j'ai chopé winupgro Résolu/Fermé

Question

Bonjour,

ben voil j'ai pris winupgro :

moralité avast s'est désinstallé, impossible de le relancer. J'ai voulu mette AVG free, il me dit il y a déjà un antivirus ... j'ai donc désinstallé avast. AVG ne veut pas s'installer, pareil pour antivir

comme j'ai vu qu'il fallait faire un hijack (je ne sais pas ce que c'est) je le télécharge et je vous mets dans le message d'après le rapport

merci

NAPO1804 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:00:09, on 03/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\WINDOWS\System32
vsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\Mixer.exe
D:\Program Files\Goto Software\Vade Retro\Vaderetro_Mgr.exe
D:\Program Files\Vista Drive Icon\DrvIcon.exe
D:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Picasa2\PicasaMediaDetector.exe
D:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\Messenger\msmsgs.exe
D:\PROGRA~1\MI3AA1~1apimgr.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
D:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
D:\Documents and Settings\Xavier\Application Data\drivers\downld\367875.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Xavier\Local Settings\Temporary Internet Files\Content.IE5\CCL2E5E3\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] D:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] D:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [VadeRetro Outlook] D:\Program Files\Goto Software\Vade Retro\VrMoRegister.exe -s
O4 - HKLM\..\Run: [VadeRetro Desktop] D:\Program Files\Goto Software\Vade Retro\Vaderetro_Mgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DrvIcon] D:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [CTCheck] D:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\VistaCodecPack\QT\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "D:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [Shockwave Updater] D:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; InfoPath.2; Creative ZENcast v2.00.13)" -"https://www.miniclip.com/games/china-2008/en/"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = D:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: RocketDock.lnk = D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: Y'z Toolbar.lnk = D:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32
vsvc32.exe

Destrio5 · Answer

Salut,

Pourquoi tu dis winupgro ?

NAPO1804 · Answer

parceque je le vois tourner dans mes processus et que j'ai vu que c'es tun virus ... donc je pense que c'est lui la source de tous mes problèmes

Destrio5 · Answer

1/

--> Démarre Spybot, clique sur Mode, coche Mode avancé.
--> A gauche, clique sur Outils, puis sur Résident.
--> Décoche la case devant Résident "TeaTimer" :
http://apu.mabul.org/up/5/apu-5-gpdx9e06cwz2dypom2q7n6nc.jpg
--> Quitte Spybot.


2/

--> Télécharge FindyKill (par Chiquitine29) sur ton Bureau.

--> Lance l'installation avec les paramètres par défaut.

--> Double-clique sur le raccourci FindyKill sur ton Bureau.

--> Au menu principal, choisis l'option 1 (Recherche).

--> Poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.

Destrio5 · Answer

FindyKill directement.

Destrio5 · Answer

--> Supprime tes cracks et keygens.

--> Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir.

--> Double-clique sur le raccourci FindyKill sur ton Bureau.

--> Au menu principal, choisis l'option 2 (Suppression).

/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

--> Ensuite, poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.

NAPO1804 · Answer

voila le résultat :

----------------- FindyKill V4.710 ------------------

* User : Xavier - ADMIN-6S9ZHHX6R
* executed from : D:\Program Files\FindyKill
* Update on 21/12/08 par Chiquitine29
* Start at 22:06:12 the 03/01/2009
* Windows XP - Internet Explorer 7.0.5730.13
 
 
((((((((((((((( *** deleting *** ))))))))))))))))))  
 
 
--------------- [ Active Processes ] ----------------  
 

D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\logonui.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\WINDOWS\System32
vsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\userinit.exe
 
--------------- [ Infected files / folders ] ----------------  
 
 
»»»» Supression files in D: 
 
 
»»»» Supression files in D:\WINDOWS 
 
 
»»»» Supression files in D:\WINDOWS\Prefetch 
 
Deleted ! - D:\WINDOWS\prefetch\CRAC.EXE-0E890010.pf 
 
»»»» Supression files in D:\WINDOWS\system32 
 
Deleted ! - D:\WINDOWS\system32\ban_list.txt  
 
»»»» Supression files in D:\WINDOWS\system32\config\systemprofile\AppData\Roaming 
 
 
»»»» Supression files in D:\WINDOWS\system32\drivers 
 
Deleted ! - D:\WINDOWS\system32\drivers\srosa.sys  
Deleted ! - D:\WINDOWS\system32\drivers\srosa2.sys  
 
»»»» Supression files in D:\Documents and Settings\Xavier\Application Data 
 
Deleted ! - "D:\Documents and Settings\Xavier\Application Data\drivers\srosa.sys"  
Deleted ! - "D:\Documents and Settings\Xavier\Application Data\drivers\srosa2.sys"  
Deleted ! - "D:\Documents and Settings\Xavier\Application Data\drivers\winupgro.exe"  
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\101296.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\101890.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\102187.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\102593.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\103015.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\103062.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\103078.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\103453.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\104765.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\104859.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\112421.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\113046.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\113375.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\113984.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\114828.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\118234.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\12439437.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\12439968.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\12446015.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\12465640.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\12466312.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\12466609.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\12479125.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\127031.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\130734.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\130859.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\131031.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\131281.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\131625.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\142781.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\143468.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\143625.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\175812.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\180562.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\181203.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\181359.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\197453.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\199281.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\206937.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\207796.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\207968.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\209203.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\210140.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\210171.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\217171.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\220437.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\221296.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\221828.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\222140.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\223312.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\223796.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\224562.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\225203.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\225640.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\238609.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\239531.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\239593.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\243453.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\244109.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\244437.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\253062.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\253953.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\254156.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\254375.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\254812.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\255093.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\255343.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\256281.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\257171.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\258328.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\258390.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\259468.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\260000.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\265281.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\265562.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\265703.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\266937.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\268218.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\268703.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\269484.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\270265.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\270812.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\281343.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\281640.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\282328.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\282812.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\283125.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\283500.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\285000.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\290546.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\291093.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\291359.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\291515.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\294343.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\294828.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\294859.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\294937.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\295015.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\295453.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\296234.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\298093.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\299140.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\300718.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\308937.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\309031.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\309093.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\310000.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\310515.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\310656.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\311390.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\311781.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\312156.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\312765.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\316921.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\317812.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\317984.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\319140.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\319156.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\330859.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\331578.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\331640.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\331921.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\332062.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\332328.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\332640.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\332687.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\333031.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\333328.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\334218.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\334953.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\335546.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\336109.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\336765.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\337015.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\339203.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\341593.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\342296.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\342468.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\346625.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\347828.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\348812.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\354906.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\355125.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\355328.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\355781.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\356156.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\356218.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\360921.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\369250.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\370687.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\371890.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\372406.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\373546.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\374125.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\375078.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\376015.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\376812.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\378890.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\379484.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\379578.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\382859.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\383125.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\383453.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\392328.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\393546.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\394031.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\394812.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\395562.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\396015.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\399843.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\400343.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\400546.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\414921.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\416515.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\417359.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\423421.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\432640.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\433093.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\433453.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\449593.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\459687.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\460156.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\460218.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\471156.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\471890.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\472203.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\476734.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\60890.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\63546.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\63656.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\64796.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\658578.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\65859.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\658859.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\659000.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\67109.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\687140.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\687406.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\687468.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\73171.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\73312.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\73484.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\73921.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\74281.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\74828.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\75562.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\76046.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\76062.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\77562.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\79156.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\85187.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\86093.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\87375.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\87687.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\93421.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\97265.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\97312.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\97375.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\98718.exe 
Deleted ! - D:\Documents and Settings\Xavier\Application Data\drivers\downld\99437.exe 
Deleted ! - "D:\Documents and Settings\Xavier\Application Data\drivers\downld"  
Deleted ! - "D:\Documents and Settings\Xavier\Application Data\drivers"  
 
»»»» Supression files in D:\DOCUME~1\Xavier\LOCALS~1\Temp 
 
Deleted ! - D:\DOCUME~1\Xavier\LOCALS~1\Temp\PatchByFile.tmp     
 
»»»» Supression files in D:\Documents and Settings\Xavier\Local Settings\Temporary Internet Files\Content.IE5 
 
Deleted ! - D:\Documents and Settings\Justine\Local Settings\Temporary Internet Files\Content.IE5\G6I4BTCT\44851294E8917D6BB6472DFC6E1DC[1].jpg    
Deleted ! - D:\Documents and Settings\Justine\Local Settings\Temporary Internet Files\Content.IE5\VGKXFVYX\d0a7ab64d7399db61bbf4a853acb9605[1].jpg    
Deleted ! - D:\Documents and Settings\Justine\Local Settings\Temporary Internet Files\Content.IE5\VGKXFVYX\D3FFAFDB6414C3E2453CE2289386[1].jpg    
Deleted ! - D:\Documents and Settings\Xavier\Local Settings\Temporary Internet Files\Content.IE5\2ECLYTRI\b64[1].jpg    
Deleted ! - D:\Documents and Settings\Xavier\Local Settings\Temporary Internet Files\Content.IE5\2ECLYTRI\b64_1[1].jpg    
Deleted ! - D:\Documents and Settings\Xavier\Local Settings\Temporary Internet Files\Content.IE5\2ECLYTRI\b64_3[1].jpg    
Deleted ! - D:\Documents and Settings\Xavier\Local Settings\Temporary Internet Files\Content.IE5\6SKJMD7R\b64_2[1].jpg    
Deleted ! - D:\Documents and Settings\Xavier\Local Settings\Temporary Internet Files\Content.IE5\6SKJMD7R\b64_5[1].jpg    
Deleted ! - D:\Documents and Settings\Xavier\Local Settings\Temporary Internet Files\Content.IE5\ADQTRPW6\b64_3[1].jpg    
Deleted ! - D:\Documents and Settings\Xavier\Local Settings\Temporary Internet Files\Content.IE5\CCL2E5E3\44851294E8917D6BB6472DFC6E1DC[1].jpg    
Deleted ! - D:\Documents and Settings\Xavier\Local Settings\Temporary Internet Files\Content.IE5\CCL2E5E3\b64_1[1].jpg    
Deleted ! - D:\Documents and Settings\Xavier\Local Settings\Temporary Internet Files\Content.IE5\CCL2E5E3\b64_1[2].jpg    
Deleted ! - D:\Documents and Settings\Xavier\Local Settings\Temporary Internet Files\Content.IE5\CCL2E5E3\b64_1[3].jpg    
Deleted ! - D:\Documents and Settings\Xavier\Local Settings\Temporary Internet Files\Content.IE5\CCL2E5E3\b64_1[4].jpg    
Deleted ! - D:\Documents and Settings\Xavier\Local Settings\Temporary Internet Files\Content.IE5\CCL2E5E3\mxd[1].jpg    
Deleted ! - D:\Documents and Settings\Xavier\Local Settings\Temporary Internet Files\Content.IE5\IO1DUOTY\b64[1].jpg    
Deleted ! - D:\Documents and Settings\Xavier\Local Settings\Temporary Internet Files\Content.IE5\IO1DUOTY\b64_1[1].jpg    
Deleted ! - D:\Documents and Settings\Xavier\Local Settings\Temporary Internet Files\Content.IE5\IO1DUOTY\b64_1[2].jpg    
Deleted ! - D:\Documents and Settings\Xavier\Local Settings\Temporary Internet Files\Content.IE5\IO1DUOTY\b64_1[3].jpg    
Deleted ! - D:\Documents and Settings\Xavier\Local Settings\Temporary Internet Files\Content.IE5\IO1DUOTY\b64_1[4].jpg    
Deleted ! - D:\Documents and Settings\Xavier\Local Settings\Temporary Internet Files\Content.IE5\KQLUZR82\b64[1].jpg    
Deleted ! - D:\Documents and Settings\Xavier\Local Settings\Temporary Internet Files\Content.IE5\KQLUZR82\b64_2[1].jpg    
Deleted ! - D:\Documents and Settings\Xavier\Local Settings\Temporary Internet Files\Content.IE5\LBGONTYW\b64_1[1].jpg    
Deleted ! - D:\Documents and Settings\Xavier\Local Settings\Temporary Internet Files\Content.IE5\LBGONTYW\b64_2[1].jpg    
Deleted ! - D:\Documents and Settings\Xavier\Local Settings\Temporary Internet Files\Content.IE5\LBGONTYW\mxd[1].jpg    
Deleted ! - D:\Documents and Settings\Xavier\Local Settings\Temporary Internet Files\Content.IE5\TTZKWANH\b64[1].jpg    
Deleted ! - D:\Documents and Settings\Xavier\Local Settings\Temporary Internet Files\Content.IE5\TTZKWANH\b64[2].jpg    
Deleted ! - D:\Documents and Settings\Xavier\Local Settings\Temporary Internet Files\Content.IE5\TTZKWANH\b64_1[1].jpg    
Deleted ! - D:\Documents and Settings\Xavier\Local Settings\Temporary Internet Files\Content.IE5\TTZKWANH\b64_1[2].jpg    
Deleted ! - D:\Documents and Settings\Xavier\Local Settings\Temporary Internet Files\Content.IE5\TTZKWANH\b64_3[1].jpg    
 
--------------- [ Other deleting ] ----------------  
 
Infected ! - "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> Deleted !  
 
--------------- [  Registry / Infected keys ] ---------------- 
 
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA   
Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA   
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S   
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S   
Deleted ! - HKEY_USERS\S-1-5-21-839522115-854245398-725345543-1004\Software\Local AppWizard-Generated Applications\msnmsgr   
Deleted ! - HKEY_USERS\S-1-5-21-839522115-854245398-725345543-1004\Software\Local AppWizard-Generated Applications\winupgro   
 
--------------- [ States / Restarting of services ] ---------------- 
 
+- Safe boot mode restored ! 


+- Services : [ Auto=2 / Request=3 / Disable=4 ] 

 Ndisuio - Type of startup  = 3 
 
 EapHost - Type of startup  = 2 
 
 Ip6Fw - Type of startup  = 2 
 
 SharedAccess - Type of startup  = 2 
 
 wuauserv - Type of startup  = 2 
 
 wscsvc - Type of startup  = 2 
 
 
---------------   [ Cleaning removable drives ] ----------------  
 
+- Informations : 

C: - Lecteur fixe

D: - Lecteur fixe

E: - Lecteur fixe

F: - Lecteur de CD-ROM

G: - Lecteur de CD-ROM

H: - Lecteur amovible

I: - Lecteur fixe

 
+- deleting files : 
 
Not deleted !! - G:\autorun.inf  
 
--------------- [ Registry / Mountpoint2 ] ----------------  
 
 
 -> Not found ! 
 
 
--------------- [ Searching Cracks / Keygen ] ----------------  
 
D:\Documents and Settings\Xavier\Favoris\Tutorial crack cle wep.url
 
 
---------------- ! End of report ! ------------------

Destrio5 · Answer

---> Désinstalle FindyKill.

---> Réinstalle tes applications infectées (Antivirus...)

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.

NAPO1804 · Answer

déjà j'ai pu réinstaler AVG ! :)

Destrio5 · Answer

---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

NAPO1804 · Answer

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1604
Windows 5.1.2600 Service Pack 3

03/01/2009 23:02:32
mbam-log-2009-01-03 (23-02-32).txt

Type de recherche: Examen rapide
Eléments examinés: 59278
Temps écoulé: 9 minute(s), 15 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
D:\Documents (Trojan.Agent) -> Quarantined and deleted successfully.

Destrio5 · Answer

1/

---> Relance MBAM, va dans Quarantaine et supprime tout.

---> Mets à jour Adobe Reader :
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html


2/

---> Lance ce fichier : D:\Program Files	rend micro\Xavier.exe  

---> Choisis Do a system scan only.

---> Coche les cases qui sont devant les lignes suivantes :

O4 - HKCU\..\Run: [drvsyskit] D:\Documents and Settings\Xavier\Application Data\drivers\winupgro.exe 

O4 - HKCU\..\Run: [german.exe] D:\WINDOWS\system32\wintems.exe 

---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

---> Ferme HijackThis.


3/

---> Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries sur ton Bureau :
* Décompresse le fichier sur le Bureau (Clic droit > Extraire tout).
* Double-clique sur le répertoire JavaRa.
* Puis double-clique sur le fichier JavaRa.exe (le exe peut ne pas s'afficher).
* Clique sur Search For Updates.
* Sélectionne Update Using jucheck.exe puis clique sur Search.
* Autorise le processus à se connecter s'il le demande, clique sur Install et suis les instructions d'installation qui prennent quelques minutes.
* L'installation est terminée, reviens à l'écran de JavaRa et clique sur Remove Older Versions.
* Clique sur Oui pour confirmer. Laisse travailler et clique ensuite sur Ok, puis une deuxième fois sur Ok.
* Un rapport va s'ouvrir. Poste-le dans ta prochaine réponse.
* Ferme l'application.
Note : le rapport se trouve aussi dans C:\ sous le nom JavaRa.log.

NAPO1804 · Answer

JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Jan 03 23:29:23 2009

Found and removed: D:\Program Files\Java\jre1.5.0_11

Found and removed: D:\Program Files\Java\jre1.6.0_05

Found and removed: D:\Program Files\Java\jre1.6.0_07

Found and removed: Software\JavaSoft\Java2D\1.5.0_11

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\JavaPlugin.150_11

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150110}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_11

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

------------------------------------

Finished reporting.

Destrio5 · Answer

---> Supprime JavaRa.

---> Supprime le dossier RSIT situé dans C:\

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.

NAPO1804 · Answer

Logfile of random's system information tool 1.05 (written by random/random)
Run by Xavier at 2009-01-03 23:38:40
Microsoft Windows XP Édition familiale Service Pack 3
System drive D: has 48 GB (62%) free of 79 GB
Total RAM: 1023 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:38:46, on 03/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\WINDOWS\System32
vsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\PROGRA~1\AVG\AVG8\avgemc.exe
D:\Program Files\AVG\AVG8\avgtray.exe
D:\WINDOWS\System32\msiexec.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\PROGRA~1\AVG\AVG8\aAvgApi.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\Xavier\Local Settings\Temporary Internet Files\Content.IE5\JCHTDAAN\RSIT[1].exe
D:\Program Files	rend micro\Xavier.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] D:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] D:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [VadeRetro Outlook] D:\Program Files\Goto Software\Vade Retro\VrMoRegister.exe -s
O4 - HKLM\..\Run: [VadeRetro Desktop] D:\Program Files\Goto Software\Vade Retro\Vaderetro_Mgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DrvIcon] D:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [CTCheck] D:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\VistaCodecPack\QT\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Uninstall getPlus(R) for Adobe] "D:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "D:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [Shockwave Updater] D:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; InfoPath.2; Creative ZENcast v2.00.13)" -"https://www.miniclip.com/games/china-2008/en/"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = D:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: RocketDock.lnk = D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: Y'z Toolbar.lnk = D:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - D:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32
vsvc32.exe

Destrio5 · Answer

Pour vérifier :

- Fais un scan en ligne ici https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr (Avec Internet Explorer).

- En bas à droite, clique sur Démarrer Online-scanner.

- Dans la nouvelle fenêtre qui s'affiche, clique sur J'accepte.

- Accepte les Contrôles ActiveX.

- Choisis Poste de travail pour le scan.

- Celui-ci terminé, sauvegarde (Choisis fichier texte) et poste le rapport.

- Pour t'aider à utiliser le scan en ligne :
https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId291566

NOTE : Si tu reçois le message La licence de Kaspersky On-line Scanner est périmée, va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.

NAPO1804 · Answer

bon je crosi que ça va tourner toute la nuit ...
j'en suis à 4% et 1 virus trouvé + 252 objets infectés ! 

merci mille fois en tous cas.
je le laisse tourner cette nuit et je posterai demain matin le résultat !

Destrio5 · Answer

Ok mais vu que le rapport va être gros, tu peux me l'envoyer par mail (Clique sur mon pseudo).

NAPO1804 · Answer

bonjour :p
alors l'antivirus kaspersky on line a tourné toute la nuit. Il a fini. Mais je ne vois pas où il faut aller pour enregistrer le rapport et ensuite nettoyer les virus trouver ...

[URL=https://imageshack.com/][IMG]http://img508.imageshack.us/img508/4509/sanstitreyj5.jpg[/IMG][/URL]
[URL=http://g.imageshack.us/img508/sanstitreyj5.jpg/1/][IMG]http://img508.imageshack.us/img508/sanstitreyj5.jpg/1/w740.png[/IMG][/URL]

Destrio5 · Answer

Il ne nettoie pas les virus.

Par contre, la dernière fois, j'avais une option pour le rapport. Je ne le vois pas dans ton screen.

NAPO1804 · Answer

bon j'ai trouvé : j'avais oublié d'accepter le activeX ... comme c'était la même fenêtre que les fenêtres indésirables !
alors je l'ai relancé, et j'ai stoppé quand j'ai eu les 1+252 comme dans l'analyse complète. ça donne ça: 

-------------------------------------------------------------------------------
 KASPERSKY ON-LINE SCANNER REPORT
 Sunday, January 04, 2009 11:18:03 AM
 Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
 Kaspersky On-line Scanner version : 5.0.84.2
 Dernière mise à jour de la base antivirus Kaspersky :  4/01/2009
 Enregistrements dans la base antivirus Kaspersky : 1395318
-------------------------------------------------------------------------------

Paramètres d'analyse:
	Analyser avec la base antivirus suivante: standard
	Analyser les archives: vrai
	Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
	A:\
	C:\
	D:\
	E:\
	F:\
	G:\
	H:\
	I:\

Statistiques de l'analyse:
	Total d'objets analysés: 1983
	Nombre de virus trouvés: 1
	Nombre d'objets infectés: 252 / 0
	Nombre d'objets suspects: 0
	Durée de l'analyse: 00:04:07

Nom de l'objet infecté / Nom du virus / Dernière action
C:\System Volume Information\MountPointManagerRemoteDatabase	L'objet est verrouillé	ignoré
C:\System Volume Information\_restore{CA30637E-84F1-4E75-86C0-8BA2B902B084}\RP363\change.log	L'objet est verrouillé	ignoré
D:\Avenger\m\shared\0.zip/keygen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\A Daily Rock Quote 1.0.2.zip/install_patch.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\A Daily Rock Quote 1.0.2.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Accent WORD Password Recovery 2.60.zip/install_patch.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Accent WORD Password Recovery 2.60.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\AccExp 1.01.0.zip/key_gen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\AccExp 1.01.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\AlfredDrake 001.000.zip/key_generator.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\AlfredDrake 001.000.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Antivirus.Panda.Platinium.2005.Esp.Crack.zip/key_gen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Antivirus.Panda.Platinium.2005.Esp.Crack.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\anyQuery 2.5.0.4.zip/setup.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\anyQuery 2.5.0.4.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\aoTuV Beta5.5.zip/key_generator.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\aoTuV Beta5.5.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\AUAU AMR MP3 OGG Converter 4.4.zip/install_crack.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\AUAU AMR MP3 OGG Converter 4.4.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Audio Sampler 1.0.zip/keygen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Audio Sampler 1.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\AudioRight Recorder 2.0.zip/run.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\AudioRight Recorder 2.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Autobahn.zip/key_gen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Autobahn.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\AutoZoomPage 1.1.zip/patch.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\AutoZoomPage 1.1.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\BORGChat 1.0.0.438.zip/key_gen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\BORGChat 1.0.0.438.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Buddy Alert 1.0.zip/keygen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Buddy Alert 1.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Capture-It! 1.0.zip/key_generator.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Capture-It! 1.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Cook'n Favorites 7.0.zip/crac.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Cook'n Favorites 7.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Creative MediaSource Plugin for MiniDisc 1.00.58.zip/setup.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Creative MediaSource Plugin for MiniDisc 1.00.58.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Cyber-D's SAV Cleaner 1.01.zip/setup.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Cyber-D's SAV Cleaner 1.01.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\DB Elephant Oracle Converter 1.1.zip/setup.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\DB Elephant Oracle Converter 1.1.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Desktop iCalendar Lite 1.2.zip/setup.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Desktop iCalendar Lite 1.2.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\DiamondCS NetCheck 1.0.zip/keygen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\DiamondCS NetCheck 1.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\drweb-432b-win-en.crack_Dr.Web.4.32b.2007.KeY.zip/setup.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\drweb-432b-win-en.crack_Dr.Web.4.32b.2007.KeY.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\DUTraffic 1.5 RC2 build 36.zip/install_patch.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\DUTraffic 1.5 RC2 build 36.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\EAHide Pro 1.5.zip/key_generator.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\EAHide Pro 1.5.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\eccoMAGIC 1.21.zip/key_generator.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\eccoMAGIC 1.21.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\EF Duplicate Files Manager 5.10.zip/keygen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\EF Duplicate Files Manager 5.10.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Element Gorilla Plus 1.5.zip/install_crack.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Element Gorilla Plus 1.5.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\etrust_Antivirus_CA_v7.1.194_with.Keygen_German.zip/setup.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\etrust_Antivirus_CA_v7.1.194_with.Keygen_German.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\F-Prot.Antivirus.for.Windows.v3.16b-[WarezFAW.Com].zip/key_gen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\F-Prot.Antivirus.for.Windows.v3.16b-[WarezFAW.Com].zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\FDC - Free Data Capture Tool 1.0.zip/key_gen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\FDC - Free Data Capture Tool 1.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\FilePackager Professional Edition 5.1.zip/install_crack.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\FilePackager Professional Edition 5.1.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Flash Menu Builder 1.0.zip/keygen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Flash Menu Builder 1.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Globalizer.NET 1.3.0.zip/install_crack.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Globalizer.NET 1.3.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Heart of Jungle 5.07.zip/keygen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Heart of Jungle 5.07.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\HM WebCopy 1.0.zip/install_crack.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\HM WebCopy 1.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\honestech Photo DVD 3.0.zip/install.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\honestech Photo DVD 3.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\idlescreen 0.3 Alpha.zip/serial.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\idlescreen 0.3 Alpha.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\iDoubler 1.14.zip/crac.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\iDoubler 1.14.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\IE Deja Vu 1.03a.zip/keygen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\IE Deja Vu 1.03a.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Illumination 110 Lighting Console 1.02.zip/keygen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Illumination 110 Lighting Console 1.02.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Image Enhance 3.2.4.zip/setup.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Image Enhance 3.2.4.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Internet Password Keeper 1.4.zip/key_gen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Internet Password Keeper 1.4.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\iPod Copier 1.0.zip/install_crack.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\iPod Copier 1.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\JAD 1.5.8.zip/run.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\JAD 1.5.8.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\JPad Pro 5.5.zip/crac.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\JPad Pro 5.5.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Kaspersky.Anti-Virus.6.0.1.411.Final.-.Serial.-.Valid.until.16-7-07.zip/key_generator.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Kaspersky.Anti-Virus.6.0.1.411.Final.-.Serial.-.Valid.until.16-7-07.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Keep-in-Touch Pro 1.0.1 Beta.zip/serial.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Keep-in-Touch Pro 1.0.1 Beta.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Key Presser 1.3.zip/serial.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Key Presser 1.3.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\LCD Clock Opera Widget 1.0.zip/patch.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\LCD Clock Opera Widget 1.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Luxor Las Vegas 1.0.zip/keygen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Luxor Las Vegas 1.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Macafee.VirusScan.Plus_2007_Full.zip/install.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Macafee.VirusScan.Plus_2007_Full.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\McAfee.Policy.Enforcer.v2.0.0.Multilingual.WinServer-DVT.zip/install_crack.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\McAfee.Policy.Enforcer.v2.0.0.Multilingual.WinServer-DVT.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\McAfee.VirusScan.v10.0.21._4.zip/install.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\McAfee.VirusScan.v10.0.21._4.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\MicroRun 1.00.zip/install.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\MicroRun 1.00.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\MIDI to WAV Converter 6.0 Build 50.zip/install_crack.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\MIDI to WAV Converter 6.0 Build 50.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\MidiGlass 1.0.9.1 Build 91.zip/install.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\MidiGlass 1.0.9.1 Build 91.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Mini Have A Day 1.2.zip/keygen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Mini Have A Day 1.2.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\MITCalc - Force shaft connection 1.14.zip/crac.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\MITCalc - Force shaft connection 1.14.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Mobile_TexasHoldem_Poker_v1.2_CRACKED_SMPDA.zip/key_generator.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Mobile_TexasHoldem_Poker_v1.2_CRACKED_SMPDA.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Movies 12.zip/keygen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Movies 12.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\MyPhotoResizer 1.0.1.zip/install_crack.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\MyPhotoResizer 1.0.1.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\MySQL GUI Tools 5.0-r13.zip/install_crack.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\MySQL GUI Tools 5.0-r13.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\NetEncoder 0.9.zip/key_generator.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\NetEncoder 0.9.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\NetXtremeDynamicTemplate Component 1.4.zip/setup.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\NetXtremeDynamicTemplate Component 1.4.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\NOD32.Antivirus.2.51.20.spanish-espaÃ±ol.+.crack.zip/install_patch.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\NOD32.Antivirus.2.51.20.spanish-espaÃ±ol.+.crack.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Nokia_6233_sensor.zip/patch.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Nokia_6233_sensor.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Omnik 1.1.0.12.zip/key_gen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Omnik 1.1.0.12.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\PC Chaperone Professional 5.1.zip/keygen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\PC Chaperone Professional 5.1.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\PC Memory Shield 6.0.1.zip/install_crack.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\PC Memory Shield 6.0.1.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\PC.Pack.Utilidades.Diccionario.EspaÃƒÂ±ol.Ingles.y.Mcafee.VirusScan.9.0.Spanish.zip/setup.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\PC.Pack.Utilidades.Diccionario.EspaÃƒÂ±ol.Ingles.y.Mcafee.VirusScan.9.0.Spanish.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Perfect Medical Icons 2008.3.zip/install.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Perfect Medical Icons 2008.3.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Power Search 1.0.zip/install_crack.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Power Search 1.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Quickie Web Page 1.0.003.zip/key_generator.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Quickie Web Page 1.0.003.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\QuickRun 3.12 build 943.zip/install_crack.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\QuickRun 3.12 build 943.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Recipes Ship 1.2.zip/crac.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Recipes Ship 1.2.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Registry Comparison 3.200.zip/install_crack.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Registry Comparison 3.200.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\RegulatorClock 1.2.1.zip/install.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\RegulatorClock 1.2.1.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Reporting Engine 1.1.zip/run.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Reporting Engine 1.1.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\RSP MP3 Player OCX 2.7.5.zip/keygen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\RSP MP3 Player OCX 2.7.5.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\RVLister 1.0.zip/patch.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\RVLister 1.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Search Reference.com 2.0.zip/setup.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Search Reference.com 2.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\SF ColorMixer 3.3.zip/patch.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\SF ColorMixer 3.3.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\SignLingo 0.1.zip/serial.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\SignLingo 0.1.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Silverlight Rich Text Editor Beta 2.0.zip/patch.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Silverlight Rich Text Editor Beta 2.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\sispread 0.9.2.2a.zip/key_generator.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\sispread 0.9.2.2a.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\SmartCompany WordSmart 1.4.zip/key_generator.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\SmartCompany WordSmart 1.4.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Smartstock 7.2.0.zip/install.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Smartstock 7.2.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Softw..Seriale.Crack.Panda.Platinum.E.Titanium.Antivirus.2006.zip/key_gen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Softw..Seriale.Crack.Panda.Platinum.E.Titanium.Antivirus.2006.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Solar Accounts 2.1.zip/install_crack.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Solar Accounts 2.1.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Sound Effects Player 1.11.zip/keygen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Sound Effects Player 1.11.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\SQL Documentor 1.0.zip/run.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\SQL Documentor 1.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Startup Inspector 2.2.zip/key_gen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Startup Inspector 2.2.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Sugarbabes.-.Angels.With.Dirty.Faces.-.Gadget.-.Full.Album.-.Avg.192Kbps.zip/install_crack.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Sugarbabes.-.Angels.With.Dirty.Faces.-.Gadget.-.Full.Album.-.Avg.192Kbps.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Symantec.Ghost.2003.Floppy.zip/serial.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Symantec.Ghost.2003.Floppy.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\SYMANTEC.NORTON.INTERNET.SECURITY.2005.PROPER-TDA.ShareConnector.zip/install.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\SYMANTEC.NORTON.INTERNET.SECURITY.2005.PROPER-TDA.ShareConnector.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\TabBrowser Preferences 1.3.1.1.zip/setup.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\TabBrowser Preferences 1.3.1.1.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\TCSpeedBooster 1.1.0.zip/key_gen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\TCSpeedBooster 1.1.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\TextReader 2.5.4.zip/install_crack.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\TextReader 2.5.4.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\TFTP Server 1.4.zip/install_patch.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\TFTP Server 1.4.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\the MacBar 1.0.zip/patch.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\the MacBar 1.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\The Road Trip Effect 2.6.3.zip/key_gen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\The Road Trip Effect 2.6.3.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\TimeTraker1 1.2.zip/run.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\TimeTraker1 1.2.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\TMPGEnc MovieStyle 1.0.6.41.zip/keygen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\TMPGEnc MovieStyle 1.0.6.41.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\TrafficTravis 3.0.0.zip/run.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\TrafficTravis 3.0.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Turkey Football Demo Screensaver 1.0.zip/crac.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Turkey Football Demo Screensaver 1.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\UI Builder for Access Business Edition 3.0.zip/keygen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\UI Builder for Access Business Edition 3.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\UNIX User Password Modifier 1.10.zip/key_gen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\UNIX User Password Modifier 1.10.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\UploadBean 1.9.zip/serial.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\UploadBean 1.9.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\URL ANT 0.1.1.1.zip/crac.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\URL ANT 0.1.1.1.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\URL Escaped Encoding Decoder 1.0.zip/patch.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\URL Escaped Encoding Decoder 1.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\ViaPrint Pro 4.0.zip/install_crack.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\ViaPrint Pro 4.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\VoIP Extended SDK 3.0.zip/install_patch.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\VoIP Extended SDK 3.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Wacky-base 2.5.zip/install_patch.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Wacky-base 2.5.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\WatchOverEnergy 1.1.zip/serial.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\WatchOverEnergy 1.1.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Web Page Tune Up 1.5 Build 412.zip/setup.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Web Page Tune Up 1.5 Build 412.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Webcam Timershot 1.0.zip/key_gen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Webcam Timershot 1.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Webmaster Radio FM 1.0.zip/key_gen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Webmaster Radio FM 1.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Webscript Encoder 1.1.3 build 11.zip/install_crack.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Webscript Encoder 1.1.3 build 11.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Wiper Wizard 2.80.zip/setup.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Wiper Wizard 2.80.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\WPLN-AM 1.0.zip/run.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\WPLN-AM 1.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\xNeat Clipboard Manager 1.0.0.6.zip/setup.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\xNeat Clipboard Manager 1.0.0.6.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\Xoomer 1.3.zip/key_generator.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\Xoomer 1.3.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\XPMenu 1.0.zip/install_patch.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\XPMenu 1.0.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\ZylSerialPortAX 1.40.zip/keygen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\ZylSerialPortAX 1.40.zip	ZIP: infecté - 1	ignoré
D:\Avenger\m\shared\[Nokia Symbian OS6 - ITA] Fexplorer 1.17.zip/key_gen.exe	Infecté : Trojan-Downloader.Win32.Bagle.aka	ignoré
D:\Avenger\m\shared\[Nokia Symbian OS6 - ITA] Fexplorer 1.17.zip	ZIP: infecté - 1	ignoré

Analyse interrompue par l'utilisateur !


par contre aucune action sur ces objets qui semblent être ignorés. les cases sont grisées.
Je ne sais pas du tout ce que c'est que ce fichier D/avenger/m ... qui semble bien vérolé. Je trouve les mêmes avec l'analyse de AVG ... avec un virus intitulé themida dans ce avenger ...
je les détruis par AVG puis j'élimine tout le fichier avenger ?

Destrio5 · Answer

---> Télécharge ToolsCleaner2 sur ton Bureau.
* Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser. 
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport. 
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

NAPO1804 · Answer

ok c'est parti
PS : j'ai fait aussi un nettoyage avec ccleaner avant de me coucher ...

NAPO1804 · Answer

[ Rapport ToolsCleaner version 2.2.9 (par A.Rothstein & dj QUIOU) ]

-->- Recherche: 

D:\avenger.txt: trouvé !
D:\FindyKill.txt: trouvé !
D:\avenger: trouvé !
D:\Rsit: trouvé !
D:\Documents and Settings\Xavier\Mes documents\Mes fichiers reçus\Rsit.exe: trouvé !
D:\Program Files\FindyKill: trouvé !
D:\Program Files	rend micro\HijackThis.exe: trouvé !
D:\Program Files	rend micro\hijackthis.log: trouvé !

---------------------------------
-->- Suppression: 

D:\Program Files	rend micro\HijackThis.exe: supprimé !
D:\avenger.txt: supprimé !
D:\FindyKill.txt: supprimé !
D:\Documents and Settings\Xavier\Mes documents\Mes fichiers reçus\Rsit.exe: supprimé !
D:\Program Files	rend micro\hijackthis.log: supprimé !
D:\avenger: ERREUR DE SUPPRESSION !!
D:\Rsit: supprimé !
D:\Program Files\FindyKill: ERREUR DE SUPPRESSION !!

Destrio5 · Answer

Tu devrais faire la manip' en mode sans échec. Tu sais comment faire ?

Destrio5 · Answer

---> Pour redémarrer en mode sans échec :
- Redémarre ton PC.
- Au démarrage, tapote sur F8 (F5 sur certains PC) juste après l'affichage du BIOS et juste avant le chargement de Windows.
- Dans le menu d'options avancées, choisis Mode sans échec.
- Choisis ta session.

Destrio5 · Answer

Exact.

Destrio5 · Answer

Si.

NAPO1804 · Answer

grrrrrrrrrr

https://imageshack.com/

Destrio5 · Answer

---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous : 





:processes
explorer.exe 

:files 
D:\avenger

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]





---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

NAPO1804 · Answer

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
D:\Avenger\m\shared moved successfully.
D:\Avenger\m moved successfully.
D:\Avenger moved successfully.
========== COMMANDS ==========
File delete failed. D:\DOCUME~1\Xavier\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. D:\WINDOWS	emp\Perflib_Perfdata_734.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01042009_125346

Files moved on Reboot...
D:\DOCUME~1\Xavier\LOCALS~1\Temp\WCESLog.log moved successfully.
File move failed. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. D:\WINDOWS	emp\Perflib_Perfdata_734.dat scheduled to be moved on reboot.

Destrio5 · Answer

On dirait qu'il a réussi.

Destrio5 · Answer

1/

---> Désinstalle HijackThis.

---> Télécharge ToolsCleaner2 sur ton Bureau.
* Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser. 
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport. 
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


2/

---> Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
* Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage. 
* Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).


3/

---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger :
http://www.infos-du-net.com/forum/272480-11-desactiver-activer-restauration-systeme

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
https://www.vulgarisation-informatique.com/creer-point-restauration.php


4/

Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

Comme navigateur, utilise plutôt Mozilla Firefox qu'Internet Explorer. Tu peux utiliser l'extension Noscript pour plus de sécurité.

Change tes mots de passe vu que tu étais infecté.

Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, Onglet Mises à jour automatiques).

Tu peux aussi modifier le fichier Hosts pour améliorer la sécurité de ton PC :
http://www.commentcamarche.net/faq/sujet 5993 modifier son fichier hosts
https://blog.sosordi.net/category/articles

Par rapport au P2P :
http://www.libellules.ch/...

Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) :
https://www.malekal.com/fichiers/projetantimalwares/prevention-protection.pdf


Sois plus vigilant sur Internet ;)

NAPO1804 · Answer

[ Rapport ToolsCleaner version 2.2.9 (par A.Rothstein & dj QUIOU) ]

-->- Recherche: 

D:\_OtMoveIt: trouvé !
D:\_OTMoveIt\MovedFiles\01042009_125346\avenger: trouvé !

---------------------------------
-->- Suppression: 

D:\_OtMoveIt: ERREUR DE SUPPRESSION !!
D:\_OTMoveIt\MovedFiles\01042009_125346\avenger: ERREUR DE SUPPRESSION !!

NAPO1804 · Answer

en fait le fichier que je n'arrive pas à supprimer de avenger est entré dans le fichier _OTMoveIt

Destrio5 · Answer

Encore le dossier Avenger ^^

Essaie de le supprimer avec Unlocker.

NAPO1804 · Answer

j'ai téléchargé unlocker et installé ... il ne le lance pas. 
mais bon ça n'a pas l'air très grave

Destrio5 · Answer

Unlocker lance juste une baguette magique à côté de l'horloge.

NAPO1804 · Answer

je n'avais pas vu que unlocker marchait avec le click droit ...
bon il semble m'avoir supprimé unlocker ... je relance toolcleaner je te dis

NAPO1804 · Answer

ça y est c magique ! otmoveit est supprimé par toolscleaner ! :)

Destrio5 · Answer

Enfin ^^

Destrio5 · Answer

Les parefeux que j'ai testé m'ont tous un jour ou l'autre poser un soucis.

Mais sinon :
http://www.malekal.com/menu_tutorials_logiciels.php

J'ai chopé winupgro

42 réponses

Discussions similaires