Avast pas une application Win32 valide

alexfce · Juin 16, 2009, 11:26

Bonjour,

Depuis ce week end lorsque j’ai rallumé mon ordinateur je n’ai plus aucun antivirus qui marche, quand j’essaye d’ouvrir AVAST j’ai un message d’erreur qui s’affiche “ashAvast.exe n’est pas une application Win32 valide” , Spyware doctor n’ont plus ne veut plus marcher et j’ai une connexion Internet très lente

Pourriez vous m’aider SVP ?

Je vous en remercie par avance,

alexfce

cricri58 · Juin 16, 2009, 11:38

Salut

Rends toi sur ce site :
EliBagla 12.68
tout en bas de cette page tu trouveras un outil à télécharger,
clique sur “escargar Elibagla” (le numéro de version change au fur et à mesure des mises à jour)
installe ce fichier sur le bureau.
ensuite double-clic sur Elibagla.exe

laisse la case “eliminar ficheros automaticamente” coché
clique sur"explorar"
laisse-le travailler
poste le rapport final qui sera dans c:\infosat.txt
ensuite

télécharges --> Malwarebytes (mbam)
==>¨Malwarebytes

installes + mise a jour
et
Redémarre en “Mode sans échec”

tapote sur la touche F8 jusqu’à l’affichage du menu des options avancées de Windows, et sélectionne “Mode sans échec”.
Choisis ta session habituelle

Lances–> Malwarebytes (MBAM)

Puis vas dans l’onglet “Recherche”, coche “Exécuter un examen complet” puis “Rechercher”
Sélectionnse tes disques durs" puis clique sur “Lancer lexamen”
A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
Suppression des éléments détectés --> cliques sur Supprimer la sélection–>a faire

aprés
Télcharges ==>GenProc --> sur le bureau

==>[GenProc[/url]]www.genproc.com…]( Hijackthis

–> Décompresse le sur le bureau
–>Ouvre le dossier créé et lance GenProc.bat(double-cliquer UNE SEULE FOIS sur le fichier GenProc.bat)
->le rapport s’affiche en très peu de temps, c’est normal.
–>Tu obtiendras alors un rapport ==> fais un copié/collé ici

et
poste un Log hijackthis -->Comment installer et renommer correctement ,

regarde–> renommer correctement Hijackthis ==>Générer un rapport

regarde générer un rapport–>[url=http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm)

alexfce · Juin 16, 2009, 11:54

Voici le rapport après Elibagla :

  (16-6-2009  9:45:34)

EliBagle v12.68 ©2009 S.G.H. / Satinfo S.L. (Actualizado el 15 de Junio del 2009)

Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.68
a “virus@satinfo.es”. Gracias.
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\111WFS1INTWQ.SYS --> Eliminado Bagle(rootkit)
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\11S11RO1S1A2.SYS --> Eliminado Bagle(rootkit)
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\DOWN\132546.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\117437.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\125812.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\130968.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\134931968.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\134937671.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\134940406.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\134945140.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\136765.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\142437.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\150171.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\152476000.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\152477640.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\152479562.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\152482640.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\152496750.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\152498734.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\152597000.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\152602734.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\152608656.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\152621156.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\163531.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\51500.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\54640.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\55750.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\58796.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\60500.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\61415718.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\61419281.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\61457484.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\61460390.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\61499875.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\61507875.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\61513984.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\61527421.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\63687.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\65843.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\75939234.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\75939968.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\75943828.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\75946796.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\75960140.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\75961640.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\76154000.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\76169000.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\76178625.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\76500.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\78703.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\82937.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\90583453.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\90589656.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\90591875.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\90600078.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\90611625.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\90614171.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\90681484.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\90703453.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\90714078.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\90728453.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\95453.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\97546.EXE --> Eliminado Bagle
Restaurada Clave: “SafeBoot\Minimal y Network”
Reinicie para Completar la Limpieza.

  (16-6-2009  9:46:20)

EliBagle v12.68 ©2009 S.G.H. / Satinfo S.L. (Actualizado el 15 de Junio del 2009)

Lista de Acciones (por Exploración):
Explorando “C:”

Nº Total de Directorios: 6417
Nº Total de Ficheros: 71116
Nº de Ficheros Analizados: 13247
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Je passe au 2ème logiciel : Malwarebytes

cricri58 · Juin 16, 2009, 12:13

OK alexfce

EliBagla ==> à nettoyer:super:

Fais malwarebytes et Supprimes tout
poste le rapport

et fais le reste GenProc + Hijackthis

Avast est pas ma tasse de thé ==> 75 % qui viennent ici sont détenteurs d Avast

en free on verra si tu veux Avira Antivir 9 fr==> on verra si tu est décider comment le désinstaller

je reviendrai plus tard en soirée :hello:

alexfce · Juin 16, 2009, 12:36

Voici le rapport avec Malwarebytes :

Malwarebytes’ Anti-Malware 1.37
Version de la base de données: 2286
Windows 5.1.2600 Service Pack 3

16/06/2009 12:30:11
mbam-log-2009-06-16 (12-30-00).txt

Type de recherche: Examen complet (A:|C:|D:|E:|F:|G:|)
Eléments examinés: 164341
Temps écoulé: 26 minute(s), 5 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sK9Ou0s (Rootkit.Bagle) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
c:\documents and settings\Alexexandra\Application Data\m (Trojan.Agent) -> No action taken.
c:\documents and settings\Alexexandra\Application Data\drivers\downld (Worm.Bagle) -> No action taken.

Fichier(s) infecté(s):
c:\system volume information_restore{593ce356-1fb8-414e-abf6-34973f778e44}\RP908\A0195676.sys (Rootkit.Bagle) -> No action taken.
c:\system volume information_restore{593ce356-1fb8-414e-abf6-34973f778e44}\RP908\A0195704.sys (Rootkit.Bagle) -> No action taken.
c:\system volume information_restore{593ce356-1fb8-414e-abf6-34973f778e44}\RP908\A0196705.sys (Rootkit.Bagle) -> No action taken.
c:\system volume information_restore{593ce356-1fb8-414e-abf6-34973f778e44}\RP910\A0196793.sys (Rootkit.Bagle) -> No action taken.
c:\system volume information_restore{593ce356-1fb8-414e-abf6-34973f778e44}\RP910\A0196794.exe (Trojan.Packed) -> No action taken.

Je fais le reste merci

Le rapport de Genproc :

Rapport GenProc 2.591 [1] - 16/06/2009 à 12:37:32
@ Windows XP Service Pack 3 - Mode normal
@ Internet Explorer (8.0.6001.18702) [Navigateur par défaut]

Etape 1/ Télécharge :

CCleaner www.ccleaner.com… (FileHippo). Ce logiciel va permettre de supprimer tous les fichiers temporaires. Lance-le et clique sur “Options”, “Avancé” et décoche la case “Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures”. Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.
FindyKill sd-1.archive-host.com… (Chiquitine29) sur le Bureau.

Note importante : l’infection bagle s’installant au moyen d’un crack/keygen, tu dois IMPERATIVEMENT supprimer ce type de fichier.

Etape 2/

Lance l’installation avec les paramètres par défaut

Double-clique sur le raccourci FindyKill sur le Bureau (sous Vista : clic droit sur le raccourci --> Exécuter en temps qu’Administrateur) ;
Au menu principal, sélectionne l’option 1 (Recherche) ;
Le rapport est sauvegardé à la racine du disque dur (C:\FindyKill.txt).
Avant de faire quoi que ce soit d’autre, il est fortement recommandé de poster le rapport sur le forum pour avoir l’avis d’un spécialiste. Après confirmation par un intervenant qualifié du forum, passe au nettoyage.

Etape 3/

Branche toutes tes sources de données externes (clés USB, disques durs externes, lecteurs mp3, iPod…) sans les ouvrir, puis Relance FindyKill.

Sélectionne cette fois l’option 2 (Suppression) au menu principal.
Il y aura 2 redémarrages, laisse travailler l’outil jusqu’à l’apparition du message “Nettoyage effectué !”
Ensuite poste : le rapport C:\FindyKill.txt ainsi qu’un nouveau rapport GenProc

~~ Arguments de la procédure ~~

Détections [1] GenProc 2.591 16/06/2009 à 12:37:46

Bagle:le 16/06/2009 à 12:37:47 “C:\Documents and Settings\Alexexandra\Application Data\drivers”

~~ Fin à 12:37:47 ~~

Et voici enfin le rapport avec Hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:51, on 16/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [SkyTel] SkyTel.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [Sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions
O4 - HKLM…\Run: [ISTray] “C:\Program Files\Spyware Doctor\pctsTray.exe”
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 - HKLM…\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - C:\Program… Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com…
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE…
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE…
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d’arrière-plan - C:\Program… Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?21b22a1b39b940fc80f546e1834ce638
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - C:\Program… Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?21b22a1b39b940fc80f546e1834ce638
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - upload.facebook.com…
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com…
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - www6.king.com…
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx2.hotmail.com…
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

–
End of file - 10729 bytes

Que dois-je faire maintenant SVP ?
Edité le 16/06/2009 à 12:53

cricri58 · Juin 16, 2009, 12:43

Re

Tu n as rien supprimé ==> tout est en “Quarantaine”

Malwarebytes==>No Action Taken==> tu as tout les M@rdes en “quarantaine”

Fais ceci
Lances Malwarebytes
==>cliques sur quarantaine==> selectionnes tout et supprimes tout ok !! Tu me confirmeras les suppressions

et
tu refais une analyse Compléte en mode normal + Suppression(s) de ce que tu trouveras éventuellement

Poste le rapport

et aprés fais le reste

@+ cricri58

pour ceci ==>c:\system volume information\_restore

on verra plus tard t inquiéte

on le fera aprés

:hello:

et aprés [b]malwarebytes[/b]

==>FindyKill

étapes 2 et 3 poste les rapports

alexfce · Juin 16, 2009, 1:38

Voila j’ai refait un malwarebytes et j’ai supprimé les fichiers infecté

le rapport :

Malwarebytes’ Anti-Malware 1.37
Version de la base de données: 2286
Windows 5.1.2600 Service Pack 3

16/06/2009 13:35:46
mbam-log-2009-06-16 (13-35-46).txt

Type de recherche: Examen complet (A:|C:|D:|E:|F:|G:|)
Eléments examinés: 164603
Temps écoulé: 29 minute(s), 59 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
c:\documents and settings\Alexexandra\Application Data\drivers\downld (Worm.Bagle) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

je fais findykill étape 2 et 3 et je poste les rapports

merci

Rapport findykill étape 2 :

############################## | FindyKill V5.002 |

User : Alexexandra (Administrateurs) # MOIRAUD-F8127A6

Update on 12/06/09 by Chiquitine29

Start at: 13:39:09 | 16/06/2009

Website : pagesperso-orange.fr…

AMD Athlon™ 64 X2 Dual Core Processor 4400+

Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

Windows Firewall Status : Enabled

AV : avast! antivirus 4.8.1335 [VPS 090613-0] 4.8.1335 [ (!) Disabled | Updated ]

A:\ # Lecteur de disquettes 3 ½ pouces

C:\ # Disque fixe local # 58,59 Go (18,75 Go free) # NTFS

D:\ # Disque fixe local # 90,45 Go (15,71 Go free) [Données] # NTFS

E:\ # Disque CD-ROM

F:\ # Disque fixe local # 74,52 Go (12,93 Go free) [nouveau disque dur] # NTFS

G:\ # Disque amovible # 3,73 Go (1,16 Go free) # FAT32

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | C: |

################## | C:\WINDOWS |

Présent ! C:\WINDOWS\Prefetch\152476000.EXE-1982646E.pf
Présent ! C:\WINDOWS\Prefetch\152477640.EXE-319B2110.pf
Présent ! C:\WINDOWS\Prefetch\152479562.EXE-042595A3.pf
Présent ! C:\WINDOWS\Prefetch\152482640.EXE-237E86BC.pf
Présent ! C:\WINDOWS\Prefetch\152496750.EXE-1A94669E.pf
Présent ! C:\WINDOWS\Prefetch\152498734.EXE-008FEC18.pf
Présent ! C:\WINDOWS\Prefetch\152593562.EXE-2007453A.pf
Présent ! C:\WINDOWS\Prefetch\152597000.EXE-32FAFB19.pf
Présent ! C:\WINDOWS\Prefetch\152602734.EXE-2B79A966.pf
Présent ! C:\WINDOWS\Prefetch\152608656.EXE-33BB12EE.pf
Présent ! C:\WINDOWS\Prefetch\152621156.EXE-34DADF50.pf
Présent ! C:\WINDOWS\Prefetch\FLEC006.EXE-190B79C3.pf
Présent ! C:\WINDOWS\Prefetch\MDELK.EXE-0EF461CE.pf
Présent ! C:\WINDOWS\Prefetch\WINTEMS.EXE-377E42D4.pf

################## | C:\WINDOWS\system32 |

################## | C:\WINDOWS\system32\drivers |

################## | C:\Documents and Settings\Alexexandra\Application Data |

Présent ! C:\Documents and Settings\Alexexandra\Application Data\drivers

################## | Autres … |

################## | C:\Documents and Settings\Alexexandra\Temporary Internet Files |

Présent ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\1RUS4P0J\b64_3[1].jpg
Présent ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\1RUS4P0J\b64_3[2].jpg
Présent ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\1RUS4P0J\mxd[1].jpg
Présent ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\3R40XG8C\b64_3[1].jpg
Présent ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\CSXPZ0AE\b64_1[1].jpg
Présent ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\CSXPZ0AE\b64_1[2].jpg
Présent ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\F1JIXW1S\b64_6[1].jpg
Présent ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\RTP57RJJ\b64_3[1].jpg
Présent ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\RTP57RJJ\b64_3[2].jpg
Présent ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\YORR5DOY\b64[1].jpg
Présent ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\YORR5DOY\file[1].txt
Présent ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\YORR5DOY\mxd[1].jpg
Présent ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\ZAWA3HOM\b64[1].jpg
Présent ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\ZAWA3HOM\b64_1[1].jpg

################## | Registre / Clés infectieuses |

Présent ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_111111s1ro1s1a]
Présent ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_111111s1ro1s1a]
Présent ! [HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_111111s1ro1s1a]
Présent ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S]
Présent ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S]
Présent ! [HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S]
Présent ! [HKCU\Software\bisoft]
Présent ! [HKCU\Software\MuleAppData]
Présent ! [HKCU\Software\Microsoft\Windows\UI] “KEY540534”
Présent ! [HKU\S-1-5-21-73586283-2025429265-725345543-1004\Software\Microsoft\Windows\UI] “KEY540534”
Présent ! [HKU\S-1-5-21-73586283-2025429265-725345543-1004\Software\bisoft]
Présent ! [HKU\S-1-5-21-73586283-2025429265-725345543-1004\Software\MuleAppData]
Présent ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]
Présent ! [HKU\S-1-5-21-73586283-2025429265-725345543-1004\Software\Local AppWizard-Generated Applications\winupgro]

################## | Etat / Services / Informations |

Affichage des fichiers cachés : OK

Mode sans echec : OK

(!) Ndisuio -> Start = 4 ( Good = 3 | Bad = 4 )

EapHost -> Start = 3 ( Good = 2 | Bad = 4 )

(!) Ip6Fw -> Start = 4 ( Good = 2 | Bad = 4 )

SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )

wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )

(!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )

################## | ! Fin du rapport # FindyKill V5.002 ! |

Findykill Etape 3 Rapport :

############################## | FindyKill V5.002 |

User : Alexexandra (Administrateurs) # MOIRAUD-F8127A6

Update on 12/06/09 by Chiquitine29

Start at: 13:47:45 | 16/06/2009

Website : pagesperso-orange.fr…

AMD Athlon™ 64 X2 Dual Core Processor 4400+

Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

Windows Firewall Status : Enabled

AV : avast! antivirus 4.8.1335 [VPS 090613-0] 4.8.1335 [ (!) Disabled | Updated ]

A:\ # Lecteur de disquettes 3 ½ pouces

C:\ # Disque fixe local # 58,59 Go (18,75 Go free) # NTFS

D:\ # Disque fixe local # 90,45 Go (15,71 Go free) [Données] # NTFS

E:\ # Disque CD-ROM

F:\ # Disque fixe local # 74,52 Go (12,93 Go free) [nouveau disque dur] # NTFS

G:\ # Disque amovible # 3,73 Go (1,16 Go free) # FAT32

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe

################## | C: |

################## | C:\WINDOWS |

Supprimé ! C:\WINDOWS\Prefetch\152476000.EXE-1982646E.pf
Supprimé ! C:\WINDOWS\Prefetch\152477640.EXE-319B2110.pf
Supprimé ! C:\WINDOWS\Prefetch\152479562.EXE-042595A3.pf
Supprimé ! C:\WINDOWS\Prefetch\152482640.EXE-237E86BC.pf
Supprimé ! C:\WINDOWS\Prefetch\152496750.EXE-1A94669E.pf
Supprimé ! C:\WINDOWS\Prefetch\152498734.EXE-008FEC18.pf
Supprimé ! C:\WINDOWS\Prefetch\152593562.EXE-2007453A.pf
Supprimé ! C:\WINDOWS\Prefetch\152597000.EXE-32FAFB19.pf
Supprimé ! C:\WINDOWS\Prefetch\152602734.EXE-2B79A966.pf
Supprimé ! C:\WINDOWS\Prefetch\152608656.EXE-33BB12EE.pf
Supprimé ! C:\WINDOWS\Prefetch\152621156.EXE-34DADF50.pf
Supprimé ! C:\WINDOWS\Prefetch\FLEC006.EXE-190B79C3.pf
Supprimé ! C:\WINDOWS\Prefetch\MDELK.EXE-0EF461CE.pf
Supprimé ! C:\WINDOWS\Prefetch\WINTEMS.EXE-377E42D4.pf
Supprimé ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-0F8DCEDB.pf

################## | C:\WINDOWS\system32 |

################## | C:\WINDOWS\system32\drivers |

################## | C:\Documents and Settings\Alexexandra\Application Data |

Supprimé ! C:\Documents and Settings\Alexexandra\Application Data\drivers

################## | Autres … |

################## | Temporary Internet Files |

Supprimé ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\1RUS4P0J\b64_3[1].jpg
Supprimé ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\1RUS4P0J\b64_3[2].jpg
Supprimé ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\1RUS4P0J\mxd[1].jpg
Supprimé ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\3R40XG8C\b64_3[1].jpg
Supprimé ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\CSXPZ0AE\b64_1[1].jpg
Supprimé ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\CSXPZ0AE\b64_1[2].jpg
Supprimé ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\F1JIXW1S\b64_6[1].jpg
Supprimé ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\RTP57RJJ\b64_3[1].jpg
Supprimé ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\RTP57RJJ\b64_3[2].jpg
Supprimé ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\YORR5DOY\b64[1].jpg
Supprimé ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\YORR5DOY\file[1].txt
Supprimé ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\YORR5DOY\mxd[1].jpg
Supprimé ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\ZAWA3HOM\b64[1].jpg
Supprimé ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\ZAWA3HOM\b64_1[1].jpg

################## | Registre / Clés infectieuses |

Supprimé ! [HKCU\Software\bisoft]
Supprimé ! [HKCU\Software\MuleAppData]
Supprimé ! [HKCU\Software\Microsoft\Windows\UI] “KEY540534”
Supprimé ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]

################## | Etat / Services / Informations |

Mode sans echec : OK

Affichage des fichiers cachés : OK

Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )

EapHost -> Start = 2 ( Good = 2 | Bad = 4 )

Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )

SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )

wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )

wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | PEH … |

Corrompu : C:\Program Files\Alwil Software\Avast4\ashAvast.exe
[Offset = 0000011C - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[Offset = 00000124 - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[Offset = 0000010C - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashQuick.exe
[Offset = 0000011C - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashServ.exe
[Offset = 00000124 - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
[Offset = 0000011C - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[Offset = 00000114 - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[Offset = 00000114 - Valeur = 0x0001]

Corrompu : C:\Program Files\Spyware Doctor\pctsAuxs.exe
[Offset = 000000F4 - Valeur = 0x0001]

Corrompu : C:\Program Files\Spyware Doctor\pctsSvc.exe
[Offset = 00000104 - Valeur = 0x0001]

Corrompu : C:\Program Files\Spyware Doctor\pctsTray.exe
[Offset = 00000104 - Valeur = 0x0001]

Corrompu : C:\Program Files\Spyware Doctor\Update.exe
[Offset = 00000104 - Valeur = 0x0001]

Corrompu : C:\WINDOWS$hf_mig$\KB951066\update\update.exe
[Offset = 000000EC - Valeur = 0x0001]

Tentative de réparation…
Sauvegarde : update.exe.REN
[Offset = 000000EC - Nouvelle valeur = 0x4C01]
Fichier réparé avec succès.

Corrompu : C:\WINDOWS$hf_mig$\KB951698\update\update.exe
[Offset = 000000EC - Valeur = 0x0001]

Tentative de réparation…
Sauvegarde : update.exe.REN
[Offset = 000000EC - Nouvelle valeur = 0x4C01]
Fichier réparé avec succès.

Corrompu : C:\WINDOWS$hf_mig$\KB958215-IE7\update\update.exe
[Offset = 000000E4 - Valeur = 0x0001]

Tentative de réparation…
Sauvegarde : update.exe.REN
[Offset = 000000E4 - Nouvelle valeur = 0x4C01]
Fichier réparé avec succès.

Corrompu : C:\WINDOWS$hf_mig$\KB961260-IE7\update\update.exe
[Offset = 000000E4 - Valeur = 0x0001]

Tentative de réparation…
Sauvegarde : update.exe.REN
[Offset = 000000E4 - Nouvelle valeur = 0x4C01]
Fichier réparé avec succès.

################## | Cracks / Keygens / Serials |

################## | ! Fin du rapport # FindyKill V5.002 ! |

Voila je refais un rapport genproc maintenant

Rapport GenProc 2.591 [3] - 16/06/2009 à 14:04:52
@ Windows XP Service Pack 3 - Mode normal
@ Internet Explorer (8.0.6001.18702) [Navigateur par défaut]

Etape 1/ Télécharge :

FindyKill sd-1.archive-host.com… (Chiquitine29) sur le Bureau.

Note importante : l’infection bagle s’installant au moyen d’un crack/keygen, tu dois IMPERATIVEMENT supprimer ce type de fichier.

Etape 2/

Lance l’installation avec les paramètres par défaut

Double-clique sur le raccourci FindyKill sur le Bureau (sous Vista : clic droit sur le raccourci --> Exécuter en temps qu’Administrateur) ;
Au menu principal, sélectionne l’option 1 (Recherche) ;
Le rapport est sauvegardé à la racine du disque dur (C:\FindyKill.txt).
Avant de faire quoi que ce soit d’autre, il est fortement recommandé de poster le rapport sur le forum pour avoir l’avis d’un spécialiste. Après confirmation par un intervenant qualifié du forum, passe au nettoyage.

Etape 3/

Branche toutes tes sources de données externes (clés USB, disques durs externes, lecteurs mp3, iPod…) sans les ouvrir, puis Relance FindyKill.

Sélectionne cette fois l’option 2 (Suppression) au menu principal.
Il y aura 2 redémarrages, laisse travailler l’outil jusqu’à l’apparition du message “Nettoyage effectué !”
Ensuite poste : le rapport C:\FindyKill.txt ainsi qu’un nouveau rapport GenProc

~~ Arguments de la procédure ~~

Détections [1] GenProc 2.591 16/06/2009 à 12:37:46

Bagle:le 16/06/2009 à 12:37:47 “C:\Documents and Settings\Alexexandra\Application Data\drivers”

Détections [2] GenProc 2.591 16/06/2009 à 13:59:49

Bagle:le 16/06/2009 à 13:59:50 “C:\Documents and Settings\Alexexandra\Application Data\drivers”

Détections [3] GenProc 2.591 16/06/2009 à 14:04:55

Bagle:le 16/06/2009 à 14:04:56 “C:\Documents and Settings\Alexexandra\Application Data\drivers”

~~ Fin à 14:04:56 ~~

Et voilà j’ai tout suivi à la lettre mais ça ne marche toujours pas
Avez vous une autre solution pour moi ?
Edité le 16/06/2009 à 14:08

cricri58 · Juin 16, 2009, 11:13

Salut alexfce

Lances Hiackthis

Cliques sur Do a System Scan Only

coches ces Lignes

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dl
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - www6.king.com…
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

Fermes tes autres applications et Cliques sur Fix Checked

ensuite

Télécharge Winsockxpfix

sur ton bureau sans l executer au cas tu en aurai besoin aprés

==>WinSock XP Fix

ensuite

Télécharge Combofix

==>ComboFix.exe

==>sur ton Bureau et renomme le avant qu’il vienne sur ton bureau.
pour ce faire fait un clic droit sur Combofix.exe ,choisis “enregistrer la cible du lien sous…” et renomme le en==>alexfce.exe
==> et pour l’emplacement choisis ton bureau et cliques sur “enregistrer”

Double clique==> alexfce.exe ==>(Fichier renommé)
Tapes sur la touche1 pour démarrer le scan et suis les instructions indiquées par combofix.
Lorsque le scan sera terminé, un rapport apparaîtra. Copie/colle ce rapport ici même.
==>Le rapport se trouve également ici : C:\Combofix.txt
==> tu ne devras pas cliquer dans la fenêtre de Combofix pendant l’analyse ; ceci provoquerait le blocage du programme.

PS
si ta connexion internet n’est plus active après le redémarrage

Fait un double clic sur le fichier de WinsockXPFix
clique sur “Fix” au cas faudra faire une réparation manuelle

Télécharge Toolbar-S&D (de la Team IDN) sur ton Bureau.

==>Toolbar S&D

Double clique licône ToolBar S&D sur le bureau
Choisi F pour français et valide
Au menu principal de ToolBar S&D choisi loption 1 (Recherche)
Le menu Démarrer et les icônes vont disparaîtrent, c’est normal
La recherche s’effectue, cela peut prendre plusieurs minutes, ne touche à rien.
Une fois l’analyse terminée, le rapport de recherche s’ouvre dans le Bloc-Note. (Dans le cas où le rapport ne s’ouvre pas, ce dernier se trouve sur C:\TB.txt)

Copier/coller le rapport

[b]PS[/b]

Tu garderas MalwareBytes

tu telechargeras ==>Revo Uninstaller

==>Revo Uninstaller

tu désinstalleras Spyware Doctor (Usine à Gaz )
et ensuite Bonjour

alexfce · Juin 17, 2009, 9:37

Bonjour Cricri58,

Tout d’abord je tenais à vous remercier d’être revenu hier soir, moi je n’étais plus connecté je vais continuer à suivre vos instructions à la lettre et j’espère que ça va s’arranger en tout cas merci, heureusement qu’il y a des personnes comme vous sur le net pour nous aider nous autres pauvres incultes

Voici la rapport de Combofix :

ComboFix 09-06-16.02 - Alexexandra 17/06/2009 9:22.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1919.1415 [GMT 2:00]
Lancé depuis: c:\documents and settings\Alexexandra\Mes documents\alexfce.exe
AV: avast! antivirus 4.8.1335 [VPS 090613-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Alexexandra\Application Data\drivers\downld
c:\documents and settings\Alexexandra\Application Data\drivers\winupgro.exe
c:\documents and settings\Alexexandra\Application Data\m
c:\documents and settings\Alexexandra\Application Data\m\shared
C:\Muestras
c:\windows\system32\drivers\down
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe
c:\documents and settings\Alexexandra\Application Data\drivers\111wfs1intwq.sys
c:\documents and settings\Alexexandra\Application Data\drivers\11s11ro1s1a2.sys
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54711453.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54716343.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54718406.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54719640.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54721953.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54722500.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54731640.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54733453.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54761187.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54762140.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54762453.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54765953.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54766562.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54766625.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54771875.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54772953.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54773375.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54774078.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54779671.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54787500.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54810640.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54813937.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54814187.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54814218.exe
c:\documents and settings\Alexexandra\Application Data\m\data.oct
c:\documents and settings\Alexexandra\Application Data\m\list.oct
c:\documents and settings\Alexexandra\Application Data\m\shared\3D_Floating_Easter_Eggs_1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\70-298 - Designing Security for a MS Windows Server 2003 Network 1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\A-one iPod PSP 3GP Video Converter 6.2.5.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Acme CADConverter 7.51.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\AgataSoft_Sutdown_Lite_2.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Aimersoft Video to Audio Converter 2.2.0.37.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\AJT Countdown Rev 3.2.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Album3D_Builder_1.7_(Serial).zip
c:\documents and settings\Alexexandra\Application Data\m\shared\All_to_Text_1.501.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Aloaha PDF Crypter 2.5.14.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Amazon MP3 Search 1.0.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\AppStar_0.1.2.6_Alpha.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\AVG.Anti-Spyware.V.7.5.0.50.+.Crack.(Multilenguaje).Por.Pirata.of.Spain.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\AVG.antivirus.Server.v7.0.+.Crack.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Bad_Girl_by_Drawing_Hand_5.6_[Key+Serial].zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Base64 Encoding ActiveX Library 2.04.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Bejeweled_2_Deluxe.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Block That! 1.0.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\BlueZone_4.0c1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Bonodi_XML_Editor_2.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\C-Mail 3.1.2.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Cel Uploader 1.0.0.3.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\ClickPic_1.0.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Client Tracks 6.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\CMYK_Production_Plus_2.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Compressed NTFS File Decompressor 1.4.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\CooJah 6.1.0.0 Build 090222 Beta.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Cool Free Music Converter 6.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\CoolPopup 1.01.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\CPU_Load_Widget_2.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\CPUsage_1.2.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Cube_Panel_2.2.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\CubeEye 1.6 [Patch].zip
c:\documents and settings\Alexexandra\Application Data\m\shared\DARTrends 0.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Demo_toolbar_for_Outlook_Express_0.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\DNS Cache Tool for ISA Server.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\DopeWars_7650_1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\dragdropupload 1.6.8.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\DSynchronize 2.30.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Duplicate File Eraser 1.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Dynamic Design 1.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\EngInSite_Perl_Editor_Lite_2.0.2_build_37_(With_Crack).zip
c:\documents and settings\Alexexandra\Application Data\m\shared\English_Spanish_Database_1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\episTree_2_Key+Serial.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Extended_Statusbar_1.2.6.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\FlashSwitch 1.0 Build 21.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\FLEETMATE_1.4_build_051_(With_Crack).zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Four_in_Line_(Pocket_PC)1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\FrameTools 1.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\FreeRIP 3.01 KeyGen.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\gbReplace 4.1.27.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Get Password 1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Gisele Bundchen 1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\GoMail_Subscription_Manager_1.0_build_113_With_Crack.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Hilbert Neue Condensed Font Truetype 2.00.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Home_Business_Gold.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\ICD2IMG 1.01.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Images_Finder_1.7.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Internet_Hunter_2.5(With_Crack).zip
c:\documents and settings\Alexexandra\Application Data\m\shared\iPhone Application Browser 1.0.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\iPlayer 1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\iShell 4.0r9.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\iStory Creator 4.2.0.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\iUpdate 1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\jcop 0.3.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Jetpack (Visual Basic 6.0) 6.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Julia Stiles Screensaver1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Karpesky.Personal.Antivirus.v5.0.227.+key.2007.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Keyword_Market_Value_Analyzer_1.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Kotation_1.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Links_Organizer_2.1.157_(Cracked).zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Lower Blood Pressure 1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\MachineCode Screensaver 1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\MB Free Personal Month Number 1.25.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\MB Free Psychic Color Test 1.55.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\MISPBO Registry Cleaner 3.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Mortgage_Calculator_1.1.4.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Mr. Flash 1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\MyOddIcon 1.01.05.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\NexyFILES 1.0 build 0.39.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\NGDiskcat_1.0.6.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Nuclear visions screensaver 1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Okoker_Quick_Burner_1.4_Patch.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Orneta_Checkers_1.0.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\OSSIM_1.6.8.2.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Phoenixgang_toolbar_for_IE_4.5.132.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Pro frequency Instant EULA 3.6.2.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\ProcessWatchV2_2.0.9_build_14.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\PropertyEditor 4.2.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Pumpkin_Shoot_Game_Demo_Screensaver_1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\RSS Feeder 3.2.3.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\SafeIT File Shredding 2006 7.5.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\SearchView_1.0.8.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\SesamTV Media Center 2.2101.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\silence_screensaver_01.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\SimpleCast_2.5.1_(Patch).zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Smartlock 1.31.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Soft191 Unnecessary File Finder 1.04.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\SSCP Free Test Exam Questions 10.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\STAMP ACT 1.5.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\SWiSHvideo_2.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\SwitchSync Ex 4.6.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\systemDashboard_-Memory_Monitor_1.2.2.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\SystemSleuth_1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Teacher’s Electronic Daybook 3.1a.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\The_Great_Pyramids_of_Giza_Screen_Saver_1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Theme Editor For Roxio CD and DVD Creator 6.x 1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\TimeSage 1.5.3.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\ToolbarMS-A_MySpace_toolbar_for_Firefox_1.1.2.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Triap_Beta.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\uCertify PrepKit for Oracle exam 1Z0-031 8.02.05.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\UK Threat Level 0.15.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\UltimateMenu_1.0_KeyGen.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\VIMap 1.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\VintaSoftTwain ActiveX Control 4.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Visual Probability 2.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\VoipBuster 3.00 Build 531.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\W2EventLogReport 1.03.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\WatchDISK_Disk_Space_Tracker_3.2.27.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\webcam_Bar_toolbar_for_IE_4.5.126.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\WebKeeper 2.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Winsole_2.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Word-It 1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Workout_Printer_1.1(Key+Serial).zip
c:\documents and settings\Alexexandra\Application Data\m\shared\WriteKanji_1.2.5.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\xls2csv 1.2.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\YASA AVI to iPod Converter 3.0.26.1237.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Yex_0.0.4.zip
c:\documents and settings\Alexexandra\Application Data\m\srvlist.oct
C:\InfoSat.txt
c:\muestras\WINUPGRO.EXE.Muestra EliBagle v12.68
c:\windows\system32_000006_.tmp.dll
c:\windows\system32_000007_.tmp.dll
c:\windows\system32_000008_.tmp.dll
c:\windows\system32_000011_.tmp.dll
c:\windows\system32_000012_.tmp.dll
c:\windows\system32\ban_list.txt
c:\windows\system32\drivers\down\54778484.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_111111S1RO1S1A
-------\Service_111111s1ro1s1a

((((((((((((((((((((((((((((( Fichiers créés du 2009-05-17 au 2009-06-17 ))))))))))))))))))))))))))))))))))))
.

2009-06-17 07:14 . 2006-10-07 01:04 856064 ----a-w- c:\windows\system32\SkyTel.EXE
2009-06-16 16:16 . 2009-06-17 07:26 -------- d–h--w- c:\documents and settings\Alexexandra\Application Data\drivers
2009-06-16 10:58 . 2009-06-16 16:10 -------- d-----w- C:\FindyKill
2009-06-16 10:56 . 2009-06-16 10:56 -------- d-----w- c:\program files\CCleaner
2009-06-16 10:42 . 2009-06-16 10:42 -------- d-----w- c:\program files\Trend Micro
2009-06-16 10:37 . 2009-06-16 10:37 -------- d-----w- C:\GenProc
2009-06-16 09:57 . 2009-06-16 09:57 -------- d-----w- c:\documents and settings\Alexexandra\Application Data\Malwarebytes
2009-06-16 09:57 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-16 09:57 . 2009-06-16 09:57 -------- d-----w- c:\program files\Malwarebytes’ Anti-Malware
2009-06-16 09:57 . 2009-06-16 09:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-16 09:57 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-11 01:40 . 2009-06-11 01:40 -------- d-sh–w- c:\documents and settings\LocalService\IETldCache
2009-06-10 04:26 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 04:26 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-08 08:11 . 2009-06-08 08:11 -------- d-sh–w- c:\documents and settings\Alexexandra\IECompatCache
2009-06-08 08:07 . 2009-06-08 08:07 -------- d-sh–w- c:\documents and settings\Alexexandra\PrivacIE
2009-06-08 08:06 . 2009-06-08 08:06 -------- d-sh–w- c:\documents and settings\NetworkService\IETldCache
2009-06-08 08:05 . 2009-06-08 08:05 -------- d-sh–w- c:\documents and settings\Alexexandra\IETldCache
2009-06-08 07:42 . 2009-06-11 01:02 -------- d-----w- c:\windows\ie8updates
2009-06-08 07:42 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-08 07:40 . 2009-06-08 07:42 -------- dc-h–w- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-17 07:13 . 2007-07-30 05:05 -------- d-----w- c:\program files\Windows Live Toolbar
2009-06-16 20:28 . 2007-05-18 17:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-16 15:57 . 2007-11-17 16:12 -------- d—a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-16 11:54 . 2004-08-05 12:00 49734 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-16 11:54 . 2004-08-05 12:00 370832 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-16 11:28 . 2007-05-18 17:31 -------- d-----w- c:\program files\Winamp
2009-06-12 08:29 . 2007-06-02 10:58 -------- d-----w- c:\program files\Spyware Doctor
2009-05-13 05:04 . 2004-08-05 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:33 . 2004-08-05 12:00 348672 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 15:57 . 2009-05-01 15:56 -------- d-----w- c:\program files\PhotoFiltre Studio
2009-05-01 15:57 . 2009-05-01 15:57 45 —h–w- c:\windows\dsez5868.dat
2009-04-25 07:51 . 2007-05-18 17:29 -------- d-----w- c:\program files\eMule
2009-04-19 19:50 . 2007-05-19 08:46 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:53 . 2004-08-05 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2007-11-25 11:17 . 2007-11-25 11:16 4344685 -c–a-w- c:\program files\installpro.exe
2007-06-20 16:50 . 2007-06-20 16:50 3655608 -c–a-w- c:\program files\FLV PlayerRCATSetup.exe
2007-06-20 16:50 . 2007-06-20 16:49 25990432 -c–a-w- c:\program files\FLV PlayerRCSetup.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2006-07-13 7626752]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2006-07-13 86016]
“Google Desktop Search”=“c:\program files\Google\Google Desktop Search\GoogleDesktop.exe” [2008-06-21 29744]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2008-12-18 136600]
“Sony Ericsson PC Suite”=“c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2005-10-26 159744]
“ISTray”=“c:\program files\Spyware Doctor\pctsTray.exe” [2009-06-17 1168264]
“WinampAgent”=“c:\program files\Winamp\winampa.exe” [2009-03-09 37888]
“AppleSyncNotifier”=“c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe” [2008-07-22 116040]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2009-06-17 81000]
“nwiz”=“nwiz.exe” - c:\windows\system32\nwiz.exe [2006-07-13 1519616]
“SkyTel”=“SkyTel.EXE” - c:\windows\system32\SkyTel.EXE [2006-10-07 856064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableLUA”= 0 (0x0)

Les clés de Registre SafeBoot doivent être réparées. Cette machine ne peut pas utiliser le Mode Sans Échec.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E967-E325-11CE-BFC1-08002BE10318}]
@=“DiskDrive”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@=“Hdc”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@=“Keyboard”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@=“Mouse”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@=“System”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@=“Volume”

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\eMule\emule.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“c:\Program Files\Real\RealPlayer\realplay.exe”=
“c:\Program Files\Winamp Remote\bin\Orb.exe”=
“c:\Program Files\Winamp Remote\bin\OrbTray.exe”=
“c:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe”=
“c:\Program Files\Bonjour\mDNSResponder.exe”=
“c:\Program Files\iTunes\iTunes.exe”=
“c:\Program Files\MSN Messenger\msnmsgr.exe”=
“c:\Program Files\MSN Messenger\livecall.exe”=

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [16/05/2007 16:59 34944]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [28/03/2008 08:18 356920]
S3 GoogleDesktopManager-051608-133132;Google Desktop Manager 5.7.805.16405;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [02/06/2007 12:54 29744]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\drivers\usb8023.sys [05/08/2004 14:00 12800]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
“c:\windows\system32\rundll32.exe” “c:\windows\system32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP
.
Contenu du dossier ‘Tâches planifiées’

2009-06-17 c:\windows\Tasks\Google Software Updater.job

c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-18 02:11]

2009-06-17 c:\windows\Tasks\User_Feed_Synchronization-{89A8798C-2E6E-43E5-9BFD-650BBB153FAA}.job

c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = www.google.com…
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = www.google.com…
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - favorites.live.com…
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Ouvrir dans un nouvel onglet d’arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?21b22a1b39b940fc80f546e1834ce638
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?21b22a1b39b940fc80f546e1834ce638
.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2009-06-17 09:27
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés …

Recherche d’éléments en démarrage automatique cachés …

Recherche de fichiers cachés …

Scan terminé avec succès
Fichiers cachés: 0

.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - ‘explorer.exe’(3476)
        c:\windows\system32\eappprxy.dll
        c:\windows\system32\webcheck.dll
        c:\windows\system32\WPDShServiceObj.dll
        c:\windows\system32\PortableDeviceTypes.dll
        c:\windows\system32\PortableDeviceApi.dll
        .
        ------------------------ Autres processus actifs ------------------------
        .
        c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        c:\program files\Bonjour\mDNSResponder.exe
        c:\program files\Java\jre6\bin\jqs.exe
        c:\windows\system32\nvsvc32.exe
        c:\windows\system32\wbem\wmiapsrv.exe
        c:\windows\system32\wscntfy.exe
        c:\windows\system32\CF30298.exe
        c:\windows\system32\rundll32.exe
        c:\program files\Fichiers communs\Teleca Shared\CapabilityManager.exe
        c:\program files\Fichiers communs\Teleca Shared\Generic.exe
        c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
        .

.
Heure de fin: 2009-06-17 9:30 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-17 07:30

Avant-CF: 20 852 363 264 octets libres
Après-CF: 21 793 116 160 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP dition familiale” /noexecute=optin /fastdetect /usepmtimer

355 — E O F — 2009-06-11 01:03

Voila le rapport de Toolbar :

-----------\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon™ 64 X2 Dual Core Processor 4400+ )
BIOS : BIOS Date: 12/04/06 15:45:54 Ver: 08.00.12
USER : Alexexandra ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090613-0] 4.8.1335 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:58 Go (Free:20 Go)
D:\ (Local Disk) - NTFS - Total:90 Go (Free:15 Go)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:74 Go (Free:12 Go)

“C:\ToolBar SD” ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 17/06/2009| 9:39 )

-----------\ Recherche de Fichiers / Dossiers …

C:\WINDOWS\iun6002.exe

-----------\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

-----------\ […\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Local Page”=“C:\WINDOWS\system32\blank.htm”
“Start Page”=“http://www.msn.com/”
“Search Page”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch”
“SearchMigratedDefaultURL”=“http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8”

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
“Default_Page_URL”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Local Page”=“C:\WINDOWS\system32\blank.htm”
“Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157”

--------------------\ Recherche d’autres infections

C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\drivers\down
==> BAGLE <==

--------------------\ Cracks & Keygens …

C:\DOCUME~1\ALEXEX~1\Application Data\Microsoft\Office\Recent\Serial Activation Crack Microsoft Office System 2007 Pro Enterprise Corporate Plus Professional Attivazione seriali Ita Eng de fr ru 32 64 bit.LNK
C:\DOCUME~1\ALEXEX~1\Recent\the sims 3 Serial - keygen.lnk

1 - “C:\ToolBar SD\TB_1.txt” - 17/06/2009| 9:39 - Option : [1]

-----------\ Fin du rapport a 9:39:40,60

Je télécharge revo uninstaller je désinstalles spyware doctor et je vous attends pour la suite

merci
Edité le 17/06/2009 à 09:41

cricri58 · Juin 17, 2009, 10:51

Salut

Double clique sur licône ToolBar S&D sur le bureau
Choisi F pour français et valide
Au menu principal de ToolBar S&D choisi loption 2 (Suppression)
Le menu démarrer et les icônes vont à nouveau disparaître… c’est normal.
Le nettoyage va prendre quelques minutes…
Une fois l’opération terminée, le rapport de nettoyage s’ouvre

Copier/coller le rapport

ensuite

Refais

==>Elibagla

tout en bas de cette page tu trouveras un outil
à télécharger,clique sur “escargar Elibagla” (le numéro de version change au fur et à mesure des mises à jour)
installe ce fichier sur le bureau.
ensuite double-clic sur Elibagla.exe

laisse la case “eliminar ficheros automaticamente” coché
clique sur"explorar"
laisse-le travailler
poste le rapport final qui s trouve dans c:\infosat.txt

seulement aprés

Télécharges SafeBoot.reg

Pour télécharger ce fichier fais un clic droit sur le lien qui est en bleu dans ma réponse choisis pour :

==>SafeBoot.reg

Internet Explorer : Enregistrer la cible sous
Firefox : Enregistrer la cible du lien sous

Enregistre ce fichier sur le bureau
Déconnecte ton PC du net
Clic droit sur SafeBoot.reg choisis Fusionner dans la liste, accepte la fusion avec le registre

aprés

installes Ccleaner

==>Ccleaner

Une fois sur le bureau, clic sur l’install de CCleaner.
-> Mais avant de cliquer sur le bouton “installer”, décoche toutes les “options supplémentaires”.(install de la barre yahoo,etc…)

–>Ensuite, clique sur “Options”, “Avancé” et décoche la case
–>“Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures”.
–>Clique sur l’onglet “Nettoyeur” puis sur “Lancer le Nettoyage”.
–> Ensuite clique sur l’icone Registre, à droite, clique sur “Chercher des erreurs” puis sur “Réparer les erreurs sélectionnées”.

Accepte la sauvegarde, de la BDR (base de registre )qu’il propose .
Je te conseille de le repasser au moins deux fois,(ou + jusqu’à qu’il ne trouve plus d’erreurs.)

Redémarres ton Pc-

tu n as plus D Antivirus==>essayes d installer Avira si tu n arrives pas à l installer passe à la suite

télécharges et installes Avira AntiVir Personal Free 9.0.0.65==> fr

==>Avira AntiVir Personal Free 9.0.0.65

mets à jour et fais une Analyse Compléte
poste le rapport

et pour termner

Télécharge Random’s System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.

==>RSIT Random’s/Random’s

==> Double-clique sur RSIT.exe afin de lancer RSIT.
==> Clique sur Continue à l’écran Disclaimer.
==> Si l’outil HijackThis (version à jour) n’est pas présent ou non détecté sur l’ordinateur, RSIT le téléchargera et tu devras accepter la licence.
==>Lorsque l’analyse sera terminée, deux fichiers texte s’ouvriront.

==> Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

Note : Les deux rapports sont également sauvegardés %systemroot%\rsit

Et je te dis à plus tard

@+cricri58:hello:

alexfce · Juin 17, 2009, 11:00

Rapport toolbar :

-----------\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon™ 64 X2 Dual Core Processor 4400+ )
BIOS : BIOS Date: 12/04/06 15:45:54 Ver: 08.00.12
USER : Alexexandra ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090613-0] 4.8.1335 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:58 Go (Free:20 Go)
D:\ (Local Disk) - NTFS - Total:90 Go (Free:15 Go)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:74 Go (Free:12 Go)

“C:\ToolBar SD” ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 17/06/2009|10:57 )

-----------\ SUPPRESSION

Supprime! - C:\WINDOWS\iun6002.exe

-----------\ Recherche de Fichiers / Dossiers …

-----------\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

-----------\ […\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Local Page”=“C:\WINDOWS\system32\blank.htm”
“Start Page”=“http://www.msn.com/”
“Search Page”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch”
“SearchMigratedDefaultURL”=“http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8”

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
“Default_Page_URL”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Local Page”=“C:\WINDOWS\system32\blank.htm”
“Start Page”=“http://www.msn.com/”

--------------------\ Recherche d’autres infections

C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\drivers\down
==> BAGLE <==

--------------------\ Cracks & Keygens …

C:\DOCUME~1\ALEXEX~1\Application Data\Microsoft\Office\Recent\Serial Activation Crack Microsoft Office System 2007 Pro Enterprise Corporate Plus Professional Attivazione seriali Ita Eng de fr ru 32 64 bit.LNK
C:\DOCUME~1\ALEXEX~1\Recent\the sims 3 Serial - keygen.lnk

1 - “C:\ToolBar SD\TB_1.txt” - 17/06/2009| 9:39 - Option : [1]
2 - “C:\ToolBar SD\TB_2.txt” - 17/06/2009|10:58 - Option : [2]

-----------\ Fin du rapport a 10:58:03,79

Rapport Elibagla :

  (17-6-2009  9:3:27)

Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.69
a “virus@satinfo.es”. Gracias.
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\111WFS1INTWQ.SYS --> Eliminado Bagle(rootkit)
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\11S11RO1S1A2.SYS --> Eliminado Bagle(rootkit)
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\DOWN\578500.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\117718.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\123046.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\129921.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\157468.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\43609.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\44968.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\470203.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\47390.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\473906.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\474781.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\48718.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\505531.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\506718.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\582531.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\588312.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\749125.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\756656.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\80937.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\82234.EXE --> Eliminado Bagle
Restaurada Clave: “SafeBoot\Minimal y Network”
Reinicie para Completar la Limpieza.

  (17-6-2009  9:3:53)

Lista de Acciones (por Exploración):
Explorando “C:”
C:\Qoobox\Quarantine\C\Documents and Settings\Alexexandra\Application Data\drivers\111WFS1INTWQ.SYS.VIR --> Eliminado Bagle(rootkit)
C:\Qoobox\Quarantine\C\Documents and Settings\Alexexandra\Application Data\drivers\11S11RO1S1A2.SYS.VIR --> Eliminado Bagle(rootkit)
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\down\54778484.EXE.VIR --> Eliminado Bagle

Nº Total de Directorios: 6231
Nº Total de Ficheros: 60011
Nº de Ficheros Analizados: 13218
Nº de Ficheros Infectados: 3
Nº de Ficheros Limpiados: 3
Edité le 17/06/2009 à 11:11

cricri58 · Juin 17, 2009, 11:16

OK c est impecc!!pour l instant==> continue

alexfce · Juin 17, 2009, 11:25

aie j’ai un souci, ccleaner ne veut pas s’ouvrir, la page s’ouvre une demi seconde et se referme !

cricri58 · Juin 17, 2009, 11:36

Sinon laisse Ccleaner

telecharge ATF-Cleaner

==> ATF-Cleaner

fais un nettoyage

Tutoriel==>[Tuto[/url]]www.dualforum.com…]( [url=http://www.dualforum.com/viewtopic15681.html)

ATF-Cleaner

Aprés avoir fais le reste Avira+ RSIT + posté les rapports

Télécharges Gmer.

=>GMER

Dézippe le dans un dossier ou sur ton bureau.

Déconnecte toi d’Internet puis et ferme tous les programmes.
Double-clique sur Gmer.exe.

IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s’executer.

Clique sur l’onglet rootkit.
A droite, coche Files et Services.
Clique maintenant sur Scan.

Lorsque le scan est terminé, poste le rapport

et

installes cet Utilitaire

==>FileHippo

et fais toutes les mises à jour qu il te proposera laisse toi guider==>sauf les Versions Bétas

Pour le reste je regarderai ce soir Tard laisse ton PC tranquille d ici la

:hello:

alexfce · Juin 17, 2009, 11:39

et merde avec ATF cleaner c’est pareil je le lance la page s’allume une demi seconde et s’eteind

est ce que je fais le reste qd meme ?

J’ai un message qui s’est affiché " Prévention de l’exécution des données, Windows a fermé ce programme"

nom : Internet Explorer
editeur : microsoft corporation
Edité le 17/06/2009 à 11:44

cricri58 · Juin 17, 2009, 11:53

tu essaieras aprés Ccleaner ou ATF

aprés avoir régarder la dedans Windows XP

==>Paramétrer ou désactiver la Prévention d’Exécution des Données

alexfce · Juin 17, 2009, 2:07

et non malheureusement toujours pas ni l’un ni l’autre ne veut souvrir…

cricri58 · Juin 17, 2009, 10:55

Fais le reste que je t ai donné à faire Avira et RSIT

cricri58 · Juin 17, 2009, 11:12

Fais aussi GMER et FileHippo ne t obstine pas avec Ccleaner ou ATF

alexfce · Juin 18, 2009, 9:23

Bonjour,

Avira et RSIT ne veulent pas marcher non plus impossible à les installer

j’essaie GMER et FileHippo

Voila ce que me marque GIMER :

GMER 1.0.15.14972 - www.gmer.net…
Rootkit scan 2009-06-18 09:30:57
Windows 5.1.2600 Service Pack 3

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\100171.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\100625.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\100781.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\101171.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\103406.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\104531.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\104937.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\105031.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\105640.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\105765.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\106500.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\107984.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\109031.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\109546.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\109718.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\110593.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\110812.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\111718.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\112281.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\112953.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\113171.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\113515.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\114031.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\114046.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\114593.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\115703.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\117140.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\117515.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\117750.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\156421.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\156796.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\157859.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\158328.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\158375.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\159750.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\160015.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\160625.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\160796.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\161203.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\161828.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\168453.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\179843.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\182359.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\182640.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\182687.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\185843.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\188031.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\188453.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\190359.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\192390.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\192656.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\192687.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\43718.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\44703.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\45390.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\45968.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\46375.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\47359.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\47468.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\48625.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\49531.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\54765.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\56812.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58625.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58665843.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58670781.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58671.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58672218.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58688796.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58689734.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58692171.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\118218.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\118906.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\119906.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\120953.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\121359.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\121531.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\122000.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\123343.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\123750.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\125093.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\125343.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\127500.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\127968.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\128265.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\128687.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\129093.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\131890.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\132187.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\134109.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\134500.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\137734.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\69937.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\71171.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\72578.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\78703.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\79718.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\80343.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\85406.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\86328.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\87140.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\87218.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\92421.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\92562.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\93156.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\94921.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\95750.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\96312.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\96390.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\97546.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\97953.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\99703.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\99906.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14662953.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14666593.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14690937.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14708812.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14711484.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14712312.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14720859.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\147296.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14732812.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14760890.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14761906.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14762562.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14766218.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14766234.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14769140.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14770031.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14770437.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14772750.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14778953.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14832953.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14838218.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14841265.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14841312.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\149234.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\149343.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\151265.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\152703.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\152890.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\153187.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\153453.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\153515.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\153640.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\154187.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\154343.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\154390.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\118109.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14660765.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\155578.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\231734.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\43656.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58692765.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\69375.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58701250.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58702250.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58729250.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58730140.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58730656.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58737421.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58738500.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58738906.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58739546.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58745296.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58771140.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58771468.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58771515.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\59234.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\59828.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\60421.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\60968.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\62796.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\65781.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\66437.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\67359.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\68187.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\68640.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\68750.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\69328.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\238437.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\242375.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\242640.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\242687.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\35656.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\36625.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\36968.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\38062.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\38453.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\39718.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\40390.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\40953.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\41031.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\41953.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\42468.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\42531.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\42593.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\43531.exe File C:\Documents and Settings\Alexexandra\Application Data\drivers\winupgro.exe File C:\Documents and Settings\Alexexandra\Application Data\m\flec006.exe File C:\Documents and Settings\Alexexandra\Application Data\m\shared File C:\Documents and Settings\Alexexandra\Application Data\m\shared\000-714 File C:\Documents and Settings\Alexexandra\Application Data\m\shared\1st_Video_Splitter_4.0.1.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\3D Draw Shadows 2.1.7.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\4Front Sand Brush.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\8_Hour_Shift_Sch File C:\Documents and Settings\Alexexandra\Application Data\m\shared\ADB Auction File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Amore Screensaver 1.0.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\AntBottom_1.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Apis RM File C:\Documents and Settings\Alexexandra\Application Data\m\shared\AssetManage_Home File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Live_IP_Address_1.6.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Lord_of_the_Ring File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Lotto_Number_Gen File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Magic M4A File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Magical Mystery Tour 1.0.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Mastermax_File_S File C:\Documents and Settings\Alexexandra\Application Data\m\shared\MCAFEE.VIRUSSCAN File C:\Documents and Settings\Alexexandra\Application Data\m\shared\MediaSanta File C:\Documents and Settings\Alexexandra\Application Data\m\shared\MediaVideoConverter File C:\Documents and Settings\Alexexandra\Application Data\m\shared\MedReader_Nursin File C:\Documents and Settings\Alexexandra\Application Data\m\shared\PopBar 1.0.0.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Power Wallpaper File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Privacy Control 2.6.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Publish_Query_to File C:\Documents and Settings\Alexexandra\Application Data\m\shared\PuzzleOnline_Hel File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Quick Runner 1.0.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Recipe_Holder_1.0.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\RecordEditor 0.62 Test 2.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Remind! 5.54.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Right_WebGallery File C:\Documents and Settings\Alexexandra\Application Data\m\shared\CompareZilla 1.0.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Computer Hardware.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\CopyAll 1.1.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Countries File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Creative TextFX 1.0.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\CrystalMark_0.9.123.338.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Debt_Hammer_2004_2.1.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\DeviousTrillian_1.3.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Directory File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Fetch Text URL 1.6.3.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\File Viewer 6.01.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\File_Squad_1.0.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Findword 1.2.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Flash Release 1.0.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Fonticate 1.0.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Font_Search_1.07.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Froogie_Froogle_ File C:\Documents and Settings\Alexexandra\Application Data\m\shared\FRS Coloring Book 1.6.1.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\GBTimelapse_2.0.20.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Geforce_Tweak_Ut File C:\Documents and Settings\Alexexandra\Application Data\m\shared\GetReuse File C:\Documents and Settings\Alexexandra\Application Data\m\shared\HeavyLoad 2.4.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Audubon_Close_Up File C:\Documents and Settings\Alexexandra\Application Data\m\shared\ColorPicker 3.1.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Eym_Barcode_Read File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Link Wrangler 1.2 (Key).zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\MemCheck_Pro_3.0.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Orphalese_Tarot_ File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Polestar File C:\Documents and Settings\Alexexandra\Application Data\m\shared\RioDVD_Rigion_Fr File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Symantec.Norton. File C:\Documents and Settings\Alexexandra\Application Data\m\shared\PageHelper_1.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\PALIMPSEST 1.0.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\PasswordsPro_2.3.2.0.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Password_Manager File C:\Documents and Settings\Alexexandra\Application Data\m\shared\PatchBreeze 1.4.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\PC Garbage Remover 4.02.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\PhoneTray_Dialup File C:\Documents and Settings\Alexexandra\Application Data\m\shared\PhotoVidShow 2.16.4.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\PicoConverter_0.1.1.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Team_Scoreboard_ File C:\Documents and Settings\Alexexandra\Application Data\m\shared\The DeTerminator 1.0.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Tloona 8.5.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\TransKing 2.0.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\TruAudit 1.8.1.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\UpOzab_1.6.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\ViruScape_2006_Cracked.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\VisualTimer 1.1.0.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Automate File C:\Documents and Settings\Alexexandra\Application Data\m\shared\AVOne 3GP File C:\Documents and Settings\Alexexandra\Application Data\m\shared\BioniX_Wallpaper_5.4.2.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Blue_M&M_Des File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Bullpen 3.000.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Butterfly File C:\Documents and Settings\Alexexandra\Application Data\m\shared\CAL 0.0.278.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Capture_Flash_1.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\CC-CAM_alarm_system_1.2.5.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\CheetaChat_7.5.100.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Colored Diffs 0.4.2.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Moleskinsoft File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Movie Search 1.0.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\MX Lookup 1.0.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Natural_Ambience_1.5.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\NeT Firewall 3.0.23.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\NUnit Cheat Sheet 1.0.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\OrangeCD_Suite_6.0.2.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Orbitech_Image_F File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Oriens_JPEG_Prof File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Romance Conjugator 0.1.1.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Save-It_2.2.01_( File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Science Database 1.0.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Searchbar File C:\Documents and Settings\Alexexandra\Application Data\m\shared\SearchChips_Yaho File C:\Documents and Settings\Alexexandra\Application Data\m\shared\SmartRead File C:\Documents and Settings\Alexexandra\Application Data\m\shared\SwiftSwitch_2.21.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Disc_Ejector_1.0_(Crack).zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\DoublesFinder_1.1.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Driving File C:\Documents and Settings\Alexexandra\Application Data\m\shared\DX Studio 1.29.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\EasyCustomers_3.6.0.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Easy_Hour_Assign File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Email Spy File C:\Documents and Settings\Alexexandra\Application Data\m\shared\eTrans_1.1.0_(Patch).zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Eudemons_Online_1.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Hungry_Crocodile File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Internet_Radio_Ripper_2.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Intrinsic_Value_ File C:\Documents and Settings\Alexexandra\Application Data\m\shared\iPod_nano_Player_3.1.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\isptimer_3.70.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Kalvyn_Workgroup File C:\Documents and Settings\Alexexandra\Application Data\m\shared\LingvoSoft File C:\Documents and Settings\Alexexandra\Application Data\m\shared\VS.PHP_for_Visua File C:\Documents and Settings\Alexexandra\Application Data\m\shared\VShell Server 3.0.3.569.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Wallpaper Scout 1.41.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Wallpaper_Hijack File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Web_Optimization_Easy_4.0.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\WinCatalog 2009 2.83.zip File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Wondershare File C:\Documents and Settings\Alexexandra\Application Data\m\shared\X10n_1.3.zip File C:\Documents and Settings\Alexexandra\Shared File C:\FindyKill\Tools\winupgro.exe File C:\Program Files\eMule\Incoming\AUTORUN.INF File C:\Program Files\Movie Maker\Shared File C:\Program Files\Movie Maker\Shared\Empty.txt File C:\Program Files\Movie Maker\Shared\Filters.xml File C:\Program Files\Movie Maker\Shared\news.png File C:\Program Files\Movie Maker\Shared\paint.png File C:\Program Files\Movie Maker\Shared\Profiles File C:\Program Files\Movie Maker\Shared\Profiles\Blank.txt File C:\Program Files\Movie Maker\Shared\Sample1.jpg File C:\Program Files\Movie Maker\Shared\Sample2.jpg File C:\Qoobox\Quarantine\C\Documents and Settings\Alexexandra\Application Data\drivers\downld File C:\Qoobox\Quarantine\C\Documents and Settings\Alexexandra\Application Data\drive File C:\Qoobox\Quarantine\C\Documents and Settings\Alexexandra\Application Data\drive File C:\Qoobox\Quarantine\C\Documents and Settings\Alexexandra\Application Data\drive File C:\Qoobox\Quarantine\C\Documents and Settings\Alexexandra\Application Data\drive File C:\Qoobox\Quarantine\C\Documents and Settings\Alexexandra\Application Data\drive File C:\Qoobox\Quarantine\C\Documents and Settings\Alexexandra\Application Data\drive File C:\Qoobox\Quarantine\C\Documents and Settings\Alexexandra\Application Data\drive File C:\Qoobox\Quarantine\C\Documents and Settings\Alexexandra\Application Data\drive 0 bytes
80 bytes
3252 bytes
80 bytes
3252 bytes
766 bytes
766 bytes
766 bytes
80 bytes
80 bytes
1065988 bytes
71684 bytes executable
3252 bytes
610820 bytes executable
61315 bytes
3252 bytes
3252 bytes
99332 bytes executable
71684 bytes executable
610820 bytes executable
61984 bytes
3252 bytes
61331 bytes
71684 bytes executable
3252 bytes
3252 bytes
60537 bytes
80 bytes
80 bytes
80 bytes
3252 bytes
3252 bytes
3601 bytes
3601 bytes
3601 bytes
766 bytes
80 bytes
80 bytes
766 bytes
766 bytes
71684 bytes executable
1065988 bytes
71684 bytes executable
3601 bytes
3601 bytes
3601 bytes
766 bytes
766 bytes
766 bytes
71684 bytes executable
3601 bytes
3601 bytes
3601 bytes
71684 bytes executable
71684 bytes executable
60584 bytes
61626 bytes
99332 bytes executable
71684 bytes executable
67667 bytes executable
71684 bytes executable
71684 bytes executable
99332 bytes executable
60292 bytes
71684 bytes executable
610820 bytes executable
99332 bytes executable
60530 bytes
71684 bytes executable
71684 bytes executable
62468 bytes
62468 bytes
61411 bytes
61836 bytes
766 bytes
766 bytes
766 bytes
766 bytes
71684 bytes executable
766 bytes
766 bytes
99332 bytes executable
71684 bytes executable
71684 bytes executable
99332 bytes executable
610820 bytes executable
610820 bytes executable
1065988 bytes
766 bytes
827396 bytes
766 bytes
766 bytes
71684 bytes executable
61517 bytes
71684 bytes executable
71684 bytes executable
99332 bytes executable
99332 bytes executable
71684 bytes executable
3252 bytes
3252 bytes
3252 bytes
71684 bytes executable
71684 bytes executable
80 bytes
80 bytes
3252 bytes
3252 bytes
3252 bytes
766 bytes
766 bytes
766 bytes
3252 bytes
71684 bytes executable
99332 bytes executable
67667 bytes executable
71684 bytes executable
62278 bytes
60568 bytes
61741 bytes
99332 bytes executable
71684 bytes executable
71684 bytes executable
3252 bytes
3252 bytes
3252 bytes
80 bytes
80 bytes
766 bytes
766 bytes
766 bytes
71684 bytes executable
610820 bytes executable
71684 bytes executable
3601 bytes
3601 bytes
3601 bytes
71684 bytes executable
71684 bytes executable
610820 bytes executable
3252 bytes
3601 bytes
3601 bytes
3601 bytes
3601 bytes
3252 bytes
3252 bytes
3601 bytes
3601 bytes
80 bytes
610820 bytes executable
3252 bytes
610820 bytes executable
61643 bytes
62468 bytes
99332 bytes executable
99332 bytes executable
71684 bytes executable
3252 bytes
3252 bytes
3252 bytes
766 bytes
766 bytes
766 bytes
71684 bytes executable
610820 bytes executable
3601 bytes
3601 bytes
3601 bytes
60243 bytes
60383 bytes
61755 bytes
61787 bytes
71684 bytes executable
62551 bytes
71684 bytes executable
61690 bytes
60370 bytes
99332 bytes executable
60922 bytes
60366 bytes
71684 bytes executable
3601 bytes
3601 bytes
3601 bytes
610820 bytes executable
610820 bytes executable
610820 bytes executable
610820 bytes executable
99332 bytes executable
99332 bytes executable
71684 bytes executable
610820 bytes executable
99332 bytes executable
71684 bytes executable
99332 bytes executable
71684 bytes executable
610820 bytes executable
99332 bytes executable
856064 bytes executable
99332 bytes executable
0 bytes
- U2 UniVerse V10.1 for UNIX & Windows Administration Practice Test Questions 1.0.zip 822573 bytes
901184 bytes
865210 bytes
883614 bytes
edules_for_7_Days_a_Week_1.4_Serial.zip 798735 bytes
Database Professional 5.0.zip 808861 bytes
927095 bytes
955544 bytes
Music to MP3 & Wav Converter 2.00.zip 875866 bytes
_Edition_2006_(Key+Serial).zip 921747 bytes
866467 bytes
s_The_Return_Of_The_King_3D_Screen_Saver_3.3.zip 812417 bytes
erator_1.0.zip 838338 bytes
to MP3 Converter 3.12.zip 917538 bytes
821087 bytes
haring_3.1.zip 1059030 bytes
.2006.V10-ADDICTION.zip 900517 bytes
RM Converter 5.0 Build 90306.zip 979321 bytes
HD Video Converter 3.0.1.0218.zip 888705 bytes
g_Edition_4.0.zip 806791 bytes
907913 bytes
Changer 3.2.zip 858819 bytes
773746 bytes
_HTML_for_SQL_Server_Pro_1.02_[Key+Serial].zip 901364 bytes
pPack_0.05.zip 856181 bytes
860087 bytes
995891 bytes
878888 bytes
842010 bytes
_2.6_With_Crack.zip 977252 bytes
934937 bytes
860392 bytes
956657 bytes
Highlighter 1.0.zip 913261 bytes
899510 bytes
798864 bytes
893921 bytes
952779 bytes
Space Reporter 1.00.zip 848272 bytes
836031 bytes
962327 bytes
878505 bytes
917336 bytes
958682 bytes
918369 bytes
902171 bytes
Submit_1.5.zip 787317 bytes
884306 bytes
1027565 bytes
ility_3.2_[With_Crack].zip 957874 bytes
2.10 [Key+Serial].zip 788618 bytes
796492 bytes
_-Big_Birds_1_1.0.zip 865545 bytes
977288 bytes
er_OCX_2.3.zip 844207 bytes
863288 bytes
1093250 bytes
8.1.1.1[Cracked].zip 806031 bytes
Virtual Printer 1.0.zip 954299 bytes
ee_Player_1.1_Cracked.zip 874159 bytes
Antivirus.Corporate.Edition.v8.1.zip 892279 bytes
922404 bytes
980670 bytes
880412 bytes
_Deluxe_3.5.zip 893205 bytes
1064679 bytes
911429 bytes
_2.27_[With_Crack].zip 842614 bytes
893534 bytes
962657 bytes
1.0.1_Key+Serial.zip 883500 bytes
866999 bytes
1031828 bytes
921539 bytes
892896 bytes
807197 bytes
1032195 bytes
901001 bytes
Inbox Repair Tool 1.00.zip 844565 bytes
Video Converter 2.20.zip 866044 bytes
793667 bytes
ktop_Clock_1.0_Crack.zip 840193 bytes
879364 bytes
ScreenSaver Volume 2 1.0.zip 803179 bytes
920452 bytes
813277 bytes
945303 bytes
920712 bytes
794119 bytes
File Sync 1.9.zip 852942 bytes
938677 bytes
992152 bytes
840614 bytes
872811 bytes
837829 bytes
1009790 bytes
ilter_1.0.0.2.zip 1068820 bytes
essional_1.3.zip 824328 bytes
861598 bytes
Key+Serial).zip 892699 bytes
796452 bytes
Autosizer 1.4.1.zip 1017463 bytes
o_Search_Widget_1.zip 856573 bytes
Mobile TTS SDK 3.2.zip 846272 bytes
937788 bytes
1000370 bytes
946941 bytes
Theory Test Software 1.7.zip 828912 bytes
874669 bytes
850954 bytes
ments_with_Excel_1.4_[KeyGen].zip 883700 bytes
Pro 5.1.6 (KeyGen).zip 835793 bytes
873133 bytes
805103 bytes
s_Screensaver_1.0.zip 921958 bytes
830028 bytes
Investing_Training_Wizard_3.0.zip 870100 bytes
960507 bytes
809343 bytes
_Software_Network_Edition_2006_1.0_Key+Serial.zip 929424 bytes
Suite 2008 English - Korean 2.1.28.zip 783323 bytes
l_Studio_2005_2.1.2.3079.zip 865564 bytes
904089 bytes
889170 bytes
_Remover_3.0.4.zip 889471 bytes
867676 bytes
855359 bytes
AVI MPEG Converter 3.2.49.zip 844201 bytes
844785 bytes
0 bytes
73728 bytes executable
184 bytes
0 bytes
18 bytes
7591 bytes
138660 bytes
67213 bytes
0 bytes
21 bytes
62732 bytes
46822 bytes
0 bytes
rs\downld\54711453.exe.vir 610820 bytes executable
rs\downld\54716343.exe.vir 71684 bytes executable
rs\downld\54718406.exe.vir 71684 bytes executable
rs\downld\54719640.exe.vir 40309 bytes
rs\downld\54721953.exe.vir 60760 bytes
rs\downld\54722500.exe.vir 60924 bytes
rs\downld\54731640.exe.vir 99332 bytes executable
rs\downld\54733453.e

Avast pas une application Win32 valide

EliBagle v12.68 ©2009 S.G.H. / Satinfo S.L. (Actualizado el 15 de Junio del 2009)

EliBagle v12.68 ©2009 S.G.H. / Satinfo S.L. (Actualizado el 15 de Junio del 2009)

Etape 1/ Télécharge :

Etape 2/

Etape 3/

Détections [1] GenProc 2.591 16/06/2009 à 12:37:46

User : Alexexandra (Administrateurs) # MOIRAUD-F8127A6

Update on 12/06/09 by Chiquitine29

Start at: 13:39:09 | 16/06/2009

Website : pagesperso-orange.fr…

AMD Athlon™ 64 X2 Dual Core Processor 4400+

Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

Windows Firewall Status : Enabled

AV : avast! antivirus 4.8.1335 [VPS 090613-0] 4.8.1335 [ (!) Disabled | Updated ]

A:\ # Lecteur de disquettes 3 ½ pouces

C:\ # Disque fixe local # 58,59 Go (18,75 Go free) # NTFS

D:\ # Disque fixe local # 90,45 Go (15,71 Go free) [Données] # NTFS

E:\ # Disque CD-ROM

F:\ # Disque fixe local # 74,52 Go (12,93 Go free) [nouveau disque dur] # NTFS

G:\ # Disque amovible # 3,73 Go (1,16 Go free) # FAT32

Affichage des fichiers cachés : OK

Mode sans echec : OK

(!) Ndisuio -> Start = 4 ( Good = 3 | Bad = 4 )

EapHost -> Start = 3 ( Good = 2 | Bad = 4 )

(!) Ip6Fw -> Start = 4 ( Good = 2 | Bad = 4 )

SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )

wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )

(!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )

User : Alexexandra (Administrateurs) # MOIRAUD-F8127A6

Update on 12/06/09 by Chiquitine29

Start at: 13:47:45 | 16/06/2009

Website : pagesperso-orange.fr…

AMD Athlon™ 64 X2 Dual Core Processor 4400+

Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

Windows Firewall Status : Enabled

AV : avast! antivirus 4.8.1335 [VPS 090613-0] 4.8.1335 [ (!) Disabled | Updated ]

A:\ # Lecteur de disquettes 3 ½ pouces

C:\ # Disque fixe local # 58,59 Go (18,75 Go free) # NTFS

D:\ # Disque fixe local # 90,45 Go (15,71 Go free) [Données] # NTFS

E:\ # Disque CD-ROM

F:\ # Disque fixe local # 74,52 Go (12,93 Go free) [nouveau disque dur] # NTFS

G:\ # Disque amovible # 3,73 Go (1,16 Go free) # FAT32

Mode sans echec : OK

Affichage des fichiers cachés : OK

Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )

EapHost -> Start = 2 ( Good = 2 | Bad = 4 )

Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )

SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )

wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )

wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

Etape 1/ Télécharge :

Etape 2/

Etape 3/

Détections [1] GenProc 2.591 16/06/2009 à 12:37:46

Détections [2] GenProc 2.591 16/06/2009 à 13:59:49

Détections [3] GenProc 2.591 16/06/2009 à 14:04:55

EliBagle v12.69 ©2009 S.G.H. / Satinfo S.L. (Actualizado el 16 de Junio del 2009)

EliBagle v12.69 ©2009 S.G.H. / Satinfo S.L. (Actualizado el 16 de Junio del 2009)