SymcData\nco1.0defs\latest-hub-webauth.sql\LHW.sql.bin
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20070911.016\CCERASER.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20070911.016\ECBOOTIL.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20070911.016\ECMSVR32.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20070911.016\EECTRL.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20070911.016\ERASER.SPM
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20070911.016\ERASER.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20070911.016\NAVENG.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20070911.016\NAVENG.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20070911.016\NAVENG32.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20070911.016\NAVEX15.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20070911.016\NAVEX15.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20070911.016\NAVEX32A.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20070911.016\SYMAVENG.CAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20070911.016\SYMAVENG.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20070911.016\SYMERASE.CAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20070911.016\SYMERASE.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20070911.016\VIRSCAN.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071104.009\CCERASER.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071104.009\ECBOOTIL.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071104.009\ECMSVR32.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071104.009\EECTRL.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071104.009\ERASER.SPM
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071104.009\ERASER.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071104.009\NAVENG.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071104.009\NAVENG.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071104.009\NAVENG32.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071104.009\NAVEX15.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071104.009\NAVEX15.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071104.009\NAVEX32A.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071104.009\SYMAVENG.CAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071104.009\SYMAVENG.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071104.009\SYMERASE.CAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071104.009\SYMERASE.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071104.009\VIRSCAN.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071114.020\CCERASER.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071114.020\ECBOOTIL.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071114.020\ECMSVR32.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071114.020\EECTRL.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071114.020\ERASER.SPM
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071114.020\ERASER.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071114.020\NAVENG.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071114.020\NAVENG.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071114.020\NAVENG32.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071114.020\NAVEX15.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071114.020\NAVEX15.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071114.020\NAVEX32A.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071114.020\SYMAVENG.CAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071114.020\SYMAVENG.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071114.020\SYMERASE.CAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071114.020\SYMERASE.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20071114.020\VIRSCAN.INF
C:\PROGRA~2\Symantec\FileBackup\Catalog.dat
C:\PROGRA~2\Symantec\hpc\ 
C:\PROGRA~2\Symantec\LiveUpdate\1.Configuration.Log.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\1.Product.Inventory.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\1.Settings.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\10.Configuration.Log.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\10.Product.Inventory.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\10.Settings.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\11.Configuration.Log.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\12.Configuration.Log.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\13.Configuration.Log.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\14.Configuration.Log.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\2.Configuration.Log.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\2.Product.Inventory.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\2.Settings.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\2008-08-07_Log.ALUSchedulerSvc.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\2008-08-08_Log.ALUSchedulerSvc.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\2008-08-09_Log.ALUSchedulerSvc.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\2008-08-10_Log.ALUSchedulerSvc.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\2008-08-11_Log.ALUSchedulerSvc.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\2008-08-12_Log.ALUSchedulerSvc.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\2008-08-13_Log.ALUSchedulerSvc.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\2008-08-14_Log.ALUSchedulerSvc.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\2008-08-21_Log.ALUSchedulerSvc.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\2008-08-26_Log.ALUSchedulerSvc.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\2008-08-27_Log.ALUSchedulerSvc.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\2008-08-28_Log.ALUSchedulerSvc.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\2008-08-29_Log.ALUSchedulerSvc.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\2008-08-30_Log.ALUSchedulerSvc.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\3.Configuration.Log.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\3.Product.Inventory.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\3.Settings.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\4.Configuration.Log.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\4.Product.Inventory.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\4.Settings.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\5.Configuration.Log.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\5.Product.Inventory.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\5.Settings.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\6.Configuration.Log.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\6.Product.Inventory.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\6.Settings.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\7.Configuration.Log.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\7.Product.Inventory.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\7.Settings.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\8.Configuration.Log.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\8.Product.Inventory.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\8.Settings.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\9.Configuration.Log.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\9.Product.Inventory.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\9.Settings.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\Configuration.Log.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\_F105%5EQIeiWuIgQXq9bzUL1+GYFf9Pua8zbW6RwAAAAA_F106%5EE$de$5b$bdb$05$12e
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\[u]0/uTERwAAAAA_F206%5E$10$9f$bb$00$14$93$c24
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\1201819205jtun_symlcsvc19274.x01.full.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\1202842846jtun_nisenidcurd25.x86.full.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\1203105580jtun_nisenidcurd25.x86.full.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\1203627285jtun_nisenidcurd25.x86.full.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\1206396700jtun_cohdata.rar.full.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\1217886497jtun_cohdata.rar.full.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\16nfHSOc0ljqF2osUATxHgdEf1M0SAAAAAA
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\16nfHSOc0ljqF2osUATxHgdEf1M0SAAAAAA_F206%5E$10$9f$bb$00$14$93$c24
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\5RwAAAAA
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\5RwAAAAA_F206%5E$10$9f$bb$00$14$93$c24
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\6RwAAAAA
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\6RwAAAAA_F206%5E$10$9f$bb$00$14$93$c24
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\antivirus_1.1.00_french_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\automatic$20liveupdate_3.2.0.26_french_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\automatic$20liveupdate_3.2.0.41_french_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20nav2007_microdefsb.aug_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20nav2007_microdefsb.curdefs_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20nav2007_microdefsb.feb_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20nav2007_microdefsb.nov_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\ccpd$5fretail$5flicensing$5ftechnology_6.0_english_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\coh$20data$20update_6.1.0_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\coh$20update_6.0.0_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\coh$20update_6.1.0_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\common$20client$20core_106.1.1_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\decomposer_1.0.0_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\firewall_2.1.0_french_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\firewall_2.2.0_english_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\firewall_2.2.0_french_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\firewall_2.3.0_english_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\firewall_2.3.0_french_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\firewall_2.3.1_english_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\firewall_2.3.1_french_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\firewall_2.3.2_english_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\firewall_2.3.2_french_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\FoYbJ+F0EWu9MSAAAAAA
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\FoYbJ+F0EWu9MSAAAAAA_F206%5E$10$9f$bb$00$14$93$c24
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\ids$20$2d$20consumer_7.1.0_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\ids$20$2d$20consumer_7.2.0_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\ids$20defs$202007$20microdefs25_microdefsb.curdefs_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\ids$20defs$202007$20microdefs25_microdefsb.error_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\ids$20defs$202007$20microdefs25_microdefsb.jun_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\ids$20defs$202007$20microdefs25_microdefsb.oct_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\ids$20defs$202007.2$20microdefs25_microdefsb.curdefs_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\ids$20defs$202007.2$20microdefs25_microdefsb.error_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\ids$20defs$202007.2$20microdefs25_microdefsb.jan_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\ids$20defs$202007.2$20microdefs25_microdefsb.jun_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\ids$20defs$202007.2$20microdefs25_microdefsb.nov_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\ids$20defs$202007.2$20microdefs25_microdefsb.oct_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\ids$20defs$202007.2$20microdefs25_microdefsb.sep_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\ijT2HHd6a4fQj5RwAAAAA
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\ijT2HHd6a4fQj5RwAAAAA_F206%5E$10$9f$bb$00$14$93$c24
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\ijT2HHd6a4uAz5RwAAAAA
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\ijT2HHd6a4uAz5RwAAAAA_F206%5E$10$9f$bb$00$14$93$c24
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\minitri.flg
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\navnt$202007$20resource_14.2.0.29_english_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\navnt$202007$20resource_14.2.0.29_french_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\navnt$202007$20resource_14.5.0_english_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\navnt$202007_14.1.0.27_french_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\navnt$202007_14.1.2_french_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\navnt$202007_14.2.0.29_french_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\norton$20internet$20security$20other_2.0_english_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\norton$20internet$20security$20resource_10.2.0_english_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\norton$20internet$20security$20resource_10.2.0_french_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\norton$20save$20$26$20restore_2.0.0.19488_french_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\norton$20save$20$26$20restore_2.0.4.23034_french_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\nortonprotectioncenter_2007.2.00_english_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\nortonprotectioncenter_2007.2.00_french_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\nortonprotectioncenter_2007.3.00_french_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\opc70x$5fcore_7.2_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\opc70x$5fcore_7.5_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\p+aBps7gsDnwaYEvvCRwAAAAA
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\p+aBps7gsDnwaYEvvCRwAAAAA_F206%5E$10$9f$bb$00$14$93$c24
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\spbbc_3.1.1_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\spbbc_3.2.0.21_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\srtsp$20consumer_10.1.4_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\srtsp$20consumer_10.1.5_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\srtsp$20consumer_10.2.1_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\submission$20engine$20data_1.0_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\symantec$20known$20application$20system_1.0.0_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\symantec$20known$20application$20system_1.5.0_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\symantec$20security$20content$20a_microdefsb.curdefs_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\symantec$20trusted$20application$20list_2.0_english_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\symantec$20trusted$20application$20list_2.0_french_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\symevent$20installer$20$2d$20consumer_12.1_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\symevent$20installer$20$2d$20consumer_12.3_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\symevent$20installer$20$2d$20consumer_12.5_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\symnet$20consumer_7.2.0_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\web$20authentication$20data_microdefsb.aug_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\web$20authentication$20data_microdefsb.curdefs_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\web$20authentication$20data_microdefsb.dec_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\web$20authentication$20data_microdefsb.jul_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\web$20authentication$20data_microdefsb.oct_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\web$20authentication$20data_microdefsb.old_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\web$20authentication$20data_microdefsb.sep_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\web$20protection$20data_1.0_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\web$20protection$20data_2006.1.0.60_symalllanguages_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\web$20protection$20engine_2007.1.3.6_french_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\web$20protection$20engine_2007.1.5.29_french_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Downloads\web$20protection$20engine_2007.1.7.20_french_livetri.zip
C:\PROGRA~2\Symantec\LiveUpdate\Log.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\LUInstall.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\Product.Inventory.LastGood.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
C:\PROGRA~2\Symantec\LiveUpdate\Settings.LiveUpdate
C:\PROGRA~2\Symantec\Norton Save & Restore\CHIPIE.sv2i
C:\PROGRA~2\Symantec\Norton Save & Restore\History\M1234805218Offset63_Volume.pqh
C:\PROGRA~2\Symantec\Norton Save & Restore\History\M3748179770Offset2048_Volume.policy
C:\PROGRA~2\Symantec\Norton Save & Restore\History\M3748179770Offset2048_Volume.pqh
C:\PROGRA~2\Symantec\Norton Save & Restore\History\M3748179770Offset20508672_Volume.pqh
C:\PROGRA~2\Symantec\Norton Save & Restore\Logs\2c97d705-1675-4cdb-ac36-caf5ad7a3199VProConsole.log.txt
C:\PROGRA~2\Symantec\Norton Save & Restore\Logs\Norton Save & Restore.dbg
C:\PROGRA~2\Symantec\Norton Save & Restore\Logs\Norton Save & Restore.dbg.bak
C:\PROGRA~2\Symantec\Norton Save & Restore\Logs\Norton Save & Restore.log.txt
C:\PROGRA~2\Symantec\Norton Save & Restore\Logs\SymDrvInstall.log
C:\PROGRA~2\Symantec\Norton Save & Restore\Logs\V2iBrowser.bak
C:\PROGRA~2\Symantec\Norton Save & Restore\Logs\V2iBrowser.dbg
C:\PROGRA~2\Symantec\Norton Save & Restore\Logs\VProConsole.log.txt
C:\PROGRA~2\Symantec\Norton Save & Restore\Logs\VProTray.dbg
C:\PROGRA~2\Symantec\Norton Save & Restore\Norton Save & Restore.notify.xml
C:\PROGRA~2\Symantec\Norton Save & Restore\RemoteComputers.xml
C:\PROGRA~2\Symantec\Norton Save & Restore\Schedule\{2B9694A2-D79C-4291-812B-6F12E3203DF4}.pqj
C:\PROGRA~2\Symantec\Norton Save & Restore\Schedule\{34AE0415-89A2-45B1-87E6-0B0569A2E0DF}.pqj
C:\PROGRA~2\Symantec\Norton Save & Restore\Schedule\{BA4BDC3B-0EC5-41B1-BAA6-0A03C4DBB2E2}.pqj
C:\PROGRA~2\Symantec\Norton Save & Restore\Schedule\EXTENSION_GROUP_FINANCIAL.fbe
C:\PROGRA~2\Symantec\Norton Save & Restore\Schedule\EXTENSION_GROUP_MAIL.fbe
C:\PROGRA~2\Symantec\Norton Save & Restore\Schedule\EXTENSION_GROUP_MUSIC.fbe
C:\PROGRA~2\Symantec\Norton Save & Restore\Schedule\EXTENSION_GROUP_PICTURE.fbe
C:\PROGRA~2\Symantec\Norton Save & Restore\Schedule\EXTENSION_GROUP_PRODUCTIVITY.fbe
C:\PROGRA~2\Symantec\Norton Save & Restore\Schedule\EXTENSION_GROUP_VIDEO.fbe
C:\PROGRA~2\Symantec\Norton Save & Restore\Settings.ini
C:\PROGRA~2\Symantec\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PollManager\PollManager_Current.dat
C:\PROGRA~2\Symantec\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PollManager\PollManager_Job.dat
C:\PROGRA~2\Symantec\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\SVAR\SVAR_{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}.dat
C:\PROGRA~2\Symantec\rmt.dat
C:\PROGRA~2\Symantec\Shared\QBackup\{856D9994-DE61-44C4-A540-8C1B8D404A4A}.qbi
C:\PROGRA~2\Symantec\Shared\QBackup\{856D9994-DE61-44C4-A540-8C1B8D404A4A}\{2C63AB5D-6737-4C51-8A74-10EBB6A9D82E}.qbd
C:\PROGRA~2\Symantec\Shared\QBackup\{856D9994-DE61-44C4-A540-8C1B8D404A4A}\{2C63AB5D-6737-4C51-8A74-10EBB6A9D82E}.qbi
C:\PROGRA~2\Symantec\Shared\QBackup\{856D9994-DE61-44C4-A540-8C1B8D404A4A}\{38E5D3C6-9D6F-4D71-A877-A228978B799C}.qbd
C:\PROGRA~2\Symantec\Shared\QBackup\{856D9994-DE61-44C4-A540-8C1B8D404A4A}\{38E5D3C6-9D6F-4D71-A877-A228978B799C}.qbi
C:\PROGRA~2\Symantec\Shared\QBackup\{856D9994-DE61-44C4-A540-8C1B8D404A4A}\{6463BB44-2A60-4AF4-A514-B09E67FC282C}.qbd
C:\PROGRA~2\Symantec\Shared\QBackup\{856D9994-DE61-44C4-A540-8C1B8D404A4A}\{6463BB44-2A60-4AF4-A514-B09E67FC282C}.qbi
C:\PROGRA~2\Symantec\Shared\QBackup\{856D9994-DE61-44C4-A540-8C1B8D404A4A}\{95EABD88-11CD-43AB-91BD-F6C554AE03E8}.qbd
C:\PROGRA~2\Symantec\Shared\QBackup\{856D9994-DE61-44C4-A540-8C1B8D404A4A}\{95EABD88-11CD-43AB-91BD-F6C554AE03E8}.qbi
C:\PROGRA~2\Symantec\Shared\QBackup\{856D9994-DE61-44C4-A540-8C1B8D404A4A}\{A7F9FFF3-FD30-49F8-830E-EE2CAD099791}.qbd
C:\PROGRA~2\Symantec\Shared\QBackup\{856D9994-DE61-44C4-A540-8C1B8D404A4A}\{A7F9FFF3-FD30-49F8-830E-EE2CAD099791}.qbi
C:\PROGRA~2\Symantec\Shared\QBackup\{856D9994-DE61-44C4-A540-8C1B8D404A4A}\{BA9A1C23-007C-480A-89F6-1E2295383349}.qbd
C:\PROGRA~2\Symantec\Shared\QBackup\{856D9994-DE61-44C4-A540-8C1B8D404A4A}\{BA9A1C23-007C-480A-89F6-1E2295383349}.qbi
C:\PROGRA~2\Symantec\Shared\QBackup\{856D9994-DE61-44C4-A540-8C1B8D404A4A}\{C2AA4F73-7FAC-4B74-9B3A-19A510E4C457}.qbd
C:\PROGRA~2\Symantec\Shared\QBackup\{856D9994-DE61-44C4-A540-8C1B8D404A4A}\{C2AA4F73-7FAC-4B74-9B3A-19A510E4C457}.qbi
C:\PROGRA~2\Symantec\Shared\QBackup\{856D9994-DE61-44C4-A540-8C1B8D404A4A}\{CE95A97C-8D37-423B-A166-6AE303002BF2}.qbd
C:\PROGRA~2\Symantec\Shared\QBackup\{856D9994-DE61-44C4-A540-8C1B8D404A4A}\{CE95A97C-8D37-423B-A166-6AE303002BF2}.qbi
C:\PROGRA~2\Symantec\Shared\QBackup\{856D9994-DE61-44C4-A540-8C1B8D404A4A}\{CFCEDF4E-4D6E-4EF2-8CFB-DC6AA7629C4D}.qbd
C:\PROGRA~2\Symantec\Shared\QBackup\{856D9994-DE61-44C4-A540-8C1B8D404A4A}\{CFCEDF4E-4D6E-4EF2-8CFB-DC6AA7629C4D}.qbi
C:\PROGRA~2\Symantec\Shared\QBackup\{856D9994-DE61-44C4-A540-8C1B8D404A4A}\{E3432598-B7A0-4DD7-8C97-140C5F8837FE}.qbd
C:\PROGRA~2\Symantec\Shared\QBackup\{856D9994-DE61-44C4-A540-8C1B8D404A4A}\{E3432598-B7A0-4DD7-8C97-140C5F8837FE}.qbi
C:\PROGRA~2\Symantec\Shared\QBackup\{856D9994-DE61-44C4-A540-8C1B8D404A4A}\{E92F4FB4-95F9-4B36-BDB7-E98EF8F93370}.qbd
C:\PROGRA~2\Symantec\Shared\QBackup\{856D9994-DE61-44C4-A540-8C1B8D404A4A}\{E92F4FB4-95F9-4B36-BDB7-E98EF8F93370}.qbi
C:\PROGRA~2\Symantec\VProConsole\ActionSequence.df776ea2-118f-48f8-82f1-65db1bfb5268.iv!ed-Ohz8rZroQ9In2cKTLUHAY.xml
C:\PROGRA~2\Symantec\VProConsole\ActionSequence.ed92fb82-8395-4688-b353-7a5999f1c0da.h1ezju-7vpm5N3EtLB2J5HKiETM.xml
C:\PROGRA~2\Symantec\VProConsole\ActionSequence.ed92fb82-8395-4688-b353-7a5999f1c0da.iv!ed-Ohz8rZroQ9In2cKTLUHAY.xml
C:\PROGRA~2\Symantec\VProConsole\Tallies.df776ea2-118f-48f8-82f1-65db1bfb5268.iv!ed-Ohz8rZroQ9In2cKTLUHAY.xml
C:\PROGRA~2\Symantec\VProConsole\Tallies.ed92fb82-8395-4688-b353-7a5999f1c0da.h1ezju-7vpm5N3EtLB2J5HKiETM.xml
C:\PROGRA~2\Symantec\VProConsole\Tallies.ed92fb82-8395-4688-b353-7a5999f1c0da.iv!ed-Ohz8rZroQ9In2cKTLUHAY.xml
C:\PROGRA~2\Symantec\wcid0.log
C:\PROGRA~2\Symantec\wds.dat
C:\Program Files\Alwil Software\Avast4\DATA\report\avast.xsl
C:\Program Files\Alwil Software\Avast4\DATA\report\background.gif
C:\Program Files\Alwil Software\Avast4\DATA\report\logo.gif
C:\Program Files\Alwil Software\Avast4\FRENCH\aswClnTg.htm
C:\Program Files\Alwil Software\Avast4\FRENCH\aswClnTg.txt
C:\Program Files\Alwil Software\Avast4\FRENCH\aswInfTg.htm
C:\Program Files\Alwil Software\Avast4\FRENCH\aswInfTg.txt
C:\Program Files\Common Files\Symantec Shared
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\ez_log.html
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
C:\Program Files\Common Files\Symantec Shared\COH\coh.cache
C:\Program Files\Common Files\Symantec Shared\COH\COH32.exe
C:\Program Files\Common Files\Symantec Shared\COH\COH64.exe
C:\Program Files\Common Files\Symantec Shared\COH\COHClean.dll
C:\Program Files\Common Files\Symantec Shared\COH\ses39C5.tmp
C:\Program Files\Common Files\Symantec Shared\COH\ses8548.tmp
C:\Program Files\Common Files\Symantec Shared\COH\sesF667.tmp
C:\Program Files\Common Files\Symantec Shared\COH\sH0001.dll
C:\Program Files\Common Files\Symantec Shared\COH\sH0002.dll
C:\Program Files\Common Files\Symantec Shared\Help\LUALL.CHM
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.loc
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertUi.dll
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\dcGlobal.dll
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\dcmhSvar.dll
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\dcProd.dll
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\lisezmoi.txt
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\mhSched.dll
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\mhUpgr.dll
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\nlc.ico
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifPep06.dll
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifPep07.dll
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PollMgr.dll
C:\Program Files\Common Files\Symantec Shared\SPManifests\AlertEng.grd
C:\Program Files\Common Files\Symantec Shared\SPManifests\AlertEng.sig
C:\Program Files\Common Files\Symantec Shared\SPManifests\AlertEng.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\LuSymProtect.grd
C:\Program Files\Common Files\Symantec Shared\SPManifests\LuSymProtect.sig
C:\Program Files\Common Files\Symantec Shared\SPManifests\LuSymProtect.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\PifCore.grd
C:\Program Files\Common Files\Symantec Shared\SPManifests\PifCore.sig
C:\Program Files\Common Files\Symantec Shared\SPManifests\PifCore.spm
C:\Program Files\Common Files\Symantec Shared\Support Controls\clt05PIN.dll
C:\Program Files\Common Files\Symantec Shared\Support Controls\clt06PIN.dll
C:\Program Files\Common Files\Symantec Shared\Support Controls\Microsoft.VC80.CRT.manifest
C:\Program Files\Common Files\Symantec Shared\Support Controls\msvcm80.dll
C:\Program Files\Common Files\Symantec Shared\Support Controls\msvcp80.dll
C:\Program Files\Common Files\Symantec Shared\Support Controls\msvcr80.dll
C:\Program Files\Common Files\Symantec Shared\Support Controls\nprdtinf.dll
C:\Program Files\Common Files\Symantec Shared\Support Controls\srsecchk.gif
C:\Program Files\Common Files\Symantec Shared\Support Controls\ssCmdTar.ini
C:\Program Files\Common Files\Symantec Shared\Support Controls\ssctlbr.dll
C:\Program Files\Common Files\Symantec Shared\Support Controls\ssctlwmi.dll
C:\Program Files\Common Files\Symantec Shared\Support Controls\ssctrlln.dll
C:\Program Files\Common Files\Symantec Shared\Support Controls\sshelper.exe
C:\Program Files\Common Files\Symantec Shared\Support Controls\sslisten.exe
C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrclic.txt
C:\Program Files\Common Files\Symantec Shared\Support Controls\SymAData.dll
C:\Program Files\Common Files\Symantec Shared\Support Controls\SymSupCC.dll
C:\Program Files\Common Files\Symantec Shared\Support Controls\SymXPep2.dll
C:\Program Files\Common Files\Symantec Shared\Support Controls\tgctlcm.dll
C:\Program Files\Common Files\Symantec Shared\Support Controls\tgctlsi.dll
C:\Program Files\Common Files\Symantec Shared\Support Controls\tgctlsr.dll
C:\Program Files\Common Files\Symantec Shared\Support Controls\tgctlss.dll
C:\Program Files\Common Files\Symantec Shared\Support Controls\VNCHooks.dll
C:\Program Files\Common Files\Symantec Shared\VProRecovery\ComConfig.dll
C:\Program Files\Common Files\Symantec Shared\VProRecovery\EventMonitors.dll
C:\Program Files\Common Files\Symantec Shared\VProRecovery\NotifyHandler.dll
C:\Program Files\Common Files\Symantec Shared\VProRecovery\VProAuto.dll
C:\Program Files\Common Files\Symantec Shared\VProRecovery\VProObj.dll
C:\Program Files\Common Files\Symantec Shared\VProRecovery\VProScheduler.dll
C:\Program Files\Norton Save and Restore
C:\Program Files\Norton Save and Restore\Agent\bcdedit.exe
C:\Program Files\Norton Save and Restore\Agent\BootSect.exe
C:\Program Files\Norton Save and Restore\Agent\ComRequestor.exe
C:\Program Files\Norton Save and Restore\Agent\file_SV2i.ico
C:\Program Files\Norton Save and Restore\Agent\gcdrdll.cfg
C:\Program Files\Norton Save and Restore\Agent\gcdroem.cfg
C:\Program Files\Norton Save and Restore\Agent\gcdrtype.cfg
C:\Program Files\Norton Save and Restore\Agent\GDPluginRegister.exe
C:\Program Files\Norton Save and Restore\Agent\GDSymV2i.dll
C:\Program Files\Norton Save and Restore\Agent\GDUrlLauncher.exe
C:\Program Files\Norton Save and Restore\Agent\gearaw32.dll
C:\Program Files\Norton Save and Restore\Agent\gjukdll.cfg
C:\Program Files\Norton Save and Restore\Agent\gjukoem.cfg
C:\Program Files\Norton Save and Restore\Agent\gjuktype.cfg
C:\Program Files\Norton Save and Restore\Agent\gwlangen.dll
C:\Program Files\Norton Save and Restore\Agent\gwrks32.dll
C:\Program Files\Norton Save and Restore\Agent\ModifiableSRD.exe
C:\Program Files\Norton Save and Restore\Agent\msvcr71.dll
C:\Program Files\Norton Save and Restore\Agent\SecurityConfig.exe
C:\Program Files\Norton Save and Restore\Agent\SpnRegister.dll
C:\Program Files\Norton Save and Restore\Agent\V2iToc.dll
C:\Program Files\Norton Save and Restore\Agent\VProDirWatcher.dll
C:\Program Files\Norton Save and Restore\Agent\VProImaging.dll
C:\Program Files\Norton Save and Restore\Agent\VProOneTouch.exe
C:\Program Files\Norton Save and Restore\Agent\VProSnap.dll
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\Program Files\Norton Save and Restore\Agent\VProSvc.rtc
C:\Program Files\Norton Save and Restore\Agent\VProTray.exe
C:\Program Files\Norton Save and Restore\Agent\VProTray.exe.manifest
C:\Program Files\Norton Save and Restore\Agent\VSS_2003.dll
C:\Program Files\Norton Save and Restore\Agent\VSS_XP.dll
C:\Program Files\Norton Save and Restore\Agent\wimgapi.dll
C:\Program Files\Norton Save and Restore\Browser\V2iBrowser.exe
C:\Program Files\Norton Save and Restore\Browser\V2iBrowser.exe.manifest
C:\Program Files\Norton Save and Restore\Browser\VProShellExt.dll
C:\Program Files\Norton Save and Restore\Console\dotNetBase.dll
C:\Program Files\Norton Save and Restore\Console\DotNetMagic2005.dll
C:\Program Files\Norton Save and Restore\Console\interop.ComConfig.dll
C:\Program Files\Norton Save and Restore\Console\interop.EasySetupInt.dll
C:\Program Files\Norton Save and Restore\Console\interop.ErrorGui.dll
C:\Program Files\Norton Save and Restore\Console\interop.EventMonitors.dll
C:\Program Files\Norton Save and Restore\Console\interop.FileBackup.dll
C:\Program Files\Norton Save and Restore\Console\interop.NotifyHandler.dll
C:\Program Files\Norton Save and Restore\Console\interop.ObjectPicker.dll
C:\Program Files\Norton Save and Restore\Console\Interop.V2iMountService.dll
C:\Program Files\Norton Save and Restore\Console\interop.VProAuto.dll
C:\Program Files\Norton Save and Restore\Console\interop.VProObj.dll
C:\Program Files\Norton Save and Restore\Console\interop.VProProgress.dll
C:\Program Files\Norton Save and Restore\Console\interop.VProScheduler.dll
C:\Program Files\Norton Save and Restore\Console\Nevron.Graphics2D.dll
C:\Program Files\Norton Save and Restore\Console\Nevron.GraphicsCore.dll
C:\Program Files\Norton Save and Restore\Console\Nevron.GraphicsGL.dll
C:\Program Files\Norton Save and Restore\Console\Nevron.NChart.dll
C:\Program Files\Norton Save and Restore\Console\Nevron.NChartCore.dll
C:\Program Files\Norton Save and Restore\Console\Nevron.NChartServer.dll
C:\Program Files\Norton Save and Restore\Console\Nevron.Standard.dll
C:\Program Files\Norton Save and Restore\Console\Nevron.UIControls.dll
C:\Program Files\Norton Save and Restore\Console\Nevron.Utility.dll
C:\Program Files\Norton Save and Restore\Console\ObjectPicker.dll
C:\Program Files\Norton Save and Restore\Console\SymUi.dll
C:\Program Files\Norton Save and Restore\Console\VProConsole.bmp
C:\Program Files\Norton Save and Restore\Console\VProConsole.exe
C:\Program Files\Norton Save and Restore\Console\VProConsole_.exe
C:\Program Files\Norton Save and Restore\Console\VProConsole_.exe.manifest
C:\Program Files\Norton Save and Restore\Console\VProUI.dll
C:\Program Files\Norton Save and Restore\Console\VProUI.rtc
C:\Program Files\Norton Save and Restore\Fixinstall.bat
C:\Program Files\Norton Save and Restore\Shared\Base.properties
C:\Program Files\Norton Save and Restore\Shared\Base_fr.properties
C:\Program Files\Norton Save and Restore\Shared\Bitmap_fr.properties
C:\Program Files\Norton Save and Restore\Shared\CDVDBurnerLib_de.properties
C:\Program Files\Norton Save and Restore\Shared\CDVDBurnerLib_es.properties
C:\Program Files\Norton Save and Restore\Shared\CDVDBurnerLib_it.properties
C:\Program Files\Norton Save and Restore\Shared\CDVDBurnerLib_ja.properties
C:\Program Files\Norton Save and Restore\Shared\CDVDBurnerLib_ko.properties
C:\Program Files\Norton Save and Restore\Shared\CDVDBurnerLib_nl.properties
C:\Program Files\Norton Save and Restore\Shared\CDVDBurnerLib_pl.properties
C:\Program Files\Norton Save and Restore\Shared\CDVDBurnerLib_pt.properties
C:\Program Files\Norton Save and Restore\Shared\CDVDBurnerLib_sv.properties
C:\Program Files\Norton Save and Restore\Shared\CDVDBurnerLib_zh_CN.properties
C:\Program Files\Norton Save and Restore\Shared\CDVDBurnerLib_zh_TW.properties
C:\Program Files\Norton Save and Restore\Shared\Config_fr.properties
C:\Program Files\Norton Save and Restore\Shared\ContactInfo.Unactivated.xml
C:\Program Files\Norton Save and Restore\Shared\ContactInfo.Unactivated_fr.xml
C:\Program Files\Norton Save and Restore\Shared\ContactInfo.xml
C:\Program Files\Norton Save and Restore\Shared\ContactInfo_fr.xml
C:\Program Files\Norton Save and Restore\Shared\Disco_fr.properties
C:\Program Files\Norton Save and Restore\Shared\DotNetAppLaunch_fr.properties
C:\Program Files\Norton Save and Restore\Shared\Drivers\win32\difxapi.dll
C:\Program Files\Norton Save and Restore\Shared\Drivers\win32\geardrvsetup.exe
C:\Program Files\Norton Save and Restore\Shared\Drivers\win32\Installx86.exe
C:\Program Files\Norton Save and Restore\Shared\Drivers\win32\SymSnap.inf
C:\Program Files\Norton Save and Restore\Shared\Drivers\win32\V2iMount.inf
C:\Program Files\Norton Save and Restore\Shared\Drivers\win32\VProEventMonitor.inf
C:\Program Files\Norton Save and Restore\Shared\Drivers\win32\wimfltr.inf
C:\Program Files\Norton Save and Restore\Shared\Drivers\win32\win32\SymSnap.sys
C:\Program Files\Norton Save and Restore\Shared\Drivers\win32\win32\V2iMount.sys
C:\Program Files\Norton Save and Restore\Shared\Drivers\win32\win32\VProEventMonitor.sys
C:\Program Files\Norton Save and Restore\Shared\Drivers\win32\win32\wimfltr.sys
C:\Program Files\Norton Save and Restore\Shared\Drivers\win32\x86\difxapi.dll
C:\Program Files\Norton Save and Restore\Shared\Drivers\win32\x86\gearaspiwdm.cat
C:\Program Files\Norton Save and Restore\Shared\Drivers\win32\x86\GEARAspiWDM.inf
C:\Program Files\Norton Save and Restore\Shared\Drivers\win32\x86\gearinf.dll
C:\Program Files\Norton Save and Restore\Shared\Drivers\win32\x86\gearinstall.exe
C:\Program Files\Norton Save and Restore\Shared\Drivers\win32\x86\x86\GEARAspi.dll
C:\Program Files\Norton Save and Restore\Shared\Drivers\win32\x86\x86\GEARAspiWDM.sys
C:\Program Files\Norton Save and Restore\Shared\Drivers\win32\x86\x86\WIN32\GEARAspi.A806.dll
C:\Program Files\Norton Save and Restore\Shared\Drivers\win32\x86\x86\WIN32\GEARAspiWDM.A806.sys
C:\Program Files\Norton Save and Restore\Shared\Drivers\win32\x86\x86\WIN32\unpatch.A21.bak
C:\Program Files\Norton Save and Restore\Shared\Drivers\win32\x86\x86\WIN32\unpatch.A80.bak
C:\Program Files\Norton Save and Restore\Shared\Drivers\win32\x86\x86\WIN32\unpatch.A86.bak
C:\Program Files\Norton Save and Restore\Shared\Drivers\win32\x86\x86\WIN32\unpatch.bak
C:\Program Files\Norton Save and Restore\Shared\Drivers\win32\x86\x86\WIN32\unpatch2.A21.bak
C:\Program Files\Norton Save and Restore\Shared\Drivers\win32\x86\x86\WIN32\unpatch2.A80.bak
C:\Program Files\Norton Save and Restore\Shared\Drivers\win32\x86\x86\WIN32\unpatch2.A86.bak
C:\Program Files\Norton Save and Restore\Shared\Drivers\win32\x86\x86\WIN32\unpatch2.bak
C:\Program Files\Norton Save and Restore\Shared\Drivers\win64\difxapi.dll
C:\Program Files\Norton Save and Restore\Shared\Drivers\win64\geardrvsetup.exe
C:\Program Files\Norton Save and Restore\Shared\Drivers\win64\Installamd64.exe
C:\Program Files\Norton Save and Restore\Shared\Drivers\win64\SymSnap.inf
C:\Program Files\Norton Save and Restore\Shared\Drivers\win64\V2iMount.inf
C:\Program Files\Norton Save and Restore\Shared\Drivers\win64\VProEventMonitor.inf
C:\Program Files\Norton Save and Restore\Shared\Drivers\win64\wimfltr.inf
C:\Program Files\Norton Save and Restore\Shared\Drivers\win64\win64-x64\SymSnap.sys
C:\Program Files\Norton Save and Restore\Shared\Drivers\win64\win64-x64\V2iMount.sys
C:\Program Files\Norton Save and Restore\Shared\Drivers\win64\win64-x64\VProEventMonitor.sys
C:\Program Files\Norton Save and Restore\Shared\Drivers\win64\win64-x64\wimfltr.sys
C:\Program Files\Norton Save and Restore\Shared\Drivers\win64\win64-x64\WIN32\SymSnap.A806.sys
C:\Program Files\Norton Save and Restore\Shared\Drivers\win64\win64-x64\WIN32\SymSnap.A862.sys
C:\Program Files\Norton Save and Restore\Shared\Drivers\win64\win64-x64\WIN32\unpatch.A21.bak
C:\Program Files\Norton Save and Restore\Shared\Drivers\win64\win64-x64\WIN32\unpatch.A80.bak
C:\Program Files\Norton Save and Restore\Shared\Drivers\win64\win64-x64\WIN32\unpatch.A86.bak
C:\Program Files\Norton Save and Restore\Shared\Drivers\win64\win64-x64\WIN32\unpatch.bak
C:\Program Files\Norton Save and Restore\Shared\Drivers\win64\win64-x64\WIN32\unpatch2.A21.bak
C:\Program Files\Norton Save and Restore\Shared\Drivers\win64\win64-x64\WIN32\unpatch2.A80.bak
C:\Program Files\Norton Save and Restore\Shared\Drivers\win64\win64-x64\WIN32\unpatch2.A86.bak
C:\Program Files\Norton Save and Restore\Shared\Drivers\win64\win64-x64\WIN32\unpatch2.bak
C:\Program Files\Norton Save and Restore\Shared\Drivers\win64\win64-x64\WIN32\VProEventMonitor.A806.sys
C:\Program Files\Norton Save and Restore\Shared\DynamicDisk_fr.properties
C:\Program Files\Norton Save and Restore\Shared\EasySetupInt.dll
C:\Program Files\Norton Save and Restore\Shared\ErrorGui.dll
C:\Program Files\Norton Save and Restore\Shared\ErrorGui_fr.properties
C:\Program Files\Norton Save and Restore\Shared\Eula.rtf
C:\Program Files\Norton Save and Restore\Shared\Eula_fr.rtf
C:\Program Files\Norton Save and Restore\Shared\EULA_NSW.rtf
C:\Program Files\Norton Save and Restore\Shared\EULA_NSW_de.rtf
C:\Program Files\Norton Save and Restore\Shared\EULA_NSW_es.rtf
C:\Program Files\Norton Save and Restore\Shared\EULA_NSW_fr.rtf
C:\Program Files\Norton Save and Restore\Shared\EULA_NSW_it.rtf
C:\Program Files\Norton Save and Restore\Shared\EULA_NSW_ja.rtf
C:\Program Files\Norton Save and Restore\Shared\EULA_NSW_ko.rtf
C:\Program Files\Norton Save and Restore\Shared\EULA_NSW_nl.rtf
C:\Program Files\Norton Save and Restore\Shared\EULA_NSW_pl.rtf
C:\Program Files\Norton Save and Restore\Shared\EULA_NSW_pt.rtf
C:\Program Files\Norton Save and Restore\Shared\EULA_NSW_sv.rtf
C:\Program Files\Norton Save and Restore\Shared\EULA_NSW_zh_CN.rtf
C:\Program Files\Norton Save and Restore\Shared\EULA_NSW_zh_TW.rtf
C:\Program Files\Norton Save and Restore\Shared\EULA_NSWie.rtf
C:\Program Files\Norton Save and Restore\Shared\EULA_NSWnmb.rtf
C:\Program Files\Norton Save and Restore\Shared\Ext_fr.properties
C:\Program Files\Norton Save and Restore\Shared\Fat_fr.properties
C:\Program Files\Norton Save and Restore\Shared\FileAccess_fr.properties
C:\Program Files\Norton Save and Restore\Shared\FileBackup.dll
C:\Program Files\Norton Save and Restore\Shared\FileBackup_fr.properties
C:\Program Files\Norton Save and Restore\Shared\Help.chm
C:\Program Files\Norton Save and Restore\Shared\Help_fr.chm
C:\Program Files\Norton Save and Restore\Shared\InfFile_fr.properties
C:\Program Files\Norton Save and Restore\Shared\interop.VProSvc.dll
C:\Program Files\Norton Save and Restore\Shared\LdmDatabase_fr.properties
C:\Program Files\Norton Save and Restore\Shared\Linux_fr.properties
C:\Program Files\Norton Save and Restore\Shared\Local_fr.properties
C:\Program Files\Norton Save and Restore\Shared\ModifiableSRD_fr.properties
C:\Program Files\Norton Save and Restore\Shared\NBase.properties
C:\Program Files\Norton Save and Restore\Shared\NBase_de.properties
C:\Program Files\Norton Save and Restore\Shared\NBase_es.properties
C:\Program Files\Norton Save and Restore\Shared\NBase_it.properties
C:\Program Files\Norton Save and Restore\Shared\NBase_ja.properties
C:\Program Files\Norton Save and Restore\Shared\NBase_ko.properties
C:\Program Files\Norton Save and Restore\Shared\NBase_nl.properties
C:\Program Files\Norton Save and Restore\Shared\NBase_pl.properties
C:\Program Files\Norton Save and Restore\Shared\NBase_pt.properties
C:\Program Files\Norton Save and Restore\Shared\NBase_sv.properties
C:\Program Files\Norton Save and Restore\Shared\NBase_zh_CN.properties
C:\Program Files\Norton Save and Restore\Shared\NBase_zh_TW.properties
C:\Program Files\Norton Save and Restore\Shared\NBaseResults.properties
C:\Program Files\Norton Save and Restore\Shared\NBaseResults_fr.properties
C:\Program Files\Norton Save and Restore\Shared\NotifyHandler_fr.properties
C:\Program Files\Norton Save and Restore\Shared\OldEngine_fr.properties
C:\Program Files\Norton Save and Restore\Shared\Pqi_fr.properties
C:\Program Files\Norton Save and Restore\Shared\PqiFile_fr.properties
C:\Program Files\Norton Save and Restore\Shared\Progress_fr.properties
C:\Program Files\Norton Save and Restore\Shared\Push_fr.properties
C:\Program Files\Norton Save and Restore\Shared\Readme.htm
C:\Program Files\Norton Save and Restore\Shared\Readme_fr.htm
C:\Program Files\Norton Save and Restore\Shared\RecoveryService_fr.properties
C:\Program Files\Norton Save and Restore\Shared\Registry_fr.properties
C:\Program Files\Norton Save and Restore\Shared\RemoteCommand_fr.properties
C:\Program Files\Norton Save and Restore\Shared\Retarget Windows Events_fr.properties
C:\Program Files\Norton Save and Restore\Shared\RetargetDeviceDrivers_fr.properties
C:\Program Files\Norton Save and Restore\Shared\RetargetSystem_fr.properties
C:\Program Files\Norton Save and Restore\Shared\RetargetWindows_fr.properties
C:\Program Files\Norton Save and Restore\Shared\SeaST_fr.properties
C:\Program Files\Norton Save and Restore\Shared\SectorBuffer_fr.properties
C:\Program Files\Norton Save and Restore\Shared\Sme_fr.properties
C:\Program Files\Norton Save and Restore\Shared\Snapshot_fr.properties
C:\Program Files\Norton Save and Restore\Shared\SNMPTrapNotifier.dll
C:\Program Files\Norton Save and Restore\Shared\SNMPTrapNotifier_fr.properties
C:\Program Files\Norton Save and Restore\Shared\sqlite3.dll
C:\Program Files\Norton Save and Restore\Shared\SymUI_fr.properties
C:\Program Files\Norton Save and Restore\Shared\Throttle_fr.properties
C:\Program Files\Norton Save and Restore\Shared\UtilizationMonitor_fr.properties
C:\Program Files\Norton Save and Restore\Shared\V2iBrowser_fr.properties
C:\Program Files\Norton Save and Restore\Shared\V2iCopy_fr.properties
C:\Program Files\Norton Save and Restore\Shared\V2iCreate_fr.properties
C:\Program Files\Norton Save and Restore\Shared\V2iMountService.exe
C:\Program Files\Norton Save and Restore\Shared\V2iSR_fr.properties
C:\Program Files\Norton Save and Restore\Shared\VirtualDisk_de.properties
C:\Program Files\Norton Save and Restore\Shared\VirtualDisk_es.properties
C:\Program Files\Norton Save and Restore\Shared\VirtualDisk_it.properties
C:\Program Files\Norton Save and Restore\Shared\VirtualDisk_ja.properties
C:\Program Files\Norton Save and Restore\Shared\VirtualDisk_ko.properties
C:\Program Files\Norton Save and Restore\Shared\VirtualDisk_nl.properties
C:\Program Files\Norton Save and Restore\Shared\VirtualDisk_pl.properties
C:\Program Files\Norton Save and Restore\Shared\VirtualDisk_pt.properties
C:\Program Files\Norton Save and Restore\Shared\VirtualDisk_sv.properties
C:\Program Files\Norton Save and Restore\Shared\VirtualDisk_zh_CN.properties
C:\Program Files\Norton Save and Restore\Shared\VirtualDisk_zh_TW.properties
C:\Program Files\Norton Save and Restore\Shared\VProConsole_fr.properties
C:\Program Files\Norton Save and Restore\Shared\VProProgress.dll
C:\Program Files\Norton Save and Restore\Shared\VProProgress_fr.properties
C:\Program Files\Norton Save and Restore\Shared\VProRestorePoints_fr.properties
C:\Program Files\Norton Save and Restore\Shared\VProShellExt_fr.properties
C:\Program Files\Norton Save and Restore\Shared\VProSvcPS.dll
C:\Program Files\Norton Save and Restore\Shared\VProTray_fr.properties
C:\Program Files\Norton Save and Restore\Shared\VProUI_fr.properties
C:\Program Files\Norton Save and Restore\Shared\WindowsDiskManager_fr.properties
C:\Program Files\Norton Save and Restore\Shared\WinNt_fr.properties
C:\Program Files\Norton Save and Restore\Utility\PartInfo.exe
C:\Program Files\Norton Save and Restore\Utility\RestoreMBR.exe
C:\Program Files\Norton Save and Restore\Utility\SeaST.exe
C:\Program Files\Norton Save and Restore\Utility\SmeDump.exe
C:\Program Files\Panda Security
C:\Program Files\Panda Security\ActiveScan 2.0\apicr.dll
C:\Program Files\Panda Security\ActiveScan 2.0\as2auditor.dll
C:\Program Files\Panda Security\ActiveScan 2.0\as2data.dll
C:\Program Files\Panda Security\ActiveScan 2.0\as2guiie.dll
C:\Program Files\Panda Security\ActiveScan 2.0\as2inst.dll
C:\Program Files\Panda Security\ActiveScan 2.0\as2scanner.dll
C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
C:\Program Files\Panda Security\ActiveScan 2.0\asmdat.dll
C:\Program Files\Panda Security\ActiveScan 2.0\avdetect.ini
C:\Program Files\Panda Security\ActiveScan 2.0\ee366d2b2e4ede8287de879e85a0dcc2KRN_DATA
C:\Program Files\Panda Security\ActiveScan 2.0\ee366d2b2e4ede8287de879e85a0dcc2PSK_NM
C:\Program Files\Panda Security\ActiveScan 2.0\ee366d2b2e4ede8287de879e85a0dcc2PSK_NM2
C:\Program Files\Panda Security\ActiveScan 2.0\firewalldetect.ini
C:\Program Files\Panda Security\ActiveScan 2.0\kreexent.dll
C:\Program Files\Panda Security\ActiveScan 2.0\libcomm.dll
C:\Program Files\Panda Security\ActiveScan 2.0\libxml2.dll
C:\Program Files\Panda Security\ActiveScan 2.0\mapvfile.dll
C:\Program Files\Panda Security\ActiveScan 2.0\memvfile.dll
C:\Program Files\Panda Security\ActiveScan 2.0\minicrypto.dll
C:\Program Files\Panda Security\ActiveScan 2.0\msvcr71.dll
C:\Program Files\Panda Security\ActiveScan 2.0\nanocache.fil2
C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
C:\Program Files\Panda Security\ActiveScan 2.0\pav.sig
C:\Program Files\Panda Security\ActiveScan 2.0\pavboot.sys
C:\Program Files\Panda Security\ActiveScan 2.0\pavboot64.sys
C:\Program Files\Panda Security\ActiveScan 2.0\pavexcom.dll
C:\Program Files\Panda Security\ActiveScan 2.0\pavoe.dll
C:\Program Files\Panda Security\ActiveScan 2.0\pavsddl.dll
C:\Program Files\Panda Security\ActiveScan 2.0\pavvt.dll
C:\Program Files\Panda Security\ActiveScan 2.0\pavvts.dat
C:\Program Files\Panda Security\ActiveScan 2.0\pskads.dll
C:\Program Files\Panda Security\ActiveScan 2.0\pskahk.dll
C:\Program Files\Panda Security\ActiveScan 2.0\pskalloc.dll
C:\Program Files\Panda Security\ActiveScan 2.0\pskas.dll
C:\Program Files\Panda Security\ActiveScan 2.0\pskavs.dll
C:\Program Files\Panda Security\ActiveScan 2.0\pskcmp.dll
C:\Program Files\Panda Security\ActiveScan 2.0\pskfss.dll
C:\Program Files\Panda Security\ActiveScan 2.0\pskhtml.dll
C:\Program Files\Panda Security\ActiveScan 2.0\pskmdfs.dll
C:\Program Files\Panda Security\ActiveScan 2.0\pskmfs.dll
C:\Program Files\Panda Security\ActiveScan 2.0\psknc.dll
C:\Program Files\Panda Security\ActiveScan 2.0\pskpack.dll
C:\Program Files\Panda Security\ActiveScan 2.0\pskqhs.dll
C:\Program Files\Panda Security\ActiveScan 2.0\pskscs.dll
C:\Program Files\Panda Security\ActiveScan 2.0\pskutil.dll
C:\Program Files\Panda Security\ActiveScan 2.0\pskvfile.dll
C:\Program Files\Panda Security\ActiveScan 2.0\pskvfs.dll
C:\Program Files\Panda Security\ActiveScan 2.0\pskvm.dll
C:\Program Files\Panda Security\ActiveScan 2.0\psn

arrial · Answer

http://www.commentcamarche.net/forum/affich 8151127 pc devenu lent et plante souvent

Julie D. · Answer

C:\Program Files\Panda Security\ActiveScan 2.0\psnden.dll
C:\Program Files\Panda Security\ActiveScan 2.0\psndsk.dll
C:\Program Files\Panda Security\ActiveScan 2.0\psnengav.dll
C:\Program Files\Panda Security\ActiveScan 2.0\psnengav.nsc
C:\Program Files\Panda Security\ActiveScan 2.0\psnfc.dll
C:\Program Files\Panda Security\ActiveScan 2.0\psnglkntex.dll
C:\Program Files\Panda Security\ActiveScan 2.0\psnhsh.dll
C:\Program Files\Panda Security\ActiveScan 2.0\psnkrnl.dll
C:\Program Files\Panda Security\ActiveScan 2.0\psnxprs.dll
C:\Program Files\Panda Security\ActiveScan 2.0\psqmgr.dll
C:\Program Files\Panda Security\ActiveScan 2.0\psqstore\Invent.QCF
C:\Program Files\Panda Security\ActiveScan 2.0\psqstore\Invent.QCF.ext
C:\Program Files\Panda Security\ActiveScan 2.0\psqstore\PSQ.CFG
C:\Program Files\Panda Security\ActiveScan 2.0\pssarf.dll
C:\Program Files\Panda Security\ActiveScan 2.0\psscan.dll
C:\Program Files\Panda Security\ActiveScan 2.0\psscoms.dll
C:\Program Files\Panda Security\ActiveScan 2.0\psscpu.dll
C:\Program Files\Panda Security\ActiveScan 2.0\pssdet.dll
C:\Program Files\Panda Security\ActiveScan 2.0\psspa.dll
C:\Program Files\Panda Security\ActiveScan 2.0\pssqem.dll
C:\Program Files\Panda Security\ActiveScan 2.0\pssuts.dll
C:\Program Files\Panda Security\ActiveScan 2.0\pssyschk.dll
C:\Program Files\Panda Security\ActiveScan 2.0\putczip.dll
C:\Program Files\Panda Security\ActiveScan 2.0kpavproc.sys
C:\Program Files\Panda Security\ActiveScan 2.0kpavproc64.sys
C:\Program Files\Panda Security\ActiveScan 2.0\scremlsp.exe
C:\Program Files\Panda Security\ActiveScan 2.0\vplatdis.dll
C:\Program Files\Panda Security\ActiveScan 2.0\vplatprc.dll
C:\Program Files\RogueRemover FREE
C:\Program Files\RogueRemover FREE\COMCTL32.OCX
C:\Program Files\RogueRemover FREE\License.txt
C:\Program Files\RogueRemover FREE\manual.chm
C:\Program Files\RogueRemover FREE\RogueRemover.dll
C:\Program Files\RogueRemover FREE\RogueRemover.exe
C:\Program Files\RogueRemover FREEules.dat
C:\Program Files\RogueRemover FREE\unins000.dat
C:\Program Files\RogueRemover FREE\unins000.exe
C:\Program Files\RogueRemover FREE\zlib.dll
C:\Program Files\Symantec
C:\Program Files\Symantec\LiveUpdate\1.Settings.Default.LiveUpdate
C:\Program Files\Symantec\LiveUpdate\10.Settings.Default.LiveUpdate
C:\Program Files\Symantec\LiveUpdate\2.Settings.Default.LiveUpdate
C:\Program Files\Symantec\LiveUpdate\3.Settings.Default.LiveUpdate
C:\Program Files\Symantec\LiveUpdate\4.Settings.Default.LiveUpdate
C:\Program Files\Symantec\LiveUpdate\5.Settings.Default.LiveUpdate
C:\Program Files\Symantec\LiveUpdate\6.Settings.Default.LiveUpdate
C:\Program Files\Symantec\LiveUpdate\7.Settings.Default.LiveUpdate
C:\Program Files\Symantec\LiveUpdate\8.Settings.Default.LiveUpdate
C:\Program Files\Symantec\LiveUpdate\9.Settings.Default.LiveUpdate
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFYRES.DLL
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvcRes.dll
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATERES.DLL
C:\Program Files\Symantec\LiveUpdate\Lisezmoi.txt
C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE
C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
C:\Program Files\Symantec\LiveUpdate\LUALLRES.DLL
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LUCheck.exe
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
C:\Program Files\Symantec\LiveUpdate\LuConfig.EXE
C:\Program Files\Symantec\LiveUpdate\ludirloc.dat
C:\Program Files\Symantec\LiveUpdate\LUINFO.INF
C:\Program Files\Symantec\LiveUpdate\LUInit.exe
C:\Program Files\Symantec\LiveUpdate\LUInit.ini
C:\Program Files\Symantec\LiveUpdate\LUINSDLL.DLL
C:\Program Files\Symantec\LiveUpdate\LuInsRes.dll
C:\Program Files\Symantec\LiveUpdate\LuPreCon.DLL
C:\Program Files\Symantec\LiveUpdate\LuResult.txt
C:\Program Files\Symantec\LiveUpdate\LUSETUP.EXE
C:\Program Files\Symantec\LiveUpdate\LUUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\MFC71.DLL
C:\Program Files\Symantec\LiveUpdate\MSVCP71.DLL
C:\Program Files\Symantec\LiveUpdate\MSVCR71.DLL
C:\Program Files\Symantec\LiveUpdate\NetDetectController_3_2.DLL
C:\Program Files\Symantec\LiveUpdate\NotifyHA.exe
C:\Program Files\Symantec\LiveUpdate\ProductRegCom_3_2.DLL
C:\Program Files\Symantec\LiveUpdate\ResLuComServer_3_2.DLL
C:\Program Files\Symantec\LiveUpdate\S32LIVE1.DLL
C:\Program Files\Symantec\LiveUpdate\S32LUCP1RES.DLL
C:\Program Files\Symantec\LiveUpdate\S32LUCP2.CPL
C:\Program Files\Symantec\LiveUpdate\S32LUIS1.DLL
C:\Program Files\Symantec\LiveUpdate\S32LUWI1.DLL
C:\Program Files\Symantec\LiveUpdate\Settings.Default.LiveUpdate
C:\Program Files\Symantec\LiveUpdate\SETUPRES.DLL
C:\Program Files\Symantec\LiveUpdate\SymantecRootInstaller.exe
C:\Program Files\Symantec\LiveUpdate\SymantecRootInstaller.log
C:\Program Files\Symantec\LiveUpdate\SymantecRootInstallerRes.dll
C:\Program Files\Symantec\LiveUpdate\UNRAR.DLL
C:\Windows\system32\drivers\pavboot.sys
C:\Windows\uninstaller.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASWFSBLK
-------\Legacy_ASWMONFLT
-------\Legacy_ASWSP
-------\Legacy_PAVBOOT
-------\Service_aswFsBlk
-------\Service_aswMonFlt
-------\Service_aswSP
-------\Service_Norton Save and Restore
-------\Service_pavboot
-------\Legacy_ASWFSBLK
-------\Legacy_ASWMONFLT
-------\Legacy_ASWSP
-------\Legacy_PAVBOOT


(((((((((((((((((((((((((((((   Fichiers cr‚‚s 2008-07-28 to 2008-08-30  ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 20:06	---------	d-----w	C:\Users\Julie\AppData\Roaming\Malwarebytes
2008-08-29 20:06	---------	d-----w	C:\Program Files\Malwarebytes' Anti-Malware
2008-08-29 20:06	---------	d-----w	C:\PROGRA~2\Malwarebytes
2008-08-29 13:17	---------	d-----w	C:\Program Files\Trend Micro
2008-08-29 13:03	91,744	----a-w	C:\Windows\BPMNT.dll
2008-08-29 13:03	71,749	----a-w	C:\Windows\hcextoutput.dll
2008-08-29 13:03	333,576	----a-w	C:\Windows\TSC.exe
2008-08-29 13:03	1,213,784	----a-w	C:\Windows\vsapi32.dll
2008-08-29 12:21	24,576	----a-w	C:\Windows\System32\RunSetup.exe
2008-08-28 15:24	---------	d-----w	C:\Program Files\iArt
2008-08-28 14:45	---------	d-----w	C:\Program Files\iGnuteel
2008-08-27 22:17	81,984	----a-w	C:\Windows\System32\bdod.bin
2008-08-27 14:07	---------	d-----w	C:\Program Files\iTunes
2008-08-27 13:56	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-08-27 10:45	---------	d-----w	C:\Program Files\Windows Mail
2008-08-27 09:49	---------	d-----w	C:\PROGRA~2\Microsoft Help
2008-08-26 18:06	36,017	----a-w	C:\Users\Julie\AppData\Roaming
vModes.dat
2008-08-17 13:01	38,472	----a-w	C:\Windows\system32\drivers\mbamswissarmy.sys
2008-08-17 13:01	17,144	----a-w	C:\Windows\system32\drivers\mbam.sys
2008-07-27 20:43	---------	d-----w	C:\Program Files\eMule
2008-07-20 13:26	---------	d-----w	C:\Program Files\Ubisoft
2008-07-20 12:52	174	--sha-w	C:\Program Files\desktop.ini
2008-07-20 10:23	---------	d-----w	C:\Program Files\Microsoft SQL Server
2008-07-19 05:10	53,448	----a-w	C:\Windows\System32\wuauclt.exe
2008-07-19 05:10	45,768	----a-w	C:\Windows\System32\wups2.dll
2008-07-19 05:10	36,552	----a-w	C:\Windows\System32\wups.dll
2008-07-19 05:09	563,912	----a-w	C:\Windows\System32\wuapi.dll
2008-07-19 05:09	1,811,656	----a-w	C:\Windows\System32\wuaueng.dll
2008-07-19 03:44	83,456	----a-w	C:\Windows\System32\wudriver.dll
2008-07-19 03:44	1,524,736	----a-w	C:\Windows\System32\wucltux.dll
2008-07-18 20:08	163,904	----a-w	C:\Windows\System32\wuwebv.dll
2008-07-18 18:44	31,232	----a-w	C:\Windows\System32\wuapp.exe
2008-07-15 23:48	2,048	----a-w	C:\Windows\System32	zres.dll
2008-06-28 12:07	---------	d-----w	C:\PROGRA~2\WinZip
2008-06-27 03:54	826,368	----a-w	C:\Windows\System32\wininet.dll
2008-06-27 03:54	56,320	----a-w	C:\Windows\System32\iesetup.dll
2008-06-27 03:54	52,736	----a-w	C:\Windows\AppPatch\iebrshim.dll
2008-06-27 03:54	26,624	----a-w	C:\Windows\System32\ieUnatt.exe
2008-06-26 00:34	7,964,672	----a-w	C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33	9,892,864	----a-w	C:\Windows\System32\NlsLexicons000a.dll
2008-06-19 03:25	61,440	----a-w	C:\Windows\System32\winipsec.dll
2008-06-19 03:25	361,984	----a-w	C:\Windows\System32\IPSECSVC.DLL
2008-06-19 03:25	28,672	----a-w	C:\Windows\System32\FwRemoteSvr.dll
2008-06-19 03:25	272,896	----a-w	C:\Windows\System32\polstore.dll
2008-06-12 06:54	537,600	----a-w	C:\Windows\AppPatch\AcLayers.dll
2008-06-12 06:54	173,056	----a-w	C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 01:21	2,560	----a-w	C:\Windows\AppPatch\AcRes.dll
2008-05-10 03:30	14,848	----a-w	C:\Windows\System32\wshrm.dll
2008-01-31 19:22	654	----a-w	C:\Users\Julie\AppData\Roaming\wklnhst.dat
.

(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 14:38 1232896]
"CollaborationHost"="C:\Windows\system32\p2phost.exe" [2006-11-02 14:35 191488]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"EPSON Stylus D92 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE" [2006-09-27 06:00 139264]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32
vsvc.dll" [2007-04-17 04:47 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-17 04:47 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-17 04:47 81920]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-01-12 07:52 118784]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2007-05-16 20:07 411768]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-01-22 20:39 321656]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-08-29 20:38 368640]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OBealsched.exe" [2008-04-21 13:13 185896]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\VESWinlogon]
2007-02-13 15:19 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4148930769-3442907755-3476821119-1003]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B6C7C473-EFA4-4D26-B644-7764CE7F001A}"= Disabled:UDP:C:\Program Files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{40508795-C65A-4C7D-8927-0000669B6EFC}"= Disabled:TCP:C:\Program Files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{A53F68C5-C204-4A05-ACC5-0A3A403E1256}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{30953F5D-B7CE-4528-A38B-EDB0E77515DB}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{BA1A206F-E302-4B94-8534-FE1344DA1341}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{54B5BD03-8A61-48EF-9495-B6AC6FA44257}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{266541D7-9937-4372-A3A0-256C9C14129B}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{05D34844-2CE4-4271-9309-A18E569840CA}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"TCP Query User{AE361811-0825-4DEC-81E7-6F7B48F00849}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{F4D042B7-7C73-49D9-8C92-67522E281257}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{419959EA-10A3-4BBF-AA16-0BF2E1DBF574}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{25C83AE5-D081-4704-B11A-2BEEF7A904FC}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{D349683C-3B2F-4915-B30B-3A58F9E2169D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{127AB159-0824-4F95-9F4D-2FF6523617A5}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 22:08]
R2 regi;regi;C:\Windows\system32\driversegi.sys [2007-04-17 20:09]
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;C:\Windows\system32\DRIVERS\Ma730Pt.sys [2005-12-22 03:52]
R3 Ma730Vad;MA730 Bluetooth Audio;C:\Windows\system32\DRIVERS\Ma730Vad.sys [2005-11-22 08:32]
R3 R5U870FLx86;R5U870 UVC Lower Filter  ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-03-15 21:19]
R3 R5U870FUx86;R5U870 UVC Upper Filter  ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-03-15 21:19]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [2007-04-05 03:03]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers	i21sony.sys [2007-04-23 13:29]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-02-08 05:10]
S2 IcRecUsb;IC Recorder Driver;C:\Windows\system32\Drivers\IcRecUsb.sys [2001-10-02 08:37]
S3 Ma730c;MA730 Bluetooth Core Driver;C:\Windows\system32\DRIVERS\MA730C.sys [2006-01-02 11:36]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 16:51]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-01-08 17:06]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 14:05]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
bdx	REG_MULTI_SZ   	scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6af90ad-4f3b-11dc-a52e-806e6f6e6963}]
\shell\AutoRun\command - F:\autorun.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Norton Save and Restore 2.0 - C:\Program Files\Norton Save and Restore\Agent\VProTray.exe
HKLM-Run-Symantec PIF AlertEng - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
HKLM-Run-avast! - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 09:04:33
Windows 6.0.6000  NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\System32\stacsv.exe
C:\Program Files\sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\System32\conime.exe
C:\Windows\System32undll32.exe
C:\Windows\System32undll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-30  9:11:32 - machine was rebooted [Julie]
ComboFix-quarantined-files.txt  2008-08-30 07:10:20
ComboFix2.txt  2008-08-29 23:06:05

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 45,850,447,872 octets libres

1152	--- E O F ---	2008-08-27 09:50:49

jlpjlp · Answer

parfait remets nous un nouveau rapport hijackthis et explique tes problèmes actuels

Julie D. · Answer

Le voilà. Bitdefender ne veut toujours pas fonctionner...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:36, on 30/08/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\System32undll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\sony\ISB Utility\ISBMgr.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 8.0\Readereader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OBealsched.exe
C:\Windows\System32undll32.exe
C:\Windows\System32\p2phost.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://myprivacy.dpgmedia.be/?siteKey=atXMVFeyFP1Ki09i&callbackUrl=https%3a%2f%2fwww.7sur7.be%2fprivacy-gate%2faccept%3fredirectUri%3d%252f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OBealsched.exe"  -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\Windows\TEMP\E_S5706.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin
pjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin
pjpi160.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix: 
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Julie D. · Answer

De plus, je ne sais pas si c'est lié, mais le wifi ne fonctionne pas, mais ca depuis hier...

Utilisateur anonyme · Answer

re julie

dis nous si le parefeu windows fonctionne ainsi que windows update,windows defender , l affichage des fichiers caché et le centre de securité, 

désinstal bitdefender et réinstall le il a été deterioré par l infection bagle

ps : merci jlpjlp d avoir fait avancer

jlpjlp · Answer

super boulot chiquitnie29!


fais bien sûr le message 55!







sinon pour reparer ta connection wifi:  essaye ceci:


Vous n'arrivez plus a vous connecter avec votre wifi. Si vous allez dans les outils administration sur la page "services" pour activer "configuration automatique sans fil" vous avez l'erreur 1068.

Si c'est votre cas et que vous vous etes arraché les cheveux, voici la solution:

Vous devez aller dans la base de registre avec regedit ou autre.

1. Demarrer > executer > Tapez : "regedit" en ok

2. Allez sur HKEY Local Machine > system > CurrentControlSet > Services > Ndisuio

Dans cette clé il y a une entrée nommée "START", double cliquez dessus. Cette entrée doit être 3 pour que le protocole NDIS E/S demarre correctement.

Un virus comme "bagle / Beagle" change cette entrée et la met sur 4 (disable) et cause le probleme que vous avez.

Reboutez ensuite votre PC et tout devrait rentrer dans l'ordre.

Julie D. · Answer

Coucou!

Le parefeu windows fonctionne, le centre de sécurité et windows update aussi. Les fichiers cachés, j'ai su coher l'option les afficher, mais comment voir si ça a marché? Windows defender ne veut pas s'ouvrir. Je vais essayer de retrouver mon cd bitdefender mais je ne crois pas qu'il soit chez moi....

Utilisateur anonyme · Answer

Démarrer >accesoire puis executer > tape : services.msc 

- double Clic sur le service cité - windows defender 


type de démarrge le mettre en automatique 
clic sur appliquer 
en haut a gauche clic sur demarrer le service 

pour le wifi : https://forum.malekal.com/viewtopic.php?f=60&t=7382


pour les fichiers caché suis cette manip :

Clique sur démarrer/panneau de configuration/option des dossiers/affichage 

Cocher afficher les dossiers cacher si tu peux c est ok si tu peux pas dis le nous

Julie D. · Answer

C'est ok pour les fichiers cach et windows defender fonctionne!!!! Merci beaucoup à tous les deux! Je vais essayer de régler le wifi. Sinon, il y a encore quelque chose à faire? Il y a des logiciels que vous me conseiller pour la sécurité de mon pc??

Utilisateur anonyme · Answer

y a des services arreter cette fois :

Démarrer > accessoire >executer > tape : services.msc 

- Clic droit sur le service cité - LiveUpdate
- propriétés 
- et dans "type de démarrage" et mets le sur « désactivé ». 
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté » 

Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html

idem pour , LiveUpdate Notice Service Ex , LiveUpdate Notice Service et Planificateur LiveUpdate automatique 

* pour supprimer les outils/fix utilisés : 

Télécharge ToolsCleaner sur ton bureau. 
--> 
ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
http://pc-system.fr/ 
# Fais un clic droit sur toolcleaner
# Choisi executer en tant qu administrateur
# Clique sur Recherche et laisse le scan agir ... 
# Clique sur Suppression pour finaliser. 
# Tu peux, si tu le souhaites, te servir des Options facultatives. 
# Clique sur Quitter pour obtenir le rapport. 
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

Julie D. · Answer

-->- Recherche: 

C:\Qoobox: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\Julie\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: trouvé !
C:\Users\Julie\Desktop\HijackThis.lnk: trouvé !
C:\Users\Julie\Desktop\ComboFix.exe: trouvé !
C:\Users\Julie\Desktop\HJTInstall.exe: trouvé !
C:\Users\Julie\Downloads\Msnfix.zip: trouvé !
C:\Users\Julie\Downloads\MsnFix: trouvé !
C:\Users\Julie\Downloads\MSNFix\MsnFix: trouvé !

---------------------------------
-->- Suppression: 

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Users\Julie\Desktop\HijackThis.lnk: supprimé !
C:\Users\Julie\Desktop\ComboFix.exe: Erreur de suppression !
C:\Users\Julie\Desktop\HJTInstall.exe: supprimé !
C:\Users\Julie\Downloads\Msnfix.zip: supprimé !
C:\Qoobox: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !
C:\Users\Julie\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: supprimé !
C:\Users\Julie\Downloads\MsnFix: supprimé !

Fichiers temporaires nettoyés !
Corbeille vidée!

Utilisateur anonyme · Answer

faudra supprimer combofix sur ton bureau 

voila c est ok pour toi ??

Julie D. · Answer

Parfait! Merci beaucoup! Heureusement que vous étiez là tous les deux! 
Bonne journée

Ps: problème de wifi résolu également

Utilisateur anonyme · Answer

-;)

merci a toi et a jlpjlp 

bon week end profite de ton pc 

@++

jlpjlp · Answer

et surtout merci a toi!!!

Utilisateur anonyme · Answer

-;)

ps : FindB est dispo pour xp/vista je l ai mis a jours hier:

---> http://sd-1.archive-host.com/membres/up/116615172019703188/FindB.exe


Findykill n est pas pret pour le moment

@++

Utilisateur anonyme · Answer

salut chiquitine désolé de t'importuner mais pour la delio ok mais la search setting je ne la trouve pas!peux tu me l'indiquer sur le poste ou je suis tu serait sympas 
merci a toi

____________________________________________________________________
 
A Vaincre Sans Péril,On Triomphe Sans Gloire !!!!!!

Help: virus, qui peut m'aider???

60 réponses

Votre réponse

Newsletters