Forum Clubic

Avast pas une application Win32 valide

Bonjour,

Depuis ce week end lorsque j’ai rallumé mon ordinateur je n’ai plus aucun antivirus qui marche, quand j’essaye d’ouvrir AVAST j’ai un message d’erreur qui s’affiche “ashAvast.exe n’est pas une application Win32 valide” , Spyware doctor n’ont plus ne veut plus marcher et j’ai une connexion Internet très lente

Pourriez vous m’aider SVP ?

Je vous en remercie par avance,

alexfce

Salut

Rends toi sur ce site :
EliBagla 12.68
tout en bas de cette page tu trouveras un outil à télécharger,
clique sur “escargar Elibagla” (le numéro de version change au fur et à mesure des mises à jour)
installe ce fichier sur le bureau.
ensuite double-clic sur Elibagla.exe

laisse la case “eliminar ficheros automaticamente” coché
clique sur"explorar"
laisse-le travailler
poste le rapport final qui sera dans c:\infosat.txt
ensuite

télécharges --> Malwarebytes (mbam)
==>¨Malwarebytes

installes + mise a jour
et
Redémarre en “Mode sans échec”

tapote sur la touche F8 jusqu’à l’affichage du menu des options avancées de Windows, et sélectionne “Mode sans échec”.
Choisis ta session habituelle

Lances–> Malwarebytes (MBAM)

  • Puis vas dans l’onglet “Recherche”, coche “Exécuter un examen complet” puis “Rechercher”
  • Sélectionnse tes disques durs" puis clique sur “Lancer l’examen”
  • A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
  • Suppression des éléments détectés --> cliques sur Supprimer la sélection–>a faire

aprés
Télcharges ==>GenProc --> sur le bureau

==>[GenProc[/url]]www.genproc.com…]( Hijackthis

–> Décompresse le sur le bureau
–>Ouvre le dossier créé et lance GenProc.bat(double-cliquer UNE SEULE FOIS sur le fichier GenProc.bat)
->le rapport s’affiche en très peu de temps, c’est normal.
–>Tu obtiendras alors un rapport ==> fais un copié/collé ici

et
poste un Log hijackthis -->Comment installer et renommer correctement ,

regarde–> renommer correctement Hijackthis ==>Générer un rapport

regarde générer un rapport–>[url=http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm)

Voici le rapport après Elibagla :

  (16-6-2009  9:45:34)

EliBagle v12.68 ©2009 S.G.H. / Satinfo S.L. (Actualizado el 15 de Junio del 2009)

Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.68
a “virus@satinfo.es”. Gracias.
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\111WFS1INTWQ.SYS --> Eliminado Bagle(rootkit)
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\11S11RO1S1A2.SYS --> Eliminado Bagle(rootkit)
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\DOWN\132546.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\117437.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\125812.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\130968.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\134931968.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\134937671.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\134940406.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\134945140.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\136765.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\142437.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\150171.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\152476000.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\152477640.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\152479562.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\152482640.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\152496750.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\152498734.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\152597000.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\152602734.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\152608656.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\152621156.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\163531.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\51500.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\54640.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\55750.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\58796.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\60500.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\61415718.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\61419281.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\61457484.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\61460390.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\61499875.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\61507875.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\61513984.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\61527421.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\63687.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\65843.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\75939234.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\75939968.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\75943828.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\75946796.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\75960140.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\75961640.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\76154000.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\76169000.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\76178625.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\76500.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\78703.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\82937.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\90583453.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\90589656.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\90591875.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\90600078.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\90611625.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\90614171.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\90681484.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\90703453.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\90714078.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\90728453.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\95453.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\97546.EXE --> Eliminado Bagle
Restaurada Clave: “SafeBoot\Minimal y Network”
Reinicie para Completar la Limpieza.

  (16-6-2009  9:46:20)

EliBagle v12.68 ©2009 S.G.H. / Satinfo S.L. (Actualizado el 15 de Junio del 2009)

Lista de Acciones (por Exploración):
Explorando “C:”

Nº Total de Directorios: 6417
Nº Total de Ficheros: 71116
Nº de Ficheros Analizados: 13247
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Je passe au 2ème logiciel : Malwarebytes

OK alexfce

EliBagla ==> à nettoyer:super:

Fais malwarebytes et Supprimes tout
poste le rapport

et fais le reste GenProc + Hijackthis

Avast est pas ma tasse de thé ==> 75 % qui viennent ici sont détenteurs d Avast

en free on verra si tu veux Avira Antivir 9 fr==> on verra si tu est décider comment le désinstaller

je reviendrai plus tard en soirée :hello:

Voici le rapport avec Malwarebytes :

Malwarebytes’ Anti-Malware 1.37
Version de la base de données: 2286
Windows 5.1.2600 Service Pack 3

16/06/2009 12:30:11
mbam-log-2009-06-16 (12-30-00).txt

Type de recherche: Examen complet (A:|C:|D:|E:|F:|G:|)
Eléments examinés: 164341
Temps écoulé: 26 minute(s), 5 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sK9Ou0s (Rootkit.Bagle) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
c:\documents and settings\Alexexandra\Application Data\m (Trojan.Agent) -> No action taken.
c:\documents and settings\Alexexandra\Application Data\drivers\downld (Worm.Bagle) -> No action taken.

Fichier(s) infecté(s):
c:\system volume information_restore{593ce356-1fb8-414e-abf6-34973f778e44}\RP908\A0195676.sys (Rootkit.Bagle) -> No action taken.
c:\system volume information_restore{593ce356-1fb8-414e-abf6-34973f778e44}\RP908\A0195704.sys (Rootkit.Bagle) -> No action taken.
c:\system volume information_restore{593ce356-1fb8-414e-abf6-34973f778e44}\RP908\A0196705.sys (Rootkit.Bagle) -> No action taken.
c:\system volume information_restore{593ce356-1fb8-414e-abf6-34973f778e44}\RP910\A0196793.sys (Rootkit.Bagle) -> No action taken.
c:\system volume information_restore{593ce356-1fb8-414e-abf6-34973f778e44}\RP910\A0196794.exe (Trojan.Packed) -> No action taken.

Je fais le reste merci

Le rapport de Genproc :

Rapport GenProc 2.591 [1] - 16/06/2009 à 12:37:32
@ Windows XP Service Pack 3 - Mode normal
@ Internet Explorer (8.0.6001.18702) [Navigateur par défaut]

Etape 1/ Télécharge :

  • CCleaner www.ccleaner.com… (FileHippo). Ce logiciel va permettre de supprimer tous les fichiers temporaires. Lance-le et clique sur “Options”, “Avancé” et décoche la case “Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures”. Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.

  • FindyKill sd-1.archive-host.com… (Chiquitine29) sur le Bureau.

Note importante : l’infection bagle s’installant au moyen d’un crack/keygen, tu dois IMPERATIVEMENT supprimer ce type de fichier.

Etape 2/

Lance l’installation avec les paramètres par défaut

  • Double-clique sur le raccourci FindyKill sur le Bureau (sous Vista : clic droit sur le raccourci --> Exécuter en temps qu’Administrateur) ;
  • Au menu principal, sélectionne l’option 1 (Recherche) ;
  • Le rapport est sauvegardé à la racine du disque dur (C:\FindyKill.txt).
    Avant de faire quoi que ce soit d’autre, il est fortement recommandé de poster le rapport sur le forum pour avoir l’avis d’un spécialiste. Après confirmation par un intervenant qualifié du forum, passe au nettoyage.

Etape 3/

Branche toutes tes sources de données externes (clés USB, disques durs externes, lecteurs mp3, iPod…) sans les ouvrir, puis Relance FindyKill.

  • Sélectionne cette fois l’option 2 (Suppression) au menu principal.
  • Il y aura 2 redémarrages, laisse travailler l’outil jusqu’à l’apparition du message “Nettoyage effectué !”
  • Ensuite poste : le rapport C:\FindyKill.txt ainsi qu’un nouveau rapport GenProc

~~ Arguments de la procédure ~~

Détections [1] GenProc 2.591 16/06/2009 à 12:37:46

Bagle:le 16/06/2009 à 12:37:47 “C:\Documents and Settings\Alexexandra\Application Data\drivers”

~~ Fin à 12:37:47 ~~

Et voici enfin le rapport avec Hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:51, on 16/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [SkyTel] SkyTel.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [Sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions
O4 - HKLM…\Run: [ISTray] “C:\Program Files\Spyware Doctor\pctsTray.exe”
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 - HKLM…\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - C:\Program… Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com…
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE…
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE…
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d’arrière-plan - C:\Program… Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?21b22a1b39b940fc80f546e1834ce638
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - C:\Program… Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?21b22a1b39b940fc80f546e1834ce638
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - upload.facebook.com…
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com…
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - www6.king.com…
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx2.hotmail.com…
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


End of file - 10729 bytes

Que dois-je faire maintenant SVP ?
Edité le 16/06/2009 à 12:53

Re

Tu n as rien supprimé ==> tout est en “Quarantaine”

Malwarebytes==>No Action Taken==> tu as tout les M@rdes en “quarantaine”

Fais ceci
Lances Malwarebytes
==>cliques sur quarantaine==> selectionnes tout et supprimes tout ok !! Tu me confirmeras les suppressions

et
tu refais une analyse Compléte en mode normal + Suppression(s) de ce que tu trouveras éventuellement

Poste le rapport

et aprés fais le reste

@+ cricri58


pour ceci ==>c:\system volume information\_restore

on verra plus tard t inquiéte

on le fera aprés

:hello:


et aprés [b]malwarebytes[/b]

==>FindyKill

étapes 2 et 3 poste les rapports

Voila j’ai refait un malwarebytes et j’ai supprimé les fichiers infecté

le rapport :

Malwarebytes’ Anti-Malware 1.37
Version de la base de données: 2286
Windows 5.1.2600 Service Pack 3

16/06/2009 13:35:46
mbam-log-2009-06-16 (13-35-46).txt

Type de recherche: Examen complet (A:|C:|D:|E:|F:|G:|)
Eléments examinés: 164603
Temps écoulé: 29 minute(s), 59 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
c:\documents and settings\Alexexandra\Application Data\drivers\downld (Worm.Bagle) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

je fais findykill étape 2 et 3 et je poste les rapports

merci

Rapport findykill étape 2 :

############################## | FindyKill V5.002 |

User : Alexexandra (Administrateurs) # MOIRAUD-F8127A6

Update on 12/06/09 by Chiquitine29

Start at: 13:39:09 | 16/06/2009

Website : pagesperso-orange.fr…

AMD Athlon™ 64 X2 Dual Core Processor 4400+

Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

Windows Firewall Status : Enabled

AV : avast! antivirus 4.8.1335 [VPS 090613-0] 4.8.1335 [ (!) Disabled | Updated ]

A:\ # Lecteur de disquettes 3 ½ pouces

C:\ # Disque fixe local # 58,59 Go (18,75 Go free) # NTFS

D:\ # Disque fixe local # 90,45 Go (15,71 Go free) [Données] # NTFS

E:\ # Disque CD-ROM

F:\ # Disque fixe local # 74,52 Go (12,93 Go free) [nouveau disque dur] # NTFS

G:\ # Disque amovible # 3,73 Go (1,16 Go free) # FAT32

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | C: |

################## | C:\WINDOWS |

Présent ! C:\WINDOWS\Prefetch\152476000.EXE-1982646E.pf
Présent ! C:\WINDOWS\Prefetch\152477640.EXE-319B2110.pf
Présent ! C:\WINDOWS\Prefetch\152479562.EXE-042595A3.pf
Présent ! C:\WINDOWS\Prefetch\152482640.EXE-237E86BC.pf
Présent ! C:\WINDOWS\Prefetch\152496750.EXE-1A94669E.pf
Présent ! C:\WINDOWS\Prefetch\152498734.EXE-008FEC18.pf
Présent ! C:\WINDOWS\Prefetch\152593562.EXE-2007453A.pf
Présent ! C:\WINDOWS\Prefetch\152597000.EXE-32FAFB19.pf
Présent ! C:\WINDOWS\Prefetch\152602734.EXE-2B79A966.pf
Présent ! C:\WINDOWS\Prefetch\152608656.EXE-33BB12EE.pf
Présent ! C:\WINDOWS\Prefetch\152621156.EXE-34DADF50.pf
Présent ! C:\WINDOWS\Prefetch\FLEC006.EXE-190B79C3.pf
Présent ! C:\WINDOWS\Prefetch\MDELK.EXE-0EF461CE.pf
Présent ! C:\WINDOWS\Prefetch\WINTEMS.EXE-377E42D4.pf

################## | C:\WINDOWS\system32 |

################## | C:\WINDOWS\system32\drivers |

################## | C:\Documents and Settings\Alexexandra\Application Data |

Présent ! C:\Documents and Settings\Alexexandra\Application Data\drivers

################## | Autres … |

################## | C:\Documents and Settings\Alexexandra\Temporary Internet Files |

Présent ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\1RUS4P0J\b64_3[1].jpg
Présent ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\1RUS4P0J\b64_3[2].jpg
Présent ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\1RUS4P0J\mxd[1].jpg
Présent ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\3R40XG8C\b64_3[1].jpg
Présent ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\CSXPZ0AE\b64_1[1].jpg
Présent ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\CSXPZ0AE\b64_1[2].jpg
Présent ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\F1JIXW1S\b64_6[1].jpg
Présent ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\RTP57RJJ\b64_3[1].jpg
Présent ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\RTP57RJJ\b64_3[2].jpg
Présent ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\YORR5DOY\b64[1].jpg
Présent ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\YORR5DOY\file[1].txt
Présent ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\YORR5DOY\mxd[1].jpg
Présent ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\ZAWA3HOM\b64[1].jpg
Présent ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\ZAWA3HOM\b64_1[1].jpg

################## | Registre / Clés infectieuses |

Présent ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_111111s1ro1s1a]
Présent ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_111111s1ro1s1a]
Présent ! [HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_111111s1ro1s1a]
Présent ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S]
Présent ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S]
Présent ! [HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S]
Présent ! [HKCU\Software\bisoft]
Présent ! [HKCU\Software\MuleAppData]
Présent ! [HKCU\Software\Microsoft\Windows\UI] “KEY540534”
Présent ! [HKU\S-1-5-21-73586283-2025429265-725345543-1004\Software\Microsoft\Windows\UI] “KEY540534”
Présent ! [HKU\S-1-5-21-73586283-2025429265-725345543-1004\Software\bisoft]
Présent ! [HKU\S-1-5-21-73586283-2025429265-725345543-1004\Software\MuleAppData]
Présent ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]
Présent ! [HKU\S-1-5-21-73586283-2025429265-725345543-1004\Software\Local AppWizard-Generated Applications\winupgro]

################## | Etat / Services / Informations |

Affichage des fichiers cachés : OK

Mode sans echec : OK

(!) Ndisuio -> Start = 4 ( Good = 3 | Bad = 4 )

EapHost -> Start = 3 ( Good = 2 | Bad = 4 )

(!) Ip6Fw -> Start = 4 ( Good = 2 | Bad = 4 )

SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )

wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )

(!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )

################## | ! Fin du rapport # FindyKill V5.002 ! |

Findykill Etape 3 Rapport :

############################## | FindyKill V5.002 |

User : Alexexandra (Administrateurs) # MOIRAUD-F8127A6

Update on 12/06/09 by Chiquitine29

Start at: 13:47:45 | 16/06/2009

Website : pagesperso-orange.fr…

AMD Athlon™ 64 X2 Dual Core Processor 4400+

Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

Windows Firewall Status : Enabled

AV : avast! antivirus 4.8.1335 [VPS 090613-0] 4.8.1335 [ (!) Disabled | Updated ]

A:\ # Lecteur de disquettes 3 ½ pouces

C:\ # Disque fixe local # 58,59 Go (18,75 Go free) # NTFS

D:\ # Disque fixe local # 90,45 Go (15,71 Go free) [Données] # NTFS

E:\ # Disque CD-ROM

F:\ # Disque fixe local # 74,52 Go (12,93 Go free) [nouveau disque dur] # NTFS

G:\ # Disque amovible # 3,73 Go (1,16 Go free) # FAT32

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe

################## | C: |

################## | C:\WINDOWS |

Supprimé ! C:\WINDOWS\Prefetch\152476000.EXE-1982646E.pf
Supprimé ! C:\WINDOWS\Prefetch\152477640.EXE-319B2110.pf
Supprimé ! C:\WINDOWS\Prefetch\152479562.EXE-042595A3.pf
Supprimé ! C:\WINDOWS\Prefetch\152482640.EXE-237E86BC.pf
Supprimé ! C:\WINDOWS\Prefetch\152496750.EXE-1A94669E.pf
Supprimé ! C:\WINDOWS\Prefetch\152498734.EXE-008FEC18.pf
Supprimé ! C:\WINDOWS\Prefetch\152593562.EXE-2007453A.pf
Supprimé ! C:\WINDOWS\Prefetch\152597000.EXE-32FAFB19.pf
Supprimé ! C:\WINDOWS\Prefetch\152602734.EXE-2B79A966.pf
Supprimé ! C:\WINDOWS\Prefetch\152608656.EXE-33BB12EE.pf
Supprimé ! C:\WINDOWS\Prefetch\152621156.EXE-34DADF50.pf
Supprimé ! C:\WINDOWS\Prefetch\FLEC006.EXE-190B79C3.pf
Supprimé ! C:\WINDOWS\Prefetch\MDELK.EXE-0EF461CE.pf
Supprimé ! C:\WINDOWS\Prefetch\WINTEMS.EXE-377E42D4.pf
Supprimé ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-0F8DCEDB.pf

################## | C:\WINDOWS\system32 |

################## | C:\WINDOWS\system32\drivers |

################## | C:\Documents and Settings\Alexexandra\Application Data |

Supprimé ! C:\Documents and Settings\Alexexandra\Application Data\drivers

################## | Autres … |

################## | Temporary Internet Files |

Supprimé ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\1RUS4P0J\b64_3[1].jpg
Supprimé ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\1RUS4P0J\b64_3[2].jpg
Supprimé ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\1RUS4P0J\mxd[1].jpg
Supprimé ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\3R40XG8C\b64_3[1].jpg
Supprimé ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\CSXPZ0AE\b64_1[1].jpg
Supprimé ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\CSXPZ0AE\b64_1[2].jpg
Supprimé ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\F1JIXW1S\b64_6[1].jpg
Supprimé ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\RTP57RJJ\b64_3[1].jpg
Supprimé ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\RTP57RJJ\b64_3[2].jpg
Supprimé ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\YORR5DOY\b64[1].jpg
Supprimé ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\YORR5DOY\file[1].txt
Supprimé ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\YORR5DOY\mxd[1].jpg
Supprimé ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\ZAWA3HOM\b64[1].jpg
Supprimé ! C:\Documents and Settings\Alexexandra\Local Settings\Temporary Internet Files\Content.IE5\ZAWA3HOM\b64_1[1].jpg

################## | Registre / Clés infectieuses |

Supprimé ! [HKCU\Software\bisoft]
Supprimé ! [HKCU\Software\MuleAppData]
Supprimé ! [HKCU\Software\Microsoft\Windows\UI] “KEY540534”
Supprimé ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]

################## | Etat / Services / Informations |

Mode sans echec : OK

Affichage des fichiers cachés : OK

Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )

EapHost -> Start = 2 ( Good = 2 | Bad = 4 )

Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )

SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )

wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )

wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | PEH … |

Corrompu : C:\Program Files\Alwil Software\Avast4\ashAvast.exe
[Offset = 0000011C - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[Offset = 00000124 - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[Offset = 0000010C - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashQuick.exe
[Offset = 0000011C - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashServ.exe
[Offset = 00000124 - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
[Offset = 0000011C - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[Offset = 00000114 - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[Offset = 00000114 - Valeur = 0x0001]

Corrompu : C:\Program Files\Spyware Doctor\pctsAuxs.exe
[Offset = 000000F4 - Valeur = 0x0001]

Corrompu : C:\Program Files\Spyware Doctor\pctsSvc.exe
[Offset = 00000104 - Valeur = 0x0001]

Corrompu : C:\Program Files\Spyware Doctor\pctsTray.exe
[Offset = 00000104 - Valeur = 0x0001]

Corrompu : C:\Program Files\Spyware Doctor\Update.exe
[Offset = 00000104 - Valeur = 0x0001]

Corrompu : C:\WINDOWS$hf_mig$\KB951066\update\update.exe
[Offset = 000000EC - Valeur = 0x0001]

Tentative de réparation…
Sauvegarde : update.exe.REN
[Offset = 000000EC - Nouvelle valeur = 0x4C01]
Fichier réparé avec succès.

Corrompu : C:\WINDOWS$hf_mig$\KB951698\update\update.exe
[Offset = 000000EC - Valeur = 0x0001]

Tentative de réparation…
Sauvegarde : update.exe.REN
[Offset = 000000EC - Nouvelle valeur = 0x4C01]
Fichier réparé avec succès.

Corrompu : C:\WINDOWS$hf_mig$\KB958215-IE7\update\update.exe
[Offset = 000000E4 - Valeur = 0x0001]

Tentative de réparation…
Sauvegarde : update.exe.REN
[Offset = 000000E4 - Nouvelle valeur = 0x4C01]
Fichier réparé avec succès.

Corrompu : C:\WINDOWS$hf_mig$\KB961260-IE7\update\update.exe
[Offset = 000000E4 - Valeur = 0x0001]

Tentative de réparation…
Sauvegarde : update.exe.REN
[Offset = 000000E4 - Nouvelle valeur = 0x4C01]
Fichier réparé avec succès.

################## | Cracks / Keygens / Serials |

################## | ! Fin du rapport # FindyKill V5.002 ! |

Voila je refais un rapport genproc maintenant

Rapport GenProc 2.591 [3] - 16/06/2009 à 14:04:52
@ Windows XP Service Pack 3 - Mode normal
@ Internet Explorer (8.0.6001.18702) [Navigateur par défaut]

Etape 1/ Télécharge :

Note importante : l’infection bagle s’installant au moyen d’un crack/keygen, tu dois IMPERATIVEMENT supprimer ce type de fichier.

Etape 2/

Lance l’installation avec les paramètres par défaut

  • Double-clique sur le raccourci FindyKill sur le Bureau (sous Vista : clic droit sur le raccourci --> Exécuter en temps qu’Administrateur) ;
  • Au menu principal, sélectionne l’option 1 (Recherche) ;
  • Le rapport est sauvegardé à la racine du disque dur (C:\FindyKill.txt).
    Avant de faire quoi que ce soit d’autre, il est fortement recommandé de poster le rapport sur le forum pour avoir l’avis d’un spécialiste. Après confirmation par un intervenant qualifié du forum, passe au nettoyage.

Etape 3/

Branche toutes tes sources de données externes (clés USB, disques durs externes, lecteurs mp3, iPod…) sans les ouvrir, puis Relance FindyKill.

  • Sélectionne cette fois l’option 2 (Suppression) au menu principal.
  • Il y aura 2 redémarrages, laisse travailler l’outil jusqu’à l’apparition du message “Nettoyage effectué !”
  • Ensuite poste : le rapport C:\FindyKill.txt ainsi qu’un nouveau rapport GenProc

~~ Arguments de la procédure ~~

Détections [1] GenProc 2.591 16/06/2009 à 12:37:46

Bagle:le 16/06/2009 à 12:37:47 “C:\Documents and Settings\Alexexandra\Application Data\drivers”

Détections [2] GenProc 2.591 16/06/2009 à 13:59:49

Bagle:le 16/06/2009 à 13:59:50 “C:\Documents and Settings\Alexexandra\Application Data\drivers”

Détections [3] GenProc 2.591 16/06/2009 à 14:04:55

Bagle:le 16/06/2009 à 14:04:56 “C:\Documents and Settings\Alexexandra\Application Data\drivers”

~~ Fin à 14:04:56 ~~

Et voilà j’ai tout suivi à la lettre mais ça ne marche toujours pas :frowning:
Avez vous une autre solution pour moi ?
Edité le 16/06/2009 à 14:08

Salut alexfce

Lances Hiackthis

Cliques sur Do a System Scan Only

coches ces Lignes

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dl
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - www6.king.com
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

Fermes tes autres applications et Cliques sur Fix Checked

ensuite

Télécharge Winsockxpfix

sur ton bureau sans l executer au cas tu en aurai besoin aprés

==>WinSock XP Fix

ensuite

Télécharge Combofix

==>ComboFix.exe

==>sur ton Bureau et renomme le avant qu’il vienne sur ton bureau.
pour ce faire fait un clic droit sur Combofix.exe ,choisis “enregistrer la cible du lien sous…” et renomme le en==>alexfce.exe
==> et pour l’emplacement choisis ton bureau et cliques sur “enregistrer”

Double clique==> alexfce.exe ==>(Fichier renommé)
Tapes sur la touche1 pour démarrer le scan et suis les instructions indiquées par combofix.
Lorsque le scan sera terminé, un rapport apparaîtra. Copie/colle ce rapport ici même.
==>Le rapport se trouve également ici : C:\Combofix.txt
==> tu ne devras pas cliquer dans la fenêtre de Combofix pendant l’analyse ; ceci provoquerait le blocage du programme.

PS
si ta connexion internet n’est plus active après le redémarrage

Fait un double clic sur le fichier de WinsockXPFix
clique sur “Fix” au cas faudra faire une réparation manuelle

Télécharge Toolbar-S&D (de la Team IDN) sur ton Bureau.

==>Toolbar S&D

  • Double clique l’icône ToolBar S&D sur le bureau
  • Choisi F pour français et valide
  • Au menu principal de ToolBar S&D choisi l’option 1 (Recherche)
  • Le menu Démarrer et les icônes vont disparaîtrent, c’est normal
  • La recherche s’effectue, cela peut prendre plusieurs minutes, ne touche à rien.
  • Une fois l’analyse terminée, le rapport de recherche s’ouvre dans le Bloc-Note. (Dans le cas où le rapport ne s’ouvre pas, ce dernier se trouve sur C:\TB.txt)

Copier/coller le rapport


[b]PS[/b]

Tu garderas MalwareBytes

tu telechargeras ==>Revo Uninstaller

==>Revo Uninstaller

tu désinstalleras Spyware Doctor (Usine à Gaz )
et ensuite Bonjour

Bonjour Cricri58,

Tout d’abord je tenais à vous remercier d’être revenu hier soir, moi je n’étais plus connecté je vais continuer à suivre vos instructions à la lettre et j’espère que ça va s’arranger en tout cas merci, heureusement qu’il y a des personnes comme vous sur le net pour nous aider nous autres pauvres incultes :wink:

Voici la rapport de Combofix :

ComboFix 09-06-16.02 - Alexexandra 17/06/2009 9:22.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1919.1415 [GMT 2:00]
Lancé depuis: c:\documents and settings\Alexexandra\Mes documents\alexfce.exe
AV: avast! antivirus 4.8.1335 [VPS 090613-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Alexexandra\Application Data\drivers\downld
c:\documents and settings\Alexexandra\Application Data\drivers\winupgro.exe
c:\documents and settings\Alexexandra\Application Data\m
c:\documents and settings\Alexexandra\Application Data\m\shared
C:\Muestras
c:\windows\system32\drivers\down
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe
c:\documents and settings\Alexexandra\Application Data\drivers\111wfs1intwq.sys
c:\documents and settings\Alexexandra\Application Data\drivers\11s11ro1s1a2.sys
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54711453.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54716343.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54718406.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54719640.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54721953.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54722500.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54731640.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54733453.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54761187.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54762140.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54762453.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54765953.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54766562.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54766625.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54771875.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54772953.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54773375.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54774078.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54779671.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54787500.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54810640.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54813937.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54814187.exe
c:\documents and settings\Alexexandra\Application Data\drivers\downld\54814218.exe
c:\documents and settings\Alexexandra\Application Data\m\data.oct
c:\documents and settings\Alexexandra\Application Data\m\list.oct
c:\documents and settings\Alexexandra\Application Data\m\shared\3D_Floating_Easter_Eggs_1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\70-298 - Designing Security for a MS Windows Server 2003 Network 1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\A-one iPod PSP 3GP Video Converter 6.2.5.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Acme CADConverter 7.51.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\AgataSoft_Sutdown_Lite_2.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Aimersoft Video to Audio Converter 2.2.0.37.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\AJT Countdown Rev 3.2.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Album3D_Builder_1.7_(Serial).zip
c:\documents and settings\Alexexandra\Application Data\m\shared\All_to_Text_1.501.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Aloaha PDF Crypter 2.5.14.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Amazon MP3 Search 1.0.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\AppStar_0.1.2.6_Alpha.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\AVG.Anti-Spyware.V.7.5.0.50.+.Crack.(Multilenguaje).Por.Pirata.of.Spain.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\AVG.antivirus.Server.v7.0.+.Crack.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Bad_Girl_by_Drawing_Hand_5.6_[Key+Serial].zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Base64 Encoding ActiveX Library 2.04.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Bejeweled_2_Deluxe.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Block That! 1.0.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\BlueZone_4.0c1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Bonodi_XML_Editor_2.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\C-Mail 3.1.2.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Cel Uploader 1.0.0.3.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\ClickPic_1.0.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Client Tracks 6.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\CMYK_Production_Plus_2.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Compressed NTFS File Decompressor 1.4.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\CooJah 6.1.0.0 Build 090222 Beta.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Cool Free Music Converter 6.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\CoolPopup 1.01.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\CPU_Load_Widget_2.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\CPUsage_1.2.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Cube_Panel_2.2.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\CubeEye 1.6 [Patch].zip
c:\documents and settings\Alexexandra\Application Data\m\shared\DARTrends 0.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Demo_toolbar_for_Outlook_Express_0.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\DNS Cache Tool for ISA Server.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\DopeWars_7650_1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\dragdropupload 1.6.8.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\DSynchronize 2.30.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Duplicate File Eraser 1.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Dynamic Design 1.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\EngInSite_Perl_Editor_Lite_2.0.2_build_37_(With_Crack).zip
c:\documents and settings\Alexexandra\Application Data\m\shared\English_Spanish_Database_1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\episTree_2_Key+Serial.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Extended_Statusbar_1.2.6.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\FlashSwitch 1.0 Build 21.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\FLEETMATE_1.4_build_051_(With_Crack).zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Four_in_Line_(Pocket_PC)1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\FrameTools 1.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\FreeRIP 3.01 KeyGen.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\gbReplace 4.1.27.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Get Password 1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Gisele Bundchen 1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\GoMail_Subscription_Manager_1.0_build_113_With_Crack.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Hilbert Neue Condensed Font Truetype 2.00.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Home_Business_Gold.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\ICD2IMG 1.01.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Images_Finder_1.7.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Internet_Hunter_2.5
(With_Crack).zip
c:\documents and settings\Alexexandra\Application Data\m\shared\iPhone Application Browser 1.0.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\iPlayer 1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\iShell 4.0r9.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\iStory Creator 4.2.0.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\iUpdate 1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\jcop 0.3.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Jetpack (Visual Basic 6.0) 6.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Julia Stiles Screensaver1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Karpesky.Personal.Antivirus.v5.0.227.+key.2007.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Keyword_Market_Value_Analyzer_1.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Kotation_1.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Links_Organizer_2.1.157_(Cracked).zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Lower Blood Pressure 1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\MachineCode Screensaver 1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\MB Free Personal Month Number 1.25.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\MB Free Psychic Color Test 1.55.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\MISPBO Registry Cleaner 3.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Mortgage_Calculator_1.1.4.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Mr. Flash 1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\MyOddIcon 1.01.05.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\NexyFILES 1.0 build 0.39.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\NGDiskcat_1.0.6.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Nuclear visions screensaver 1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Okoker_Quick_Burner_1.4_Patch.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Orneta_Checkers_1.0.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\OSSIM_1.6.8.2.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Phoenixgang_toolbar_for_IE_4.5.132.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Pro frequency Instant EULA 3.6.2.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\ProcessWatchV2_2.0.9_build_14.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\PropertyEditor 4.2.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Pumpkin_Shoot_Game_Demo_Screensaver_1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\RSS Feeder 3.2.3.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\SafeIT File Shredding 2006 7.5.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\SearchView_1.0.8.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\SesamTV Media Center 2.2101.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\silence_screensaver_01.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\SimpleCast_2.5.1_(Patch).zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Smartlock 1.31.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Soft191 Unnecessary File Finder 1.04.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\SSCP Free Test Exam Questions 10.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\STAMP ACT 1.5.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\SWiSHvideo_2.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\SwitchSync Ex 4.6.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\systemDashboard_-Memory_Monitor_1.2.2.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\SystemSleuth_1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Teacher’s Electronic Daybook 3.1a.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\The_Great_Pyramids_of_Giza_Screen_Saver_1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Theme Editor For Roxio CD and DVD Creator 6.x 1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\TimeSage 1.5.3.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\ToolbarMS
-A_MySpace_toolbar_for_Firefox_1.1.2.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Triap_Beta.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\uCertify PrepKit for Oracle exam 1Z0-031 8.02.05.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\UK Threat Level 0.15.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\UltimateMenu_1.0_KeyGen.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\VIMap 1.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\VintaSoftTwain ActiveX Control 4.1.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Visual Probability 2.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\VoipBuster 3.00 Build 531.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\W2EventLogReport 1.03.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\WatchDISK_Disk_Space_Tracker_3.2.27.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\webcam_Bar_toolbar_for_IE_4.5.126.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\WebKeeper 2.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Winsole_2.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Word-It 1.0.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Workout_Printer_1.1
(Key+Serial).zip
c:\documents and settings\Alexexandra\Application Data\m\shared\WriteKanji_1.2.5.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\xls2csv 1.2.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\YASA AVI to iPod Converter 3.0.26.1237.zip
c:\documents and settings\Alexexandra\Application Data\m\shared\Yex_0.0.4.zip
c:\documents and settings\Alexexandra\Application Data\m\srvlist.oct
C:\InfoSat.txt
c:\muestras\WINUPGRO.EXE.Muestra EliBagle v12.68
c:\windows\system32_000006_.tmp.dll
c:\windows\system32_000007_.tmp.dll
c:\windows\system32_000008_.tmp.dll
c:\windows\system32_000011_.tmp.dll
c:\windows\system32_000012_.tmp.dll
c:\windows\system32\ban_list.txt
c:\windows\system32\drivers\down\54778484.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_111111S1RO1S1A
-------\Service_111111s1ro1s1a

((((((((((((((((((((((((((((( Fichiers créés du 2009-05-17 au 2009-06-17 ))))))))))))))))))))))))))))))))))))
.

2009-06-17 07:14 . 2006-10-07 01:04 856064 ----a-w- c:\windows\system32\SkyTel.EXE
2009-06-16 16:16 . 2009-06-17 07:26 -------- d–h--w- c:\documents and settings\Alexexandra\Application Data\drivers
2009-06-16 10:58 . 2009-06-16 16:10 -------- d-----w- C:\FindyKill
2009-06-16 10:56 . 2009-06-16 10:56 -------- d-----w- c:\program files\CCleaner
2009-06-16 10:42 . 2009-06-16 10:42 -------- d-----w- c:\program files\Trend Micro
2009-06-16 10:37 . 2009-06-16 10:37 -------- d-----w- C:\GenProc
2009-06-16 09:57 . 2009-06-16 09:57 -------- d-----w- c:\documents and settings\Alexexandra\Application Data\Malwarebytes
2009-06-16 09:57 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-16 09:57 . 2009-06-16 09:57 -------- d-----w- c:\program files\Malwarebytes’ Anti-Malware
2009-06-16 09:57 . 2009-06-16 09:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-16 09:57 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-11 01:40 . 2009-06-11 01:40 -------- d-sh–w- c:\documents and settings\LocalService\IETldCache
2009-06-10 04:26 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 04:26 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-08 08:11 . 2009-06-08 08:11 -------- d-sh–w- c:\documents and settings\Alexexandra\IECompatCache
2009-06-08 08:07 . 2009-06-08 08:07 -------- d-sh–w- c:\documents and settings\Alexexandra\PrivacIE
2009-06-08 08:06 . 2009-06-08 08:06 -------- d-sh–w- c:\documents and settings\NetworkService\IETldCache
2009-06-08 08:05 . 2009-06-08 08:05 -------- d-sh–w- c:\documents and settings\Alexexandra\IETldCache
2009-06-08 07:42 . 2009-06-11 01:02 -------- d-----w- c:\windows\ie8updates
2009-06-08 07:42 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-08 07:40 . 2009-06-08 07:42 -------- dc-h–w- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-17 07:13 . 2007-07-30 05:05 -------- d-----w- c:\program files\Windows Live Toolbar
2009-06-16 20:28 . 2007-05-18 17:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-16 15:57 . 2007-11-17 16:12 -------- d—a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-16 11:54 . 2004-08-05 12:00 49734 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-16 11:54 . 2004-08-05 12:00 370832 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-16 11:28 . 2007-05-18 17:31 -------- d-----w- c:\program files\Winamp
2009-06-12 08:29 . 2007-06-02 10:58 -------- d-----w- c:\program files\Spyware Doctor
2009-05-13 05:04 . 2004-08-05 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:33 . 2004-08-05 12:00 348672 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 15:57 . 2009-05-01 15:56 -------- d-----w- c:\program files\PhotoFiltre Studio
2009-05-01 15:57 . 2009-05-01 15:57 45 —h–w- c:\windows\dsez5868.dat
2009-04-25 07:51 . 2007-05-18 17:29 -------- d-----w- c:\program files\eMule
2009-04-19 19:50 . 2007-05-19 08:46 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:53 . 2004-08-05 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2007-11-25 11:17 . 2007-11-25 11:16 4344685 -c–a-w- c:\program files\installpro.exe
2007-06-20 16:50 . 2007-06-20 16:50 3655608 -c–a-w- c:\program files\FLV PlayerRCATSetup.exe
2007-06-20 16:50 . 2007-06-20 16:49 25990432 -c–a-w- c:\program files\FLV PlayerRCSetup.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2006-07-13 7626752]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2006-07-13 86016]
“Google Desktop Search”=“c:\program files\Google\Google Desktop Search\GoogleDesktop.exe” [2008-06-21 29744]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2008-12-18 136600]
“Sony Ericsson PC Suite”=“c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2005-10-26 159744]
“ISTray”=“c:\program files\Spyware Doctor\pctsTray.exe” [2009-06-17 1168264]
“WinampAgent”=“c:\program files\Winamp\winampa.exe” [2009-03-09 37888]
“AppleSyncNotifier”=“c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe” [2008-07-22 116040]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2009-06-17 81000]
“nwiz”=“nwiz.exe” - c:\windows\system32\nwiz.exe [2006-07-13 1519616]
“SkyTel”=“SkyTel.EXE” - c:\windows\system32\SkyTel.EXE [2006-10-07 856064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableLUA”= 0 (0x0)

Les clés de Registre SafeBoot doivent être réparées. Cette machine ne peut pas utiliser le Mode Sans Échec.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E967-E325-11CE-BFC1-08002BE10318}]
@=“DiskDrive”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@=“Hdc”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@=“Keyboard”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@=“Mouse”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@=“System”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@=“Volume”

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\eMule\emule.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“c:\Program Files\Real\RealPlayer\realplay.exe”=
“c:\Program Files\Winamp Remote\bin\Orb.exe”=
“c:\Program Files\Winamp Remote\bin\OrbTray.exe”=
“c:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe”=
“c:\Program Files\Bonjour\mDNSResponder.exe”=
“c:\Program Files\iTunes\iTunes.exe”=
“c:\Program Files\MSN Messenger\msnmsgr.exe”=
“c:\Program Files\MSN Messenger\livecall.exe”=

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [16/05/2007 16:59 34944]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [28/03/2008 08:18 356920]
S3 GoogleDesktopManager-051608-133132;Google Desktop Manager 5.7.805.16405;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [02/06/2007 12:54 29744]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\drivers\usb8023.sys [05/08/2004 14:00 12800]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
“c:\windows\system32\rundll32.exe” “c:\windows\system32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP
.
Contenu du dossier ‘Tâches planifiées’

2009-06-17 c:\windows\Tasks\Google Software Updater.job

  • c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-18 02:11]

2009-06-17 c:\windows\Tasks\User_Feed_Synchronization-{89A8798C-2E6E-43E5-9BFD-650BBB153FAA}.job

  • c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
    .
    .
    ------- Examen supplémentaire -------
    .
    uSearchMigratedDefaultURL = www.google.com…
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = www.google.com…
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - favorites.live.com…
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Ouvrir dans un nouvel onglet d’arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?21b22a1b39b940fc80f546e1834ce638
    IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?21b22a1b39b940fc80f546e1834ce638
    .

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2009-06-17 09:27
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés …

Recherche d’éléments en démarrage automatique cachés …

Recherche de fichiers cachés …

Scan terminé avec succès
Fichiers cachés: 0


.
--------------------- DLLs chargées dans les processus actifs ---------------------

              • ‘explorer.exe’(3476)
                c:\windows\system32\eappprxy.dll
                c:\windows\system32\webcheck.dll
                c:\windows\system32\WPDShServiceObj.dll
                c:\windows\system32\PortableDeviceTypes.dll
                c:\windows\system32\PortableDeviceApi.dll
                .
                ------------------------ Autres processus actifs ------------------------
                .
                c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                c:\program files\Bonjour\mDNSResponder.exe
                c:\program files\Java\jre6\bin\jqs.exe
                c:\windows\system32\nvsvc32.exe
                c:\windows\system32\wbem\wmiapsrv.exe
                c:\windows\system32\wscntfy.exe
                c:\windows\system32\CF30298.exe
                c:\windows\system32\rundll32.exe
                c:\program files\Fichiers communs\Teleca Shared\CapabilityManager.exe
                c:\program files\Fichiers communs\Teleca Shared\Generic.exe
                c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
                .


.
Heure de fin: 2009-06-17 9:30 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-17 07:30

Avant-CF: 20 852 363 264 octets libres
Après-CF: 21 793 116 160 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP dition familiale” /noexecute=optin /fastdetect /usepmtimer

355 — E O F — 2009-06-11 01:03

Voila le rapport de Toolbar :

-----------\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon™ 64 X2 Dual Core Processor 4400+ )
BIOS : BIOS Date: 12/04/06 15:45:54 Ver: 08.00.12
USER : Alexexandra ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090613-0] 4.8.1335 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:58 Go (Free:20 Go)
D:\ (Local Disk) - NTFS - Total:90 Go (Free:15 Go)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:74 Go (Free:12 Go)

“C:\ToolBar SD” ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 17/06/2009| 9:39 )

-----------\ Recherche de Fichiers / Dossiers …

C:\WINDOWS\iun6002.exe

-----------\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

-----------\ […\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Local Page”=“C:\WINDOWS\system32\blank.htm”
“Start Page”=“http://www.msn.com/
“Search Page”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
“SearchMigratedDefaultURL”=“http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
“Default_Page_URL”=“http://go.microsoft.com/fwlink/?LinkId=69157
“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896
“Local Page”=“C:\WINDOWS\system32\blank.htm”
“Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157

--------------------\ Recherche d’autres infections

C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\drivers\down
==> BAGLE <==

--------------------\ Cracks & Keygens …

C:\DOCUME~1\ALEXEX~1\Application Data\Microsoft\Office\Recent\Serial Activation Crack Microsoft Office System 2007 Pro Enterprise Corporate Plus Professional Attivazione seriali Ita Eng de fr ru 32 64 bit.LNK
C:\DOCUME~1\ALEXEX~1\Recent\the sims 3 Serial - keygen.lnk

1 - “C:\ToolBar SD\TB_1.txt” - 17/06/2009| 9:39 - Option : [1]

-----------\ Fin du rapport a 9:39:40,60

Je télécharge revo uninstaller je désinstalles spyware doctor et je vous attends pour la suite

merci
Edité le 17/06/2009 à 09:41

Salut

  • Double clique sur l’icône ToolBar S&D sur le bureau
  • Choisi F pour français et valide
  • Au menu principal de ToolBar S&D choisi l’option 2 (Suppression)
  • Le menu démarrer et les icônes vont à nouveau disparaître… c’est normal.
  • Le nettoyage va prendre quelques minutes…
  • Une fois l’opération terminée, le rapport de nettoyage s’ouvre

Copier/coller le rapport

ensuite

Refais

==>Elibagla

tout en bas de cette page tu trouveras un outil
à télécharger,clique sur “escargar Elibagla” (le numéro de version change au fur et à mesure des mises à jour)
installe ce fichier sur le bureau.
ensuite double-clic sur Elibagla.exe

laisse la case “eliminar ficheros automaticamente” coché
clique sur"explorar"
laisse-le travailler
poste le rapport final qui s trouve dans c:\infosat.txt

seulement aprés

Télécharges SafeBoot.reg

Pour télécharger ce fichier fais un clic droit sur le lien qui est en bleu dans ma réponse choisis pour :

==>SafeBoot.reg

  • Internet Explorer : Enregistrer la cible sous
  • Firefox : Enregistrer la cible du lien sous
  • Enregistre ce fichier sur le bureau

  • Déconnecte ton PC du net

  • Clic droit sur SafeBoot.reg choisis Fusionner dans la liste, accepte la fusion avec le registre

aprés

installes Ccleaner

==>Ccleaner

Une fois sur le bureau, clic sur l’install de CCleaner.
-> Mais avant de cliquer sur le bouton “installer”, décoche toutes les “options supplémentaires”.(install de la barre yahoo,etc…)

–>Ensuite, clique sur “Options”, “Avancé” et décoche la case
–>“Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures”.
–>Clique sur l’onglet “Nettoyeur” puis sur “Lancer le Nettoyage”.
–> Ensuite clique sur l’icone Registre, à droite, clique sur “Chercher des erreurs” puis sur “Réparer les erreurs sélectionnées”.

Accepte la sauvegarde, de la BDR (base de registre )qu’il propose .
Je te conseille de le repasser au moins deux fois,(ou + jusqu’à qu’il ne trouve plus d’erreurs.)

Redémarres ton Pc-

tu n as plus D Antivirus==>essayes d installer Avira si tu n arrives pas à l installer passe à la suite

télécharges et installes Avira AntiVir Personal Free 9.0.0.65==> fr

==>Avira AntiVir Personal Free 9.0.0.65

mets à jour et fais une Analyse Compléte
poste le rapport

et pour termner

Télécharge Random’s System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.

==>RSIT Random’s/Random’s

==> Double-clique sur RSIT.exe afin de lancer RSIT.
==> Clique sur Continue à l’écran Disclaimer.
==> Si l’outil HijackThis (version à jour) n’est pas présent ou non détecté sur l’ordinateur, RSIT le téléchargera et tu devras accepter la licence.
==>Lorsque l’analyse sera terminée, deux fichiers texte s’ouvriront.

==> Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

Note : Les deux rapports sont également sauvegardés %systemroot%\rsit


Et je te dis à plus tard

@+cricri58:hello:

Rapport toolbar :

-----------\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon™ 64 X2 Dual Core Processor 4400+ )
BIOS : BIOS Date: 12/04/06 15:45:54 Ver: 08.00.12
USER : Alexexandra ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090613-0] 4.8.1335 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:58 Go (Free:20 Go)
D:\ (Local Disk) - NTFS - Total:90 Go (Free:15 Go)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:74 Go (Free:12 Go)

“C:\ToolBar SD” ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 17/06/2009|10:57 )

-----------\ SUPPRESSION

Supprime! - C:\WINDOWS\iun6002.exe

-----------\ Recherche de Fichiers / Dossiers …

-----------\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

-----------\ […\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Local Page”=“C:\WINDOWS\system32\blank.htm”
“Start Page”=“http://www.msn.com/
“Search Page”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
“SearchMigratedDefaultURL”=“http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
“Default_Page_URL”=“http://go.microsoft.com/fwlink/?LinkId=69157
“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896
“Local Page”=“C:\WINDOWS\system32\blank.htm”
“Start Page”=“http://www.msn.com/

--------------------\ Recherche d’autres infections

C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\drivers\down
==> BAGLE <==

--------------------\ Cracks & Keygens …

C:\DOCUME~1\ALEXEX~1\Application Data\Microsoft\Office\Recent\Serial Activation Crack Microsoft Office System 2007 Pro Enterprise Corporate Plus Professional Attivazione seriali Ita Eng de fr ru 32 64 bit.LNK
C:\DOCUME~1\ALEXEX~1\Recent\the sims 3 Serial - keygen.lnk

1 - “C:\ToolBar SD\TB_1.txt” - 17/06/2009| 9:39 - Option : [1]
2 - “C:\ToolBar SD\TB_2.txt” - 17/06/2009|10:58 - Option : [2]

-----------\ Fin du rapport a 10:58:03,79

Rapport Elibagla :

  (17-6-2009  9:3:27)

EliBagle v12.69 ©2009 S.G.H. / Satinfo S.L. (Actualizado el 16 de Junio del 2009)

Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.69
a “virus@satinfo.es”. Gracias.
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\111WFS1INTWQ.SYS --> Eliminado Bagle(rootkit)
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\11S11RO1S1A2.SYS --> Eliminado Bagle(rootkit)
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\DOWN\578500.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\117718.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\123046.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\129921.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\157468.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\43609.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\44968.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\470203.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\47390.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\473906.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\474781.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\48718.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\505531.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\506718.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\582531.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\588312.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\749125.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\756656.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\80937.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ALEXEXANDRA\APPLICATION DATA\DRIVERS\DOWNLD\82234.EXE --> Eliminado Bagle
Restaurada Clave: “SafeBoot\Minimal y Network”
Reinicie para Completar la Limpieza.

  (17-6-2009  9:3:53)

EliBagle v12.69 ©2009 S.G.H. / Satinfo S.L. (Actualizado el 16 de Junio del 2009)

Lista de Acciones (por Exploración):
Explorando “C:”
C:\Qoobox\Quarantine\C\Documents and Settings\Alexexandra\Application Data\drivers\111WFS1INTWQ.SYS.VIR --> Eliminado Bagle(rootkit)
C:\Qoobox\Quarantine\C\Documents and Settings\Alexexandra\Application Data\drivers\11S11RO1S1A2.SYS.VIR --> Eliminado Bagle(rootkit)
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\down\54778484.EXE.VIR --> Eliminado Bagle

Nº Total de Directorios: 6231
Nº Total de Ficheros: 60011
Nº de Ficheros Analizados: 13218
Nº de Ficheros Infectados: 3
Nº de Ficheros Limpiados: 3
Edité le 17/06/2009 à 11:11

OK c est impecc!!pour l instant==> continue

aie j’ai un souci, ccleaner ne veut pas s’ouvrir, la page s’ouvre une demi seconde et se referme !

Sinon laisse Ccleaner

telecharge ATF-Cleaner

==> ATF-Cleaner

fais un nettoyage

Tutoriel==>[Tuto[/url]]www.dualforum.com…]( [url=http://www.dualforum.com/viewtopic15681.html)

ATF-Cleaner


Aprés avoir fais le reste Avira+ RSIT + posté les rapports

Télécharges Gmer.

=>GMER

Dézippe le dans un dossier ou sur ton bureau.

Déconnecte toi d’Internet puis et ferme tous les programmes.
Double-clique sur Gmer.exe.

IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s’executer.

Clique sur l’onglet rootkit.
A droite, coche Files et Services.
Clique maintenant sur Scan.

Lorsque le scan est terminé, poste le rapport

et

installes cet Utilitaire

==>FileHippo

et fais toutes les mises à jour qu il te proposera laisse toi guider==>sauf les Versions Bétas

Pour le reste je regarderai ce soir Tard laisse ton PC tranquille d ici la

:hello:

et merde avec ATF cleaner c’est pareil je le lance la page s’allume une demi seconde et s’eteind

est ce que je fais le reste qd meme ?

J’ai un message qui s’est affiché " Prévention de l’exécution des données, Windows a fermé ce programme"

nom : Internet Explorer
editeur : microsoft corporation
Edité le 17/06/2009 à 11:44

tu essaieras aprés Ccleaner ou ATF

aprés avoir régarder la dedans Windows XP

==>Paramétrer ou désactiver la Prévention d’Exécution des Données

et non malheureusement toujours pas ni l’un ni l’autre ne veut souvrir…

Fais le reste que je t ai donné à faire Avira et RSIT

Fais aussi GMER et FileHippo ne t obstine pas avec Ccleaner ou ATF

Bonjour,

Avira et RSIT ne veulent pas marcher non plus impossible à les installer

j’essaie GMER et FileHippo

Voila ce que me marque GIMER :

GMER 1.0.15.14972 - www.gmer.net…
Rootkit scan 2009-06-18 09:30:57
Windows 5.1.2600 Service Pack 3

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld 0 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\100171.exe 80 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\100625.exe 3252 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\100781.exe 80 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\101171.exe 3252 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\103406.exe 766 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\104531.exe 766 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\104937.exe 766 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\105031.exe 80 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\105640.exe 80 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\105765.exe 1065988 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\106500.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\107984.exe 3252 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\109031.exe 610820 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\109546.exe 61315 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\109718.exe 3252 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\110593.exe 3252 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\110812.exe 99332 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\111718.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\112281.exe 610820 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\112953.exe 61984 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\113171.exe 3252 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\113515.exe 61331 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\114031.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\114046.exe 3252 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\114593.exe 3252 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\115703.exe 60537 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\117140.exe 80 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\117515.exe 80 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\117750.exe 80 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\156421.exe 3252 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\156796.exe 3252 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\157859.exe 3601 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\158328.exe 3601 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\158375.exe 3601 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\159750.exe 766 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\160015.exe 80 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\160625.exe 80 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\160796.exe 766 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\161203.exe 766 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\161828.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\168453.exe 1065988 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\179843.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\182359.exe 3601 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\182640.exe 3601 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\182687.exe 3601 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\185843.exe 766 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\188031.exe 766 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\188453.exe 766 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\190359.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\192390.exe 3601 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\192656.exe 3601 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\192687.exe 3601 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\43718.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\44703.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\45390.exe 60584 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\45968.exe 61626 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\46375.exe 99332 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\47359.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\47468.exe 67667 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\48625.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\49531.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\54765.exe 99332 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\56812.exe 60292 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58625.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58665843.exe 610820 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58670781.exe 99332 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58671.exe 60530 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58672218.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58688796.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58689734.exe 62468 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58692171.exe 62468 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\118218.exe 61411 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\118906.exe 61836 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\119906.exe 766 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\120953.exe 766 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\121359.exe 766 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\121531.exe 766 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\122000.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\123343.exe 766 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\123750.exe 766 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\125093.exe 99332 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\125343.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\127500.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\127968.exe 99332 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\128265.exe 610820 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\128687.exe 610820 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\129093.exe 1065988 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\131890.exe 766 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\132187.exe 827396 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\134109.exe 766 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\134500.exe 766 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\137734.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\69937.exe 61517 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\71171.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\72578.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\78703.exe 99332 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\79718.exe 99332 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\80343.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\85406.exe 3252 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\86328.exe 3252 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\87140.exe 3252 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\87218.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\92421.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\92562.exe 80 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\93156.exe 80 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\94921.exe 3252 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\95750.exe 3252 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\96312.exe 3252 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\96390.exe 766 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\97546.exe 766 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\97953.exe 766 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\99703.exe 3252 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\99906.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14662953.exe 99332 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14666593.exe 67667 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14690937.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14708812.exe 62278 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14711484.exe 60568 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14712312.exe 61741 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14720859.exe 99332 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\147296.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14732812.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14760890.exe 3252 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14761906.exe 3252 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14762562.exe 3252 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14766218.exe 80 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14766234.exe 80 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14769140.exe 766 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14770031.exe 766 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14770437.exe 766 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14772750.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14778953.exe 610820 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14832953.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14838218.exe 3601 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14841265.exe 3601 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14841312.exe 3601 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\149234.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\149343.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\151265.exe 610820 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\152703.exe 3252 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\152890.exe 3601 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\153187.exe 3601 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\153453.exe 3601 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\153515.exe 3601 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\153640.exe 3252 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\154187.exe 3252 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\154343.exe 3601 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\154390.exe 3601 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\118109.exe 80 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\14660765.exe 610820 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\155578.exe 3252 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\231734.exe 610820 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\43656.exe 61643 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58692765.exe 62468 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\69375.exe 99332 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58701250.exe 99332 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58702250.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58729250.exe 3252 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58730140.exe 3252 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58730656.exe 3252 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58737421.exe 766 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58738500.exe 766 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58738906.exe 766 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58739546.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58745296.exe 610820 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58771140.exe 3601 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58771468.exe 3601 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\58771515.exe 3601 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\59234.exe 60243 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\59828.exe 60383 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\60421.exe 61755 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\60968.exe 61787 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\62796.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\65781.exe 62551 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\66437.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\67359.exe 61690 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\68187.exe 60370 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\68640.exe 99332 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\68750.exe 60922 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\69328.exe 60366 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\238437.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\242375.exe 3601 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\242640.exe 3601 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\242687.exe 3601 bytes
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\35656.exe 610820 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\36625.exe 610820 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\36968.exe 610820 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\38062.exe 610820 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\38453.exe 99332 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\39718.exe 99332 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\40390.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\40953.exe 610820 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\41031.exe 99332 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\41953.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\42468.exe 99332 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\42531.exe 71684 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\42593.exe 610820 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\downld\43531.exe 99332 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\drivers\winupgro.exe 856064 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\m\flec006.exe 99332 bytes executable
File C:\Documents and Settings\Alexexandra\Application Data\m\shared 0 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\000-714 - U2 UniVerse V10.1 for UNIX & Windows Administration Practice Test Questions 1.0.zip 822573 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\1st_Video_Splitter_4.0.1.zip 901184 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\3D Draw Shadows 2.1.7.zip 865210 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\4Front Sand Brush.zip 883614 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\8_Hour_Shift_Schedules_for_7_Days_a_Week_1.4_Serial.zip 798735 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\ADB Auction Database Professional 5.0.zip 808861 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Amore Screensaver 1.0.zip 927095 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\AntBottom_1.zip 955544 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Apis RM Music to MP3 & Wav Converter 2.00.zip 875866 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\AssetManage_Home_Edition_2006_(Key+Serial).zip 921747 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Live_IP_Address_1.6.zip 866467 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Lord_of_the_Rings_The_Return_Of_The_King_3D_Screen_Saver_3.3.zip 812417 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Lotto_Number_Generator_1.0.zip 838338 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Magic M4A to MP3 Converter 3.12.zip 917538 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Magical Mystery Tour 1.0.zip 821087 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Mastermax_File_Sharing_3.1.zip 1059030 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\MCAFEE.VIRUSSCAN.2006.V10-ADDICTION.zip 900517 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\MediaSanta RM Converter 5.0 Build 90306.zip 979321 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\MediaVideoConverter HD Video Converter 3.0.1.0218.zip 888705 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\MedReader_Nursing_Edition_4.0.zip 806791 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\PopBar 1.0.0.zip 907913 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Power Wallpaper Changer 3.2.zip 858819 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Privacy Control 2.6.zip 773746 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Publish_Query_to_HTML_for_SQL_Server_Pro_1.02_[Key+Serial].zip 901364 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\PuzzleOnline_HelpPack_0.05.zip 856181 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Quick Runner 1.0.zip 860087 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Recipe_Holder_1.0.zip 995891 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\RecordEditor 0.62 Test 2.zip 878888 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Remind! 5.54.zip 842010 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Right_WebGallery_2.6_With_Crack.zip 977252 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\CompareZilla 1.0.zip 934937 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Computer Hardware.zip 860392 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\CopyAll 1.1.zip 956657 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Countries Highlighter 1.0.zip 913261 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Creative TextFX 1.0.zip 899510 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\CrystalMark_0.9.123.338.zip 798864 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Debt_Hammer_2004_2.1.zip 893921 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\DeviousTrillian_1.3.zip 952779 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Directory Space Reporter 1.00.zip 848272 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Fetch Text URL 1.6.3.zip 836031 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\File Viewer 6.01.zip 962327 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\File_Squad_1.0.zip 878505 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Findword 1.2.zip 917336 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Flash Release 1.0.zip 958682 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Fonticate 1.0.zip 918369 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Font_Search_1.07.zip 902171 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Froogie_Froogle_Submit_1.5.zip 787317 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\FRS Coloring Book 1.6.1.zip 884306 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\GBTimelapse_2.0.20.zip 1027565 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Geforce_Tweak_Utility_3.2_[With_Crack].zip 957874 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\GetReuse 2.10 [Key+Serial].zip 788618 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\HeavyLoad 2.4.zip 796492 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Audubon_Close_Up_-Big_Birds_1_1.0.zip 865545 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\ColorPicker 3.1.zip 977288 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Eym_Barcode_Reader_OCX_2.3.zip 844207 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Link Wrangler 1.2 (Key).zip 863288 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\MemCheck_Pro_3.0.zip 1093250 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Orphalese_Tarot_8.1.1.1
[Cracked].zip 806031 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Polestar Virtual Printer 1.0.zip 954299 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\RioDVD_Rigion_Free_Player_1.1_Cracked.zip 874159 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Symantec.Norton.Antivirus.Corporate.Edition.v8.1.zip 892279 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\PageHelper_1.zip 922404 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\PALIMPSEST 1.0.zip 980670 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\PasswordsPro_2.3.2.0.zip 880412 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Password_Manager_Deluxe_3.5.zip 893205 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\PatchBreeze 1.4.zip 1064679 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\PC Garbage Remover 4.02.zip 911429 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\PhoneTray_Dialup_2.27_[With_Crack].zip 842614 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\PhotoVidShow 2.16.4.zip 893534 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\PicoConverter_0.1.1.zip 962657 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Team_Scoreboard_1.0.1_Key+Serial.zip 883500 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\The DeTerminator 1.0.zip 866999 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Tloona 8.5.zip 1031828 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\TransKing 2.0.zip 921539 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\TruAudit 1.8.1.zip 892896 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\UpOzab_1.6.zip 807197 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\ViruScape_2006_Cracked.zip 1032195 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\VisualTimer 1.1.0.zip 901001 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Automate Inbox Repair Tool 1.00.zip 844565 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\AVOne 3GP Video Converter 2.20.zip 866044 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\BioniX_Wallpaper_5.4.2.zip 793667 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Blue_M&M_Desktop_Clock_1.0_Crack.zip 840193 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Bullpen 3.000.zip 879364 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Butterfly ScreenSaver Volume 2 1.0.zip 803179 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\CAL 0.0.278.zip 920452 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Capture_Flash_1.zip 813277 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\CC-CAM_alarm_system_1.2.5.zip 945303 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\CheetaChat_7.5.100.zip 920712 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Colored Diffs 0.4.2.zip 794119 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Moleskinsoft File Sync 1.9.zip 852942 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Movie Search 1.0.zip 938677 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\MX Lookup 1.0.zip 992152 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Natural_Ambience_1.5.zip 840614 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\NeT Firewall 3.0.23.zip 872811 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\NUnit Cheat Sheet 1.0.zip 837829 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\OrangeCD_Suite_6.0.2.zip 1009790 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Orbitech_Image_Filter_1.0.0.2.zip 1068820 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Oriens_JPEG_Professional_1.3.zip 824328 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Romance Conjugator 0.1.1.zip 861598 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Save-It_2.2.01_(Key+Serial).zip 892699 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Science Database 1.0.zip 796452 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Searchbar Autosizer 1.4.1.zip 1017463 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\SearchChips_Yahoo_Search_Widget_1.zip 856573 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\SmartRead Mobile TTS SDK 3.2.zip 846272 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\SwiftSwitch_2.21.zip 937788 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Disc_Ejector_1.0_(Crack).zip 1000370 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\DoublesFinder_1.1.zip 946941 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Driving Theory Test Software 1.7.zip 828912 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\DX Studio 1.29.zip 874669 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\EasyCustomers_3.6.0.zip 850954 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Easy_Hour_Assignments_with_Excel_1.4_[KeyGen].zip 883700 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Email Spy Pro 5.1.6 (KeyGen).zip 835793 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\eTrans_1.1.0_(Patch).zip 873133 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Eudemons_Online_1.zip 805103 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Hungry_Crocodiles_Screensaver_1.0.zip 921958 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Internet_Radio_Ripper_2.zip 830028 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Intrinsic_Value_Investing_Training_Wizard_3.0.zip 870100 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\iPod_nano_Player_3.1.zip 960507 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\isptimer_3.70.zip 809343 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Kalvyn_Workgroup_Software_Network_Edition_2006_1.0_Key+Serial.zip 929424 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\LingvoSoft Suite 2008 English - Korean 2.1.28.zip 783323 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\VS.PHP_for_Visual_Studio_2005_2.1.2.3079.zip 865564 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\VShell Server 3.0.3.569.zip 904089 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Wallpaper Scout 1.41.zip 889170 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Wallpaper_Hijack_Remover_3.0.4.zip 889471 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Web_Optimization_Easy_4.0.zip 867676 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\WinCatalog 2009 2.83.zip 855359 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\Wondershare AVI MPEG Converter 3.2.49.zip 844201 bytes
File C:\Documents and Settings\Alexexandra\Application Data\m\shared\X10n_1.3.zip 844785 bytes
File C:\Documents and Settings\Alexexandra\Shared 0 bytes
File C:\FindyKill\Tools\winupgro.exe 73728 bytes executable
File C:\Program Files\eMule\Incoming\AUTORUN.INF 184 bytes
File C:\Program Files\Movie Maker\Shared 0 bytes
File C:\Program Files\Movie Maker\Shared\Empty.txt 18 bytes
File C:\Program Files\Movie Maker\Shared\Filters.xml 7591 bytes
File C:\Program Files\Movie Maker\Shared\news.png 138660 bytes
File C:\Program Files\Movie Maker\Shared\paint.png 67213 bytes
File C:\Program Files\Movie Maker\Shared\Profiles 0 bytes
File C:\Program Files\Movie Maker\Shared\Profiles\Blank.txt 21 bytes
File C:\Program Files\Movie Maker\Shared\Sample1.jpg 62732 bytes
File C:\Program Files\Movie Maker\Shared\Sample2.jpg 46822 bytes
File C:\Qoobox\Quarantine\C\Documents and Settings\Alexexandra\Application Data\drivers\downld 0 bytes
File C:\Qoobox\Quarantine\C\Documents and Settings\Alexexandra\Application Data\drivers\downld\54711453.exe.vir 610820 bytes executable
File C:\Qoobox\Quarantine\C\Documents and Settings\Alexexandra\Application Data\drivers\downld\54716343.exe.vir 71684 bytes executable
File C:\Qoobox\Quarantine\C\Documents and Settings\Alexexandra\Application Data\drivers\downld\54718406.exe.vir 71684 bytes executable
File C:\Qoobox\Quarantine\C\Documents and Settings\Alexexandra\Application Data\drivers\downld\54719640.exe.vir 40309 bytes
File C:\Qoobox\Quarantine\C\Documents and Settings\Alexexandra\Application Data\drivers\downld\54721953.exe.vir 60760 bytes
File C:\Qoobox\Quarantine\C\Documents and Settings\Alexexandra\Application Data\drivers\downld\54722500.exe.vir 60924 bytes
File C:\Qoobox\Quarantine\C\Documents and Settings\Alexexandra\Application Data\drivers\downld\54731640.exe.vir 99332 bytes executable
File C:\Qoobox\Quarantine\C\Documents and Settings\Alexexandra\Application Data\drivers\downld\54733453.e