virus bagle LI Résolu

Question

Bonjour,
Bonjour,
je pense avoir un gros virus sur mon ordi que je n'arrive pas à supprimer. Avast s'est desinstallé tout seul. C cleaner, hijack, et tous les anivirus à télécharger ou en ligne ne fonctionnent pas. J'ai seulement pu avr les rapports de bitdefender et findykill:



----------------- FindyKill V4.711 ------------------

* User : Flo - FLORIANE
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 22:20:06 le 06/01/2009
* Windows XP - Internet Explorer 7.0.5730.11
 
((((((((((((((((( *** Recherche *** ))))))))))))))))))  
 
 
--------------- [ Processus actifs ] ----------------  
 

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\SFR\Kit\WiFi\9wifi.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\documents and settings\flo\local settings\application data\isyuo.exe
C:\Documents and Settings\Flo\Application Data\drivers\winupgro.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
 
--------------- [ Processus infectieux stoppés ] ----------------  
 

"C:\Documents and Settings\Flo\Application Data\drivers\winupgro.exe"  (1972)

 
--------------- [ Fichiers/Dossiers infectieux ] ----------------  
 
 
»»»» Presence des fichiers dans C: 
 
 
»»»» Presence des fichiers dans C:\WINDOWS 
 
 
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch 
 
Found ! - C:\WINDOWS\prefetch\103250.EXE-2C9D3F57.pf 
Found ! - C:\WINDOWS\prefetch\131828.EXE-119FFF4A.pf 
Found ! - C:\WINDOWS\prefetch\141640.EXE-23847329.pf 
Found ! - C:\WINDOWS\prefetch\185953.EXE-2C51CD2F.pf 
Found ! - C:\WINDOWS\prefetch\219796.EXE-161EBBA0.pf 
Found ! - C:\WINDOWS\prefetch\227937.EXE-352A938E.pf 
Found ! - C:\WINDOWS\prefetch\307109.EXE-048A7335.pf 
Found ! - C:\WINDOWS\prefetch\420187.EXE-2452EA7D.pf 
Found ! - C:\WINDOWS\prefetch\526140.EXE-2F079FDA.pf 
Found ! - C:\WINDOWS\prefetch\561906.EXE-331FA353.pf 
Found ! - C:\WINDOWS\prefetch\94562.EXE-140ABE00.pf 
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-26D1F83A.pf 
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf 
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf 
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-101AF362.pf 
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-37BF40FB.pf 
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-074286F1.pf 
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-373FD45E.pf 
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-074286F1.pf 
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-373FD45E.pf 
 
»»»» Presence des fichiers dans C:\WINDOWS\system32 
 
Found ! [06/01/2009 22:02] - C:\WINDOWS\system32\mdelk.exe 
Found ! [06/01/2009 22:02] - C:\WINDOWS\system32\wintems.exe 
Found ! [06/01/2009 22:03] - C:\WINDOWS\system32\ban_list.txt 
 
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers 
 
 
»»»» Presence des fichiers dans C:\Documents and Settings\Flo\Application Data 
 
Found ! [06/01/2009 04:27] - "C:\Documents and Settings\Flo\Application Data\m\flec006.exe" 
Found ! [06/01/2009 04:27] - "C:\Documents and Settings\Flo\Application Data\m\list.oct" 
Found ! [06/01/2009 21:54] - "C:\Documents and Settings\Flo\Application Data\m\data.oct" 
Found ! [06/01/2009 04:27] - "C:\Documents and Settings\Flo\Application Data\m\srvlist.oct" 
Found ! [06/01/2009 22:05] - "C:\Documents and Settings\Flo\Application Data\m\shared" 
Found ! [06/01/2009 19:41] - "C:\Documents and Settings\Flo\Application Data\m" 
Found ! [06/01/2009 22:05] - "C:\Documents and Settings\Flo\Application Data\drivers" 
Found ! [06/01/2009 22:01] - "C:\Documents and Settings\Flo\Application Data\drivers\srosa.sys" 
Found ! [15/10/2005 08:03] - "C:\Documents and Settings\Flo\Application Data\drivers\winupgro.exe" 
Found ! [06/01/2009 22:08] - "C:\Documents and Settings\Flo\Application Data\drivers\downld" 
 
»»»» Presence des fichiers dans C:\DOCUME~1\Flo\LOCALS~1\Temp 
 
 
»»»» Presence des fichiers dans C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5 
 
Found ! [06/01/2009 21:59] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\1GAV6E4X\b64_1[1].jpg  
Found ! [06/01/2009 22:03] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\1GAV6E4X\file[1].txt  
Found ! [06/01/2009 21:56] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\99MD0XOA\b64[1].jpg  
Found ! [06/01/2009 22:03] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\99MD0XOA\b64_1[1].jpg  
Found ! [06/01/2009 22:06] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\99MD0XOA\b64_1[2].jpg  
Found ! [06/01/2009 22:07] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\99MD0XOA\b64_2[1].jpg  
Found ! [06/01/2009 21:55] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\NKO6XP3P\b64_1[1].jpg  
Found ! [06/01/2009 22:02] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\NKO6XP3P\b64_3[1].jpg  
Found ! [06/01/2009 22:04] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\ODUZ3TZS\b64[1].jpg  
Found ! [06/01/2009 21:54] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\ODUZ3TZS\mxd[1].jpg  
 
--------------- [ Registre / Startup ] ----------------  
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersionun]
   ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
   swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
   RoboForm="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
   isyuo="c:\documents and settings\flo\local settings\application data\isyuo.exe" isyuo

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionun]
   Apoint="C:\Program Files\Apoint2K\Apoint.exe"
   AGRSMMSG=AGRSMMSG.exe
   Logitech Utility=Logi_MwX.Exe
   D-Link AirPlus XtremeG="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe"
   HPHmon05=C:\WINDOWS\system32\hphmon05.exe
   HPHUPD05="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
   BluetoothAuthenticationAgent=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
   Autoconfigurateur WiFi SFR="C:\Program Files\SFR\Kit\WiFi\9wifi.exe"
   QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents\IMAIL=
   Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents\MAPI=
   NoChange=1
   Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents\MSFS=
   Installed=1
 
[HKEY_CURRENT_USER\software\local appwizard-generated applications\GoogleToolbarNotifier]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\keygen]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\MMDiag]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\PhLeAutoRun]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]
 
--------------- [ Registre / Clés infectieuses ] ----------------  
 
 
Found ! - HKEY_USERS\S-1-5-21-816922679-1068368558-965301425-1007\Software\Local AppWizard-Generated Applications\keygen 
Found ! - HKEY_USERS\S-1-5-21-816922679-1068368558-965301425-1007\Software\Local AppWizard-Generated Applications\winupgro 
Found ! - HKEY_USERS\S-1-5-21-816922679-1068368558-965301425-1007\Software\bisoft 
Found ! - HKEY_USERS\S-1-5-21-816922679-1068368558-965301425-1007\Software\DateTime4 
Found ! - HKEY_USERS\S-1-5-21-816922679-1068368558-965301425-1007\Software\FFC 
Found ! - HKEY_USERS\S-1-5-21-816922679-1068368558-965301425-1007\Software\FirtR 
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\keygen 
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s 
Found ! - HKEY_CURRENT_USER\Software\bisoft 
Found ! - HKEY_CURRENT_USER\Software\DateTime4 
Found ! - HKEY_CURRENT_USER\Software\FirtR 
 
/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1
 
--------------- [ Etat / Services ] ---------------- 
 
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot 
 
  /!\ Mode sans echec non fonctionnel !! 
 
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal 
 
  /!\ Mode sans echec non fonctionnel !! 
 
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network 
 
  /!\ Mode sans echec non fonctionnel !! 
 


+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ] 

/!\ Ndisuio - Type de démarrage = 4 
 
EapHost - Type de démarrage = 3 
 
/!\ Ip6Fw - Type de démarrage = 4 
 
/!\ SharedAccess - Type de démarrage = 4 
 
/!\ wuauserv - Type de démarrage = 4 
 
/!\ wscsvc - Type de démarrage = 4 
 
 
--------------- [ Recherche dans supports amovibles] ----------------  
 
 
+- Informations : 

C: - Lecteur fixe

 
+- presence des fichiers :  

 
 
--------------- [ Registre / Mountpoint2 ] ----------------  
 
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfafb2b6-0fa6-11dc-b5ee-93ea8d960259}\Shell\AutoRun\command   
 
 
------------------- ! Fin du rapport ! --------------------  
 
BitDefender Online Scanner
  
  
 
Scan report generated at: Tue, Jan 06, 2009 - 21:27:33
 
 
  
  
 
Scan path: C:\;D:\;
  
  
 
 
  
  
 
Statistics
 
Time
 01:48:51
 
Files
 233661
 
Folders
 5275
 
Boot Sectors
 0
 
Archives
 9555
 
Packed Files
 17710
 
  
  
 
Results
 
Identified Viruses 
 6
 
Infected Files 
 51
 
Suspect Files 
 0
 
Warnings
 0
 
Disinfected
 0
 
Deleted Files
 50
 
  
  
 
Engines Info
 
Virus Definitions
 2411927
 
Engine build
 AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)
 
Scan plugins
 17
 
Archive plugins
 45
 
Unpack plugins
 7
 
E-mail plugins
 6
 
System plugins
 4
 
  
  
 
Scan Settings
 
First Action
 Disinfect
 
Second Action
 Delete
 
Heuristics
 Yes
 
Enable Warnings
 Yes
 
Scanned Extensions
 *;
 
Exclude Extensions
  
 
Scan Emails
 Yes
 
Scan Archives
 Yes
 
Scan Packed
 Yes
 
Scan Files
 Yes
 
Scan Boot
 Yes
 
  
  
 
  Scanned File
  Status
 
C:\Documents and Settings\Flo\Application Data\drivers\winupgro.exe
 Infected with: MemScan:Trojan.Downloader.Bagle.LI
 
C:\Documents and Settings\Flo\Application Data\drivers\winupgro.exe
 Disinfection failed
 
C:\Documents and Settings\Flo\Application Data\drivers\winupgro.exe
 Delete failed
 
C:\Documents and Settings\Flo\Application Data\m\data.oct
 Infected with: MemScan:Trojan.Downloader.Bagle.LI
 
C:\Documents and Settings\Flo\Application Data\m\data.oct
 Disinfection failed
 
C:\Documents and Settings\Flo\Application Data\m\data.oct
 Deleted
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64[1].jpg
 Infected with: Win32.Bagle.SUQ@mm
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64[1].jpg
 Deleted
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64[2].jpg
 Infected with: Win32.Bagle.SUQ@mm
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64[2].jpg
 Deleted
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_1[1].jpg
 Infected with: MemScan:Trojan.PWS.LdPinch.TSE
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_1[1].jpg
 Deleted
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_1[2].jpg
 Infected with: MemScan:Trojan.PWS.LdPinch.TSE
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_1[2].jpg
 Deleted
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_3[1].jpg
 Infected with: Win32.Bagle.SUQ@mm
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_3[1].jpg
 Deleted
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_3[2].jpg
 Infected with: Win32.Bagle.SUQ@mm
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_3[2].jpg
 Deleted
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\5HEFTGDW\b64_2[1].jpg
 Infected with: Win32.Bagle.2678
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\5HEFTGDW\b64_2[1].jpg
 Deleted
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\5HEFTGDW\b64_2[2].jpg
 Infected with: Win32.Bagle.2678
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\5HEFTGDW\b64_2[2].jpg
 Deleted
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\BK9UV1YN\b64_1[1].jpg
 Infected with: MemScan:Trojan.PWS.LdPinch.TSE
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\BK9UV1YN\b64_1[1].jpg
 Deleted
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\BK9UV1YN\b64_2[1].jpg
 Infected with: Win32.Bagle.2678
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\BK9UV1YN\b64_2[1].jpg
 Deleted
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\DC6PD9EJ\b64[1].jpg
 Infected with: Win32.Bagle.SUQ@mm
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\DC6PD9EJ\b64[1].jpg
 Deleted
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\DC6PD9EJ\b64_1[1].jpg
 Infected with: MemScan:Trojan.PWS.LdPinch.TSE
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\DC6PD9EJ\b64_1[1].jpg
 Deleted
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\DC6PD9EJ\b64_2[1].jpg
 Infected with: Win32.Bagle.2678
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\DC6PD9EJ\b64_2[1].jpg
 Deleted
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\EJCLYQQO\b64[1].jpg
 Infected with: Win32.Bagle.SUQ@mm
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\EJCLYQQO\b64[1].jpg
 Deleted
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\EJCLYQQO\b64_1[1].jpg
 Infected with: MemScan:Trojan.PWS.LdPinch.TSE
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\EJCLYQQO\b64_1[1].jpg
 Deleted
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\K1I9MZOJ\b64_3[1].jpg
 Infected with: Win32.Bagle.SUQ@mm
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\K1I9MZOJ\b64_3[1].jpg
 Deleted
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\U2FCAHKK\b64_1[1].jpg
 Infected with: MemScan:Trojan.PWS.LdPinch.TSE
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\U2FCAHKK\b64_1[1].jpg
 Deleted
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\U2FCAHKK\b64_2[1].jpg
 Infected with: Win32.Bagle.2678
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\U2FCAHKK\b64_2[1].jpg
 Deleted
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\U2FCAHKK\b64_3[1].jpg
 Infected with: Win32.Bagle.SUQ@mm
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\U2FCAHKK\b64_3[1].jpg
 Deleted
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_1[1].jpg
 Infected with: MemScan:Trojan.PWS.LdPinch.TSE
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_1[1].jpg
 Deleted
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_1[2].jpg
 Infected with: MemScan:Trojan.PWS.LdPinch.TSE
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_1[2].jpg
 Deleted
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_1[3].jpg
 Infected with: MemScan:Trojan.PWS.LdPinch.TSE
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_1[3].jpg
 Deleted
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_2[1].jpg
 Infected with: Win32.Bagle.2678
 
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_2[1].jpg
 Deleted
 
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
 Infected with: MemScan:Trojan.Downloader.Bagle.LI
 
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
 Deleted
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP523\A0099931.exe
 Detected with: Application.Generic.18849
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP523\A0099931.exe
 Disinfection failed
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP523\A0099931.exe
 Deleted
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP530\A0100191.sys
 Infected with: Rootkit.Bagle.Gen
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP530\A0100191.sys
 Disinfection failed
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP530\A0100191.sys
 Deleted
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP530\A0100192.exe
 Infected with: Win32.Bagle.SUQ@mm
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP530\A0100192.exe
 Deleted
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP530\A0100193.exe
 Infected with: Win32.Bagle.SUQ@mm
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP530\A0100193.exe
 Deleted
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100199.sys
 Infected with: Rootkit.Bagle.Gen
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100199.sys
 Disinfection failed
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100199.sys
 Deleted
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100207.exe
 Infected with: Win32.Bagle.SUQ@mm
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100207.exe
 Deleted
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100210.exe
 Infected with: MemScan:Trojan.Downloader.Bagle.LI
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100210.exe
 Deleted
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100215.exe
 Infected with: MemScan:Trojan.Downloader.Bagle.LI
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100215.exe
 Deleted
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100240.sys
 Infected with: Rootkit.Bagle.Gen
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100240.sys
 Disinfection failed
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100240.sys
 Deleted
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100241.exe
 Infected with: Win32.Bagle.SUQ@mm
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100241.exe
 Deleted
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100242.exe
 Infected with: Win32.Bagle.SUQ@mm
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100242.exe
 Deleted
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP533\A0100272.sys
 Infected with: Rootkit.Bagle.Gen
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP533\A0100272.sys
 Disinfection failed
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP533\A0100272.sys
 Deleted
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP533\A0100273.exe
 Infected with: Win32.Bagle.SUQ@mm
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP533\A0100273.exe
 Deleted
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP533\A0100274.exe
 Infected with: Win32.Bagle.SUQ@mm
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP533\A0100274.exe
 Deleted
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0100427.sys
 Infected with: Rootkit.Bagle.Gen
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0100427.sys
 Disinfection failed
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0100427.sys
 Deleted
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0100428.exe
 Infected with: Win32.Bagle.SUQ@mm
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0100428.exe
 Deleted
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0100429.exe
 Infected with: Win32.Bagle.SUQ@mm
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0100429.exe
 Deleted
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100436.sys
 Infected with: Rootkit.Bagle.Gen
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100436.sys
 Disinfection failed
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100436.sys
 Deleted
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100437.exe
 Infected with: Win32.Bagle.SUQ@mm
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100437.exe
 Deleted
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100438.exe
 Infected with: Win32.Bagle.SUQ@mm
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100438.exe
 Deleted
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100439.exe
 Infected with: Win32.Bagle.SUQ@mm
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100439.exe
 Deleted
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100445.sys
 Infected with: Rootkit.Bagle.Gen
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100445.sys
 Disinfection failed
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100445.sys
 Deleted
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100446.exe
 Infected with: Win32.Bagle.SUQ@mm
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100446.exe
 Deleted
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100447.exe
 Infected with: Win32.Bagle.SUQ@mm
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100447.exe
 Deleted
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP538\A0100464.exe
 Infected with: MemScan:Trojan.Downloader.Bagle.LI
 
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP538\A0100464.exe
 Deleted
 
  
 
 SVP aidez-moi, ca fait des heures que j'y suis..

Merci pour vos réponses.

Destrio5 · Answer

Salut,

--> Supprime tes cracks et keygens.

--> Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir.

--> Double-clique sur le raccourci FindyKill sur ton Bureau.

--> Au menu principal, choisis l'option 2 (Suppression).

/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

--> Ensuite, poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.

shivafro · Answer

merci Destrio de t'interesser à mon pblm

J'avoue que je suis novice en informatique et je ne sais pas comment faire pour supprimmer les cracks et keyguens c'est  du chinois pour moi.....!

J'ai déja essayé l'option 2 de fynkill ca n'a pas marché, écran bleu et message d'erreur. l'ordi redémarre avec un rapport d'erreur mais le nettoyage ne se met pas en route. Cela va t'il fonctionner après avoir supprimmé les cracks?

Destrio5 · Answer

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

--> Télécharge ComboFix (de sUBs) en prenant soin de le renommer en KillBagle avant de l'enregistrer sur le Bureau.
--> Double-clique sur KillBagle.exe (le .exe n'est pas forcément visible) afin de le lancer.
--> Il va te demander d'installer la console de récupération : accepte.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

shivafro · Answer

voici le rapport combofix: ComboFix 09-01-05.05 - Flo 2009-01-07 2:44:02.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.255.86 [GMT 1:00] Lancé depuis: c:\documents and settings\Flo\Bureau\killBagle.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Flo\Application Data\drivers\downld c:\documents and settings\Flo\Application Data\drivers\downld\100015.exe c:\documents and settings\Flo\Application Data\drivers\downld\100718.exe c:\documents and settings\Flo\Application Data\drivers\downld\100843.exe c:\documents and settings\Flo\Application Data\drivers\downld\101656.exe c:\documents and settings\Flo\Application Data\drivers\downld\102140.exe c:\documents and settings\Flo\Application Data\drivers\downld\102468.exe c:\documents and settings\Flo\Application Data\drivers\downld\102656.exe c:\documents and settings\Flo\Application Data\drivers\downld\102953.exe c:\documents and settings\Flo\Application Data\drivers\downld\103250.exe c:\documents and settings\Flo\Application Data\drivers\downld\103750.exe c:\documents and settings\Flo\Application Data\drivers\downld\103906.exe c:\documents and settings\Flo\Application Data\drivers\downld\107359.exe c:\documents and settings\Flo\Application Data\drivers\downld\108453.exe c:\documents and settings\Flo\Application Data\drivers\downld\108750.exe c:\documents and settings\Flo\Application Data\drivers\downld\113359.exe c:\documents and settings\Flo\Application Data\drivers\downld\115609.exe c:\documents and settings\Flo\Application Data\drivers\downld\116703.exe c:\documents and settings\Flo\Application Data\drivers\downld\117203.exe c:\documents and settings\Flo\Application Data\drivers\downld\117406.exe c:\documents and settings\Flo\Application Data\drivers\downld\118125.exe c:\documents and settings\Flo\Application Data\drivers\downld\118343.exe c:\documents and settings\Flo\Application Data\drivers\downld\118984.exe c:\documents and settings\Flo\Application Data\drivers\downld\121765.exe c:\documents and settings\Flo\Application Data\drivers\downld\122718.exe c:\documents and settings\Flo\Application Data\drivers\downld\123078.exe c:\documents and settings\Flo\Application Data\drivers\downld\124500.exe c:\documents and settings\Flo\Application Data\drivers\downld\124843.exe c:\documents and settings\Flo\Application Data\drivers\downld\125406.exe c:\documents and settings\Flo\Application Data\drivers\downld\125640.exe c:\documents and settings\Flo\Application Data\drivers\downld\125796.exe c:\documents and settings\Flo\Application Data\drivers\downld\126031.exe c:\documents and settings\Flo\Application Data\drivers\downld\126078.exe c:\documents and settings\Flo\Application Data\drivers\downld\127656.exe c:\documents and settings\Flo\Application Data\drivers\downld\128609.exe c:\documents and settings\Flo\Application Data\drivers\downld\128953.exe c:\documents and settings\Flo\Application Data\drivers\downld\131046.exe c:\documents and settings\Flo\Application Data\drivers\downld\131531.exe c:\documents and settings\Flo\Application Data\drivers\downld\131828.exe c:\documents and settings\Flo\Application Data\drivers\downld\132140.exe c:\documents and settings\Flo\Application Data\drivers\downld\132265.exe c:\documents and settings\Flo\Application Data\drivers\downld\133406.exe c:\documents and settings\Flo\Application Data\drivers\downld\135984.exe c:\documents and settings\Flo\Application Data\drivers\downld\137625.exe c:\documents and settings\Flo\Application Data\drivers\downld\138046.exe c:\documents and settings\Flo\Application Data\drivers\downld\139375.exe c:\documents and settings\Flo\Application Data\drivers\downld\140156.exe c:\documents and settings\Flo\Application Data\drivers\downld\140468.exe c:\documents and settings\Flo\Application Data\drivers\downld\141640.exe c:\documents and settings\Flo\Application Data\drivers\downld\141703.exe c:\documents and settings\Flo\Application Data\drivers\downld\144203.exe c:\documents and settings\Flo\Application Data\drivers\downld\144265.exe c:\documents and settings\Flo\Application Data\drivers\downld\14745953.exe c:\documents and settings\Flo\Application Data\drivers\downld\14746390.exe c:\documents and settings\Flo\Application Data\drivers\downld\14746484.exe c:\documents and settings\Flo\Application Data\drivers\downld\14751359.exe c:\documents and settings\Flo\Application Data\drivers\downld\14771718.exe c:\documents and settings\Flo\Application Data\drivers\downld\14772343.exe c:\documents and settings\Flo\Application Data\drivers\downld\14772750.exe c:\documents and settings\Flo\Application Data\drivers\downld\14789046.exe c:\documents and settings\Flo\Application Data\drivers\downld\14803312.exe c:\documents and settings\Flo\Application Data\drivers\downld\14807703.exe c:\documents and settings\Flo\Application Data\drivers\downld\14808578.exe c:\documents and settings\Flo\Application Data\drivers\downld\14808843.exe c:\documents and settings\Flo\Application Data\drivers\downld\14860093.exe c:\documents and settings\Flo\Application Data\drivers\downld\14860296.exe c:\documents and settings\Flo\Application Data\drivers\downld\14872515.exe c:\documents and settings\Flo\Application Data\drivers\downld\14873734.exe c:\documents and settings\Flo\Application Data\drivers\downld\14874312.exe c:\documents and settings\Flo\Application Data\drivers\downld\14875046.exe c:\documents and settings\Flo\Application Data\drivers\downld\14876109.exe c:\documents and settings\Flo\Application Data\drivers\downld\14876828.exe c:\documents and settings\Flo\Application Data\drivers\downld\14896328.exe c:\documents and settings\Flo\Application Data\drivers\downld\14896796.exe c:\documents and settings\Flo\Application Data\drivers\downld\14897265.exe c:\documents and settings\Flo\Application Data\drivers\downld\14904781.exe c:\documents and settings\Flo\Application Data\drivers\downld\14909078.exe c:\documents and settings\Flo\Application Data\drivers\downld\14909734.exe c:\documents and settings\Flo\Application Data\drivers\downld\14910078.exe c:\documents and settings\Flo\Application Data\drivers\downld\14938437.exe c:\documents and settings\Flo\Application Data\drivers\downld\14939078.exe c:\documents and settings\Flo\Application Data\drivers\downld\14939437.exe c:\documents and settings\Flo\Application Data\drivers\downld\153812.exe c:\documents and settings\Flo\Application Data\drivers\downld\154875.exe c:\documents and settings\Flo\Application Data\drivers\downld\157234.exe c:\documents and settings\Flo\Application Data\drivers\downld\161015.exe c:\documents and settings\Flo\Application Data\drivers\downld\167296.exe c:\documents and settings\Flo\Application Data\drivers\downld\167328.exe c:\documents and settings\Flo\Application Data\drivers\downld\167921.exe c:\documents and settings\Flo\Application Data\drivers\downld\167968.exe c:\documents and settings\Flo\Application Data\drivers\downld\168359.exe c:\documents and settings\Flo\Application Data\drivers\downld\168937.exe c:\documents and settings\Flo\Application Data\drivers\downld\172125.exe c:\documents and settings\Flo\Application Data\drivers\downld\173125.exe c:\documents and settings\Flo\Application Data\drivers\downld\173531.exe c:\documents and settings\Flo\Application Data\drivers\downld\179656.exe c:\documents and settings\Flo\Application Data\drivers\downld\179906.exe c:\documents and settings\Flo\Application Data\drivers\downld\182593.exe c:\documents and settings\Flo\Application Data\drivers\downld\184515.exe c:\documents and settings\Flo\Application Data\drivers\downld\184687.exe c:\documents and settings\Flo\Application Data\drivers\downld\185250.exe c:\documents and settings\Flo\Application Data\drivers\downld\185953.exe c:\documents and settings\Flo\Application Data\drivers\downld\186437.exe c:\documents and settings\Flo\Application Data\drivers\downld\187609.exe c:\documents and settings\Flo\Application Data\drivers\downld\188234.exe c:\documents and settings\Flo\Application Data\drivers\downld\188500.exe c:\documents and settings\Flo\Application Data\drivers\downld\190203.exe c:\documents and settings\Flo\Application Data\drivers\downld\191093.exe c:\documents and settings\Flo\Application Data\drivers\downld\191906.exe c:\documents and settings\Flo\Application Data\drivers\downld\192750.exe c:\documents and settings\Flo\Application Data\drivers\downld\193609.exe c:\documents and settings\Flo\Application Data\drivers\downld\194062.exe c:\documents and settings\Flo\Application Data\drivers\downld\197718.exe c:\documents and settings\Flo\Application Data\drivers\downld\198812.exe c:\documents and settings\Flo\Application Data\drivers\downld\199078.exe c:\documents and settings\Flo\Application Data\drivers\downld\202156.exe c:\documents and settings\Flo\Application Data\drivers\downld\207890.exe c:\documents and settings\Flo\Application Data\drivers\downld\208046.exe c:\documents and settings\Flo\Application Data\drivers\downld\208656.exe c:\documents and settings\Flo\Application Data\drivers\downld\208890.exe c:\documents and settings\Flo\Application Data\drivers\downld\209187.exe c:\documents and settings\Flo\Application Data\drivers\downld\209375.exe c:\documents and settings\Flo\Application Data\drivers\downld\210078.exe c:\documents and settings\Flo\Application Data\drivers\downld\210609.exe c:\documents and settings\Flo\Application Data\drivers\downld\212453.exe c:\documents and settings\Flo\Application Data\drivers\downld\214609.exe c:\documents and settings\Flo\Application Data\drivers\downld\215328.exe c:\documents and settings\Flo\Application Data\drivers\downld\215625.exe c:\documents and settings\Flo\Application Data\drivers\downld\215984.exe c:\documents and settings\Flo\Application Data\drivers\downld\216359.exe c:\documents and settings\Flo\Application Data\drivers\downld\217406.exe c:\documents and settings\Flo\Application Data\drivers\downld\217656.exe c:\documents and settings\Flo\Application Data\drivers\downld\219796.exe c:\documents and settings\Flo\Application Data\drivers\downld\219953.exe c:\documents and settings\Flo\Application Data\drivers\downld\225250.exe c:\documents and settings\Flo\Application Data\drivers\downld\225359.exe c:\documents and settings\Flo\Application Data\drivers\downld\225968.exe c:\documents and settings\Flo\Application Data\drivers\downld\226328.exe c:\documents and settings\Flo\Application Data\drivers\downld\226453.exe c:\documents and settings\Flo\Application Data\drivers\downld\227937.exe c:\documents and settings\Flo\Application Data\drivers\downld\233375.exe c:\documents and settings\Flo\Application Data\drivers\downld\234062.exe c:\documents and settings\Flo\Application Data\drivers\downld\234562.exe c:\documents and settings\Flo\Application Data\drivers\downld\238171.exe c:\documents and settings\Flo\Application Data\drivers\downld\244531.exe c:\documents and settings\Flo\Application Data\drivers\downld\246203.exe c:\documents and settings\Flo\Application Data\drivers\downld\246296.exe c:\documents and settings\Flo\Application Data\drivers\downld\247078.exe c:\documents and settings\Flo\Application Data\drivers\downld\249562.exe c:\documents and settings\Flo\Application Data\drivers\downld\250500.exe c:\documents and settings\Flo\Application Data\drivers\downld\250609.exe c:\documents and settings\Flo\Application Data\drivers\downld\256343.exe c:\documents and settings\Flo\Application Data\drivers\downld\256640.exe c:\documents and settings\Flo\Application Data\drivers\downld\258000.exe c:\documents and settings\Flo\Application Data\drivers\downld\258031.exe c:\documents and settings\Flo\Application Data\drivers\downld\258609.exe c:\documents and settings\Flo\Application Data\drivers\downld\258812.exe c:\documents and settings\Flo\Application Data\drivers\downld\259046.exe c:\documents and settings\Flo\Application Data\drivers\downld\259328.exe c:\documents and settings\Flo\Application Data\drivers\downld\259546.exe c:\documents and settings\Flo\Application Data\drivers\downld\260562.exe c:\documents and settings\Flo\Application Data\drivers\downld\265000.exe c:\documents and settings\Flo\Application Data\drivers\downld\265234.exe c:\documents and settings\Flo\Application Data\drivers\downld\265625.exe c:\documents and settings\Flo\Application Data\drivers\downld\266062.exe c:\documents and settings\Flo\Application Data\drivers\downld\266546.exe c:\documents and settings\Flo\Application Data\drivers\downld\266906.exe c:\documents and settings\Flo\Application Data\drivers\downld\267046.exe c:\documents and settings\Flo\Application Data\drivers\downld\267203.exe c:\documents and settings\Flo\Application Data\drivers\downld\267500.exe c:\documents and settings\Flo\Application Data\drivers\downld\268109.exe c:\documents and settings\Flo\Application Data\drivers\downld\268156.exe c:\documents and settings\Flo\Application Data\drivers\downld\268906.exe c:\documents and settings\Flo\Application Data\drivers\downld\269609.exe c:\documents and settings\Flo\Application Data\drivers\downld\271687.exe c:\documents and settings\Flo\Application Data\drivers\downld\271828.exe c:\documents and settings\Flo\Application Data\drivers\downld\272890.exe c:\documents and settings\Flo\Application Data\drivers\downld\274203.exe c:\documents and settings\Flo\Application Data\drivers\downld\275000.exe c:\documents and settings\Flo\Application Data\drivers\downld\276109.exe c:\documents and settings\Flo\Application Data\drivers\downld\277093.exe c:\documents and settings\Flo\Application Data\drivers\downld\277578.exe c:\documents and settings\Flo\Application Data\drivers\downld\277953.exe c:\documents and settings\Flo\Application Data\drivers\downld\278468.exe c:\documents and settings\Flo\Application Data\drivers\downld\279562.exe c:\documents and settings\Flo\Application Data\drivers\downld\280109.exe c:\documents and settings\Flo\Application Data\drivers\downld\280437.exe c:\documents and settings\Flo\Application Data\drivers\downld\280984.exe c:\documents and settings\Flo\Application Data\drivers\downld\282015.exe c:\documents and settings\Flo\Application Data\drivers\downld\282609.exe c:\documents and settings\Flo\Application Data\drivers\downld\284312.exe c:\documents and settings\Flo\Application Data\drivers\downld\289578.exe c:\documents and settings\Flo\Application Data\drivers\downld\290359.exe c:\documents and settings\Flo\Application Data\drivers\downld\290750.exe c:\documents and settings\Flo\Application Data\drivers\downld\293375.exe c:\documents and settings\Flo\Application Data\drivers\downld\29342421.exe c:\documents and settings\Flo\Application Data\drivers\downld\29342750.exe c:\documents and settings\Flo\Application Data\drivers\downld\29342765.exe c:\documents and settings\Flo\Application Data\drivers\downld\29345906.exe c:\documents and settings\Flo\Application Data\drivers\downld\29365984.exe c:\documents and settings\Flo\Application Data\drivers\downld\29366531.exe c:\documents and settings\Flo\Application Data\drivers\downld\29367000.exe c:\documents and settings\Flo\Application Data\drivers\downld\29383156.exe c:\documents and settings\Flo\Application Data\drivers\downld\29391109.exe c:\documents and settings\Flo\Application Data\drivers\downld\29398140.exe c:\documents and settings\Flo\Application Data\drivers\downld\29398640.exe c:\documents and settings\Flo\Application Data\drivers\downld\29399031.exe c:\documents and settings\Flo\Application Data\drivers\downld\29427296.exe c:\documents and settings\Flo\Application Data\drivers\downld\29427515.exe c:\documents and settings\Flo\Application Data\drivers\downld\29427609.exe c:\documents and settings\Flo\Application Data\drivers\downld\29440312.exe c:\documents and settings\Flo\Application Data\drivers\downld\29441531.exe c:\documents and settings\Flo\Application Data\drivers\downld\29442359.exe c:\documents and settings\Flo\Application Data\drivers\downld\29443125.exe c:\documents and settings\Flo\Application Data\drivers\downld\29443875.exe c:\documents and settings\Flo\Application Data\drivers\downld\29444531.exe c:\documents and settings\Flo\Application Data\drivers\downld\29464406.exe c:\documents and settings\Flo\Application Data\drivers\downld\29464984.exe c:\documents and settings\Flo\Application Data\drivers\downld\29465281.exe c:\documents and settings\Flo\Application Data\drivers\downld\29472593.exe c:\documents and settings\Flo\Application Data\drivers\downld\29482078.exe c:\documents and settings\Flo\Application Data\drivers\downld\29482812.exe c:\documents and settings\Flo\Application Data\drivers\downld\29483125.exe c:\documents and settings\Flo\Application Data\drivers\downld\29514125.exe c:\documents and settings\Flo\Application Data\drivers\downld\29514656.exe c:\documents and settings\Flo\Application Data\drivers\downld\29514937.exe c:\documents and settings\Flo\Application Data\drivers\downld\296687.exe c:\documents and settings\Flo\Application Data\drivers\downld\297125.exe c:\documents and settings\Flo\Application Data\drivers\downld\297218.exe c:\documents and settings\Flo\Application Data\drivers\downld\299859.exe c:\documents and settings\Flo\Application Data\drivers\downld\301078.exe c:\documents and settings\Flo\Application Data\drivers\downld\301265.exe c:\documents and settings\Flo\Application Data\drivers\downld\301812.exe c:\documents and settings\Flo\Application Data\drivers\downld\302453.exe c:\documents and settings\Flo\Application Data\drivers\downld\304812.exe c:\documents and settings\Flo\Application Data\drivers\downld\305109.exe c:\documents and settings\Flo\Application Data\drivers\downld\306953.exe c:\documents and settings\Flo\Application Data\drivers\downld\307109.exe c:\documents and settings\Flo\Application Data\drivers\downld\307125.exe c:\documents and settings\Flo\Application Data\drivers\downld\307625.exe c:\documents and settings\Flo\Application Data\drivers\downld\307671.exe c:\documents and settings\Flo\Application Data\drivers\downld\307968.exe c:\documents and settings\Flo\Application Data\drivers\downld\308203.exe c:\documents and settings\Flo\Application Data\drivers\downld\308468.exe c:\documents and settings\Flo\Application Data\drivers\downld\309078.exe c:\documents and settings\Flo\Application Data\drivers\downld\309359.exe c:\documents and settings\Flo\Application Data\drivers\downld\309437.exe c:\documents and settings\Flo\Application Data\drivers\downld\309781.exe c:\documents and settings\Flo\Application Data\drivers\downld\310312.exe c:\documents and settings\Flo\Application Data\drivers\downld\310984.exe c:\documents and settings\Flo\Application Data\drivers\downld\311875.exe c:\documents and settings\Flo\Application Data\drivers\downld\312546.exe c:\documents and settings\Flo\Application Data\drivers\downld\313171.exe c:\documents and settings\Flo\Application Data\drivers\downld\313312.exe c:\documents and settings\Flo\Application Data\drivers\downld\313593.exe c:\documents and settings\Flo\Application Data\drivers\downld\314031.exe c:\documents and settings\Flo\Application Data\drivers\downld\314578.exe c:\documents and settings\Flo\Application Data\drivers\downld\314875.exe c:\documents and settings\Flo\Application Data\drivers\downld\315578.exe c:\documents and settings\Flo\Application Data\drivers\downld\315875.exe c:\documents and settings\Flo\Application Data\drivers\downld\320046.exe c:\documents and settings\Flo\Application Data\drivers\downld\321578.exe c:\documents and settings\Flo\Application Data\drivers\downld\323015.exe c:\documents and settings\Flo\Application Data\drivers\downld\323781.exe c:\documents and settings\Flo\Application Data\drivers\downld\324515.exe c:\documents and settings\Flo\Application Data\drivers\downld\325156.exe c:\documents and settings\Flo\Application Data\drivers\downld\325484.exe c:\documents and settings\Flo\Application Data\drivers\downld\325578.exe c:\documents and settings\Flo\Application Data\drivers\downld\328453.exe c:\documents and settings\Flo\Application Data\drivers\downld\329984.exe c:\documents and settings\Flo\Application Data\drivers\downld\330234.exe c:\documents and settings\Flo\Application Data\drivers\downld\330687.exe c:\documents and settings\Flo\Application Data\drivers\downld\334828.exe c:\documents and settings\Flo\Application Data\drivers\downld\335750.exe c:\documents and settings\Flo\Application Data\drivers\downld\335781.exe c:\documents and settings\Flo\Application Data\drivers\downld\336078.exe c:\documents and settings\Flo\Application Data\drivers\downld\336500.exe c:\documents and settings\Flo\Application Data\drivers\downld\337812.exe c:\documents and settings\Flo\Application Data\drivers\downld\342250.exe c:\documents and settings\Flo\Application Data\drivers\downld\342765.exe c:\documents and settings\Flo\Application Data\drivers\downld\343187.exe c:\documents and settings\Flo\Application Data\drivers\downld\343390.exe c:\documents and settings\Flo\Application Data\drivers\downld\343781.exe c:\documents and settings\Flo\Application Data\drivers\downld\343906.exe c:\documents and settings\Flo\Application Data\drivers\downld\344656.exe c:\documents and settings\Flo\Application Data\drivers\downld\345187.exe c:\documents and settings\Flo\Application Data\drivers\downld\345203.exe c:\documents and settings\Flo\Application Data\drivers\downld\345625.exe c:\documents and settings\Flo\Application Data\drivers\downld\346718.exe c:\documents and settings\Flo\Application Data\drivers\downld\347625.exe c:\documents and settings\Flo\Application Data\drivers\downld\347828.exe c:\documents and settings\Flo\Application Data\drivers\downld\349046.exe c:\documents and settings\Flo\Application Data\drivers\downld\350453.exe c:\documents and settings\Flo\Application Data\drivers\downld\350828.exe c:\documents and settings\Flo\Application Data\drivers\downld\351000.exe c:\documents and settings\Flo\Application Data\drivers\downld\351078.exe c:\documents and settings\Flo\Application Data\drivers\downld\354843.exe c:\documents and settings\Flo\Application Data\drivers\downld\358421.exe c:\documents and settings\Flo\Application Data\drivers\downld\359093.exe c:\documents and settings\Flo\Application Data\drivers\downld\359937.exe c:\documents and settings\Flo\Application Data\drivers\downld\360203.exe c:\documents and settings\Flo\Application Data\drivers\downld\360437.exe c:\documents and settings\Flo\Application Data\drivers\downld\374921.exe c:\documents and settings\Flo\Application Data\drivers\downld\375656.exe c:\documents and settings\Flo\Application Data\drivers\downld\375718.exe c:\documents and settings\Flo\Application Data\drivers\downld\387687.exe c:\documents and settings\Flo\Application Data\drivers\downld\388984.exe c:\documents and settings\Flo\Application Data\drivers\downld\389468.exe c:\documents and settings\Flo\Application Data\drivers\downld\390453.exe c:\documents and settings\Flo\Application Data\drivers\downld\391218.exe c:\documents and settings\Flo\Application Data\drivers\downld\391703.exe c:\documents and settings\Flo\Application Data\drivers\downld\396187.exe c:\documents and settings\Flo\Application Data\drivers\downld\397078.exe c:\documents and settings\Flo\Application Data\drivers\downld\397156.exe c:\documents and settings\Flo\Application Data\drivers\downld\406437.exe c:\documents and settings\Flo\Application Data\drivers\downld\408093.exe c:\documents and settings\Flo\Application Data\drivers\downld\409140.exe c:\documents and settings\Flo\Application Data\drivers\downld\410031.exe c:\documents and settings\Flo\Application Data\drivers\downld\410125.exe c:\documents and settings\Flo\Application Data\drivers\downld\410859.exe c:\documents and settings\Flo\Application Data\drivers\downld\411078.exe c:\documents and settings\Flo\Application Data\drivers\downld\411468.exe c:\documents and settings\Flo\Application Data\drivers\downld\412218.exe c:\documents and settings\Flo\Application Data\drivers\downld\412656.exe c:\documents and settings\Flo\Application Data\drivers\downld\413406.exe c:\documents and settings\Flo\Application Data\drivers\downld\414203.exe c:\documents and settings\Flo\Application Data\drivers\downld\415312.exe c:\documents and settings\Flo\Application Data\drivers\downld\420187.exe c:\documents and settings\Flo\Application Data\drivers\downld\421828.exe c:\documents and settings\Flo\Application Data\drivers\downld\421890.exe c:\documents and settings\Flo\Application Data\drivers\downld\422406.exe c:\documents and settings\Flo\Application Data\drivers\downld\422750.exe c:\documents and settings\Flo\Application Data\drivers\downld\423125.exe c:\documents and settings\Flo\Application Data\drivers\downld\423671.exe c:\documents and settings\Flo\Application Data\drivers\downld\424468.exe c:\documents and settings\Flo\Application Data\drivers\downld\425375.exe c:\documents and settings\Flo\Application Data\drivers\downld\426156.exe c:\documents and settings\Flo\Application Data\drivers\downld\429531.exe c:\documents and settings\Flo\Application Data\drivers\downld\431078.exe c:\documents and settings\Flo\Application Data\drivers\downld\431656.exe c:\documents and settings\Flo\Application Data\drivers\downld\436218.exe c:\documents and settings\Flo\Application Data\drivers\downld\437125.exe c:\documents and settings\Flo\Application Data\drivers\downld\437515.exe c:\documents and settings\Flo\Application Data\drivers\downld\446171.exe c:\documents and settings\Flo\Application Data\drivers\downld\446953.exe c:\documents and settings\Flo\Application Data\drivers\downld\446984.exe c:\documents and settings\Flo\Application Data\drivers\downld\447343.exe c:\documents and settings\Flo\Application Data\drivers\downld\454046.exe c:\documents and settings\Flo\Application Data\drivers\downld\456296.exe c:\documents and settings\Flo\Application Data\drivers\downld\459781.exe c:\documents and settings\Flo\Application Data\drivers\downld\460406.exe c:\documents and settings\Flo\Application Data\drivers\downld\460578.exe c:\documents and settings\Flo\Application Data\drivers\downld\461453.exe c:\documents and settings\Flo\Application Data\drivers\downld\464500.exe c:\documents and settings\Flo\Application Data\drivers\downld\465468.exe c:\documents and settings\Flo\Application Data\drivers\downld\465687.exe c:\documents and settings\Flo\Application Data\drivers\downld\467687.exe c:\documents and settings\Flo\Application Data\drivers\downld\468906.exe c:\documents and settings\Flo\Application Data\drivers\downld\483718.exe c:\documents and settings\Flo\Application Data\drivers\downld\484984.exe c:\documents and settings\Flo\Application Data\drivers\downld\486750.exe c:\documents and settings\Flo\Application Data\drivers\downld\488375.exe c:\documents and settings\Flo\Application Data\drivers\downld\489750.exe c:\documents and settings\Flo\Application Data\drivers\downld\490687.exe c:\documents and settings\Flo\Application Data\drivers\downld\494015.exe c:\documents and settings\Flo\Application Data\drivers\downld\494812.exe c:\documents and settings\Flo\Application Data\drivers\downld\495078.exe c:\documents and settings\Flo\Application Data\drivers\downld\495531.exe c:\documents and settings\Flo\Application Data\drivers\downld\502984.exe c:\documents and settings\Flo\Application Data\drivers\downld\516421.exe c:\documents and settings\Flo\Application Data\drivers\downld\517843.exe c:\documents and settings\Flo\Application Data\drivers\downld\518312.exe c:\documents and settings\Flo\Application Data\drivers\downld\526140.exe c:\documents and settings\Flo\Application Data\drivers\downld\531296.exe c:\documents and settings\Flo\Application Data\drivers\downld\531828.exe c:\documents and settings\Flo\Application Data\drivers\downld\537078.exe c:\documents and settings\Flo\Application Data\drivers\downld\538390.exe c:\documents and settings\Flo\Application Data\drivers\downld\539062.exe c:\documents and settings\Flo\Application Data\drivers\downld\561906.exe c:\documents and settings\Flo\Application Data\drivers\downld\564640.exe c:\documents and settings\Flo\Application Data\drivers\downld\566515.exe c:\documents and settings\Flo\Application Data\drivers\downld\566859.exe c:\documents and settings\Flo\Application Data\drivers\downld\576375.exe c:\documents and settings\Flo\Application Data\drivers\downld\577515.exe c:\documents and settings\Flo\Application Data\drivers\downld\577984.exe c:\documents and settings\Flo\Application Data\drivers\downld\590500.exe c:\documents and settings\Flo\Application Data\drivers\downld\592156.exe c:\documents and settings\Flo\Application Data\drivers\downld\592625.exe c:\documents and settings\Flo\Application Data\drivers\downld\67062.exe c:\documents and settings\Flo\Application Data\drivers\downld\67703.exe c:\documents and settings\Flo\Application Data\drivers\downld\67750.exe c:\documents and settings\Flo\Application Data\drivers\downld\69359.exe c:\documents and settings\Flo\Application Data\drivers\downld\70250.exe c:\documents and settings\Flo\Application Data\drivers\downld\73187.exe c:\documents and settings\Flo\Application Data\drivers\downld\73453.exe c:\documents and settings\Flo\Application Data\drivers\downld\73484.exe c:\documents and settings\Flo\Application Data\drivers\downld\74078.exe c:\documents and settings\Flo\Application Data\drivers\downld\74140.exe c:\documents and settings\Flo\Application Data\drivers\downld\74812.exe c:\documents and settings\Flo\Application Data\drivers\downld\74828.exe c:\documents and settings\Flo\Application Data\drivers\downld\75250.exe c:\documents and settings\Flo\Application Data\drivers\downld\75437.exe c:\documents and settings\Flo\Application Data\drivers\downld\76671.exe c:\documents and settings\Flo\Application Data\drivers\downld\76828.exe c:\documents and settings\Flo\Application Data\drivers\downld\76843.exe c:\documents and settings\Flo\Application Data\drivers\downld\78156.exe c:\documents and settings\Flo\Application Data\drivers\downld\79343.exe c:\documents and settings\Flo\Application Data\drivers\downld\79968.exe c:\documents and settings\Flo\Application Data\drivers\downld\80265.exe c:\documents and settings\Flo\Application Data\drivers\downld\81156.exe c:\documents and settings\Flo\Application Data\drivers\downld\82984.exe c:\documents and settings\Flo\Application Data\drivers\downld\83453.exe c:\documents and settings\Flo\Application Data\drivers\downld\87234.exe c:\documents and settings\Flo\Application Data\drivers\downld\87828.exe c:\documents and settings\Flo\Application Data\drivers\downld\88000.exe c:\documents and settings\Flo\Application Data\drivers\downld\88156.exe c:\documents and settings\Flo\Application Data\drivers\downld\90390.exe c:\documents and settings\Flo\Application Data\drivers\downld\92687.exe c:\documents and settings\Flo\Application Data\drivers\downld\93000.exe c:\documents and settings\Flo\Application Data\drivers\downld\94453.exe c:\documents and settings\Flo\Application Data\drivers\downld\94562.exe c:\documents and settings\Flo\Application Data\drivers\downld\94671.exe c:\documents and settings\Flo\Application Data\drivers\downld\96046.exe c:\documents and settings\Flo\Application Data\drivers\downld\99984.exe c:\documents and settings\Flo\Application Data\drivers\srosa.sys c:\documents and settings\Flo\Application Data\drivers\srosa2.sys c:\documents and settings\Flo\Application Data\drivers\winupgro.exe c:\documents and settings\Flo\Application Data\m c:\documents and settings\Flo\Application Data\m\data.oct c:\documents and settings\Flo\Application Data\m\flec006.exe c:\documents and settings\Flo\Application Data\m\list.oct c:\documents and settings\Flo\Application Data\m\shared\[0].Avast.Antivirus.Pro.v4.7.844.Fr.Incl-Keygen.zip c:\documents and settings\Flo\Application Data\m\shared\[game-mobile.java].Nokia.Samsung.Sony.Motorola.Siemens.Soccer Pack.zip c:\documents and settings\Flo\Application Data\m\shared\[u]0/u01 File Joiner and Splitter 4.0.zip c:\documents and settings\Flo\Application Data\m\shared\360Share Pro 4.13.1.zip c:\documents and settings\Flo\Application Data\m\shared\AcaStat 6.0.2.zip c:\documents and settings\Flo\Application Data\m\shared\ACCESS Dictionary French Swedish 1.0.zip c:\documents and settings\Flo\Application Data\m\shared\Agree AVI WMV MPEG ASF 3GP to iPod Converter 4.0.zip c:\documents and settings\Flo\Application Data\m\shared\Alt WMA to MP3 Converter 2.5.zip c:\documents and settings\Flo\Application Data\m\shared\AMS Audio Masking System 1.00.zip c:\documents and settings\Flo\Application Data\m\shared\APM Structure 3D LT 9.2.zip c:\documents and settings\Flo\Application Data\m\shared\Aston Secure Desktop 1.9.6.zip c:\documents and settings\Flo\Application Data\m\shared\Astrology for Lovers 2.21.zip c:\documents and settings\Flo\Application Data\m\shared\AutoTXTMe 1.0.3.zip c:\documents and settings\Flo\Application Data\m\shared\Babya Logic 1.0.zip c:\documents and settings\Flo\Application Data\m\shared\Barnes Ballistics 2.0.8.zip c:\documents and settings\Flo\Application Data\m\shared\Baseball ScoreBook 3.4.zip c:\documents and settings\Flo\Application Data\m\shared\Basic Setup Builder 1.0.zip c:\documents and settings\Flo\Application Data\m\shared\BIGSPEED Video Compression SDK 1.0.zip c:\documents and settings\Flo\Application Data\m\shared\Brooke Burke Screensaver Set 1.zip c:\documents and settings\Flo\Application Data\m\shared\Calendar Universal 1.0.zip c:\documents and settings\Flo\Application Data\m\shared\Capcom.com Web Search 1.0.zip c:\documents and settings\Flo\Application Data\m\shared\CD Mate 2.5.4.17.zip c:\documents and settings\Flo\Application Data\m\shared\Chevrolet Silverado Screensaver 1.zip c:\documents and settings\Flo\Application Data\m\shared\Chinese Character Bible 5.1.zip c:\documents and settings\Flo\Application Data\m\shared\Circle-U 1.0.zip c:\documents and settings\Flo\Application Data\m\shared\ClinicGate Standard 2.8.zip c:\documents and settings\Flo\Application Data\m\shared\ComputerSafe 3.0.0.5.zip c:\documents and settings\Flo\Application Data\m\shared\Content Infinity 3.zip c:\documents and settings\Flo\Application Data\m\shared\Cool Toys Finder 1.1.zip c:\documents and settings\Flo\Application Data\m\shared\CuperUtilities Privacy Eraser 2.01.zip c:\documents and settings\Flo\Application Data\m\shared\DBF to SQL2000 2.02.zip c:\documents and settings\Flo\Application Data\m\shared\Delicious Fruits and Cakes 1.4.zip c:\documents and settings\Flo\Application Data\m\shared\DGS Check 3.2.zip c:\documents and settings\Flo\Application Data\m\shared\Disk Speed Test 1.1.40.5.zip c:\documents and settings\Flo\Application Data\m\shared\DivX Create Bundle (incl. DivX Player) 6.8.5.11.zip c:\documents and settings\Flo\Application Data\m\shared\DSS 060205JHS.zip c:\documents and settings\Flo\Application Data\m\shared\DVDComposer 1.0.5.zip c:\documents and settings\Flo\Application Data\m\shared\EaseUs Data Recovery Wizard Professional 4.3.6.zip c:\documents and settings\Flo\Application Data\m\shared\Easy CD Ripper 2.3.10.zip c:\documents and settings\Flo\Application Data\m\shared\Easy Photo Editor 1.8.zip c:\documents and settings\Flo\Application Data\m\shared\EkinSis Hide Folder 1.0.zip c:\documents and settings\Flo\Application Data\m\shared\Elecard AVC plugin for ProgDVB 1.0.70405.zip c:\documents and settings\Flo\Application Data\m\shared\Elegant Stickies 1.2.zip c:\documents and settings\Flo\Application Data\m\shared\ESet.NOD32.v2.50.16.Win2KXP.Cracked.READ.NFO-KYA.zip c:\documents and settings\Flo\Application Data\m\shared\Evolynx RADIUS Load Test Utility 2.0.zip c:\documents and settings\Flo\Application Data\m\shared\EzBrowser Tabbed Webbrowser 1.0.zip c:\documents and settings\Flo\Application Data\m\shared\File String Finder 1.0.zip c:\documents and settings\Flo\Application Data\m\shared\Flash Media Player 3.51.zip c:\documents and settings\Flo\Application Data\m\shared\FM Books Connector.zip c:\documents and settings\Flo\Application Data\m\shared\FocalPoint Image Browser 1.4.2.zip c:\documents and settings\Flo\Application Data\m\shared\FontNames 3.zip c:\documents and settings\Flo\Application Data\m\shared\Force Content-Type 1.2.1.zip c:\documents and settings\Flo\Application Data\m\shared\FoxoSoft PPT to Image 2.4.zip c:\documents and settings\Flo\Application Data\m\shared\Free Precision Rip 1.0.zip c:\documents and settings\Flo\Application Data\m\shared\FreeMouse 1.0.zip c:\documents and settings\Flo\Application Data\m\shared\Frequency Filer 4.42.zip c:\documents and settings\Flo\Application Data\m\shared\FroogleUp 1.2.0.zip c:\documents and settings\Flo\Application Data\m\shared\FTP Commander 8.0.zip c:\documents and settings\Flo\Application Data\m\shared\Game Accelerator 7.9.95.zip c:\documents and settings\Flo\Application Data\m\shared\Get Remote File System Rights 3.0.0.3.zip c:\documents and settings\Flo\Application Data\m\shared\Ghost Forest Screen Saver 1 1.5.zip c:\documents and settings\Flo\Application Data\m\shared\Glu Mobile Zuma v1.1.0.zip c:\documents and settings\Flo\Application Data\m\shared\gMail for your domain Monitor 0.5.zip c:\documents and settings\Flo\Application Data\m\shared\Grisoft.AVG.AntiVirus.Pro.v7.5.441.Incl.KeyGen-SSG.zip c:\documents and settings\Flo\Application Data\m\shared\Halloween Bubbles Screensaver 1.0.zip c:\documents and settings\Flo\Application Data\m\shared\Harry Potter Clock 2.0.zip c:\documents and settings\Flo\Application Data\m\shared\Hells Gate ScreenSaver 6.0.zip c:\documents and settings\Flo\Application Data\m\shared\IconEdit 0.9b.zip c:\documents and settings\Flo\Application Data\m\shared\iCopy - Simple Photocopier 1.43.zip c:\documents and settings\Flo\Application Data\m\shared\ImagePurge 1.0 Beta.zip c:\documents and settings\Flo\Application Data\m\shared\iOrgSoft MP4 Video Converter 1.6.0.zip c:\documents and settings\Flo\Application Data\m\shared\King Clock Spirit 2.0.zip c:\documents and settings\Flo\Application Data\m\shared\LDAP Plugin 1.01.zip c:\documents and settings\Flo\Application Data\m\shared\liveDJpro Aqua Edition 1.4.595.zip c:\documents and settings\Flo\Application Data\m\shared\Loving Diana toolbar for Firefox 1.0.1.30.zip c:\documents and settings\Flo\Application Data\m\shared\Market Reflex 1.2.zip c:\documents and settings\Flo\Application Data\m\shared\Marocco 1.0.zip c:\documents and settings\Flo\Application Data\m\shared\MB Free Zodiac Compatibility 1.25.zip c:\documents and settings\Flo\Application Data\m\shared\Metty Meta Tag Maker 1.31.zip c:\documents and settings\Flo\Application Data\m\shared\Microsoft Office - CS3 Icons.zip c:\documents and settings\Flo\Application Data\m\shared\mirabyte Feed Writer 1.5.3.zip c:\documents and settings\Flo\Application Data\m\shared\MixPad 1.14.zip c:\documents and settings\Flo\Application Data\m\shared\Mountain Lakes Screensaver 1.0.zip c:\documents and settings\Flo\Application Data\m\shared\MX Webshots Photo Downloader 1.0.375.0.zip c:\documents and settings\Flo\Application Data\m\shared\Naturpic Video Joiner 1.20.zip c:\documents and settings\Flo\Application Data\m\shared\NetWebDownload .Net Component 1.0.0.0.zip c:\documents and settings\Flo\Application Data\m\shared\Newzip 1.9b1.zip c:\documents and settings\Flo\Application Data\m\shared\OMNI-BOOT 1.0.zip c:\documents and settings\Flo\Application Data\m\shared\Panda.Antivirus.Titanium.2005.(crackeado.y.con.contrasenya).zip c:\documents and settings\Flo\Application Data\m\shared\Password Maintenance 2.29.zip c:\documents and settings\Flo\Application Data\m\shared\Password Recovery Toolbox 1.2.zip c:\documents and settings\Flo\Application Data\m\shared\Pitfall Caves - Esp_ ByJJ 2005 Nokia s40-60.zip c:\documents and settings\Flo\Application Data\m\shared\Prevx1.52(2)buono.sicuro.zip c:\documents and settings\Flo\Application Data\m\shared\PrintForm 2.1.0.7.zip c:\documents and settings\Flo\Application Data\m\shared\Probability Calc 1.00.zip c:\documents and settings\Flo\Application Data\m\shared\ProcAlert 1.3.4.2750.zip c:\documents and settings\Flo\Application Data\m\shared\ProxyWidget 1.2.zip c:\documents and settings\Flo\Application Data\m\shared\QuantumDC 0.002.zip c:\documents and settings\Flo\Application Data\m\shared\Rapid-Emailer 2.0.2.zip c:\documents and settings\Flo\Application Data\m\shared\Recovery Mechanic 4.0.zip c:\documents and settings\Flo\Application Data\m\shared\RegEditX 2.0.zip c:\documents and settings\Flo\Application Data\m\shared\ResSched 8.2d.zip c:\documents and settings\Flo\Application Data\m\shared\RomanNumbers 1.01.zip c:\documents and settings\Flo\Application Data\m\shared\Scratch DE 1.26b.zip c:\documents and settings\Flo\Application Data\m\shared\SensorKleen Pro 2.1.2.zip c:\documents and settings\Flo\Application Data\m\shared\Setdate 1.2.1.zip c:\documents and settings\Flo\Application Data\m\shared\ShowFont - Windows Font Lister 1.12.zip c:\documents and settings\Flo\Application Data\m\shared\Skype Lite 3.6.32.244.zip c:\documents and settings\Flo\Application Data\m\shared\SMTP Server Pro 3.1.zip c:\documents and settings\Flo\Application Data\m\shared\Sonic Visualiser 1.0 pre3.zip c:\documents and settings\Flo\Application Data\m\shared\Spb Mobile DVD 1.1.0 build 110.zip c:\documents and settings\Flo\Application Data\m\shared\Spicy ZIP Calculator 1.0.zip c:\documents and settings\Flo\Application Data\m\shared\SplitIt System 1.0.zip c:\documents and settings\Flo\Application Data\m\shared\Stellar Phoenix FAT & NTFS - Data Recovery Software 2.1.zip c:\documents and settings\Flo\Application Data\m\shared\StraightForward Tools 2.0.zip c:\documents and settings\Flo\Application Data\m\shared\Talksport Radio 1.1.zip c:\documents and settings\Flo\Application Data\m\shared\Telnet Ftp Server 1.0.1250.zip c:\documents and settings\Flo\Application Data\m\shared\The Snowdrop Screensaver 1.2.zip c:\documents and settings\Flo\Application Data\m\shared\Toddler Keys .97.zip c:\documents and settings\Flo\Application Data\m\shared\ToDoList 5.4 Beta.zip c:\documents and settings\Flo\Application Data\m\shared\USB Redirector RDP Edition 1.3.3.zip c:\documents and settings\Flo\Application Data\m\shared\Velox Calendar and Planner 2.01.zip c:\documents and settings\Flo\Application Data\m\shared\WebCam Video Surveillance Motion Detect 2.0.6.0 Final.zip c:\documents and settings\Flo\Application Data\m\shared\WinRegChanger 3.0.293.zip c:\documents and settings\Flo\Application Data\m\shared\wmlbrowser 0.7.18.zip c:\documents and settings\Flo\Application Data\m\shared\XML Reference.zip c:\documents and settings\Flo\Application Data\m\shared\ZAP Media Lite 3.50.zip c:\documents and settings\Flo\Application Data\m\shared\Zip Solution 4.3.zip c:\documents and settings\Flo\Application Data\m\srvlist.oct c:\documents and settings\Flo\Local Settings\Application Data\isyuo.dat c:\documents and settings\Flo\Local Settings\Application Data\isyuo.exe c:\documents and settings\Flo\Local Settings\Application Data\isyuo_nav.dat c:\documents and settings\Flo\Local Settings\Application Data\isyuo_navps.dat c:\windows\Downloaded Program Files\setup.inf c:\windows\system32\ban_list.txt c:\windows\system32\mdelk.exe c:\windows\system32\mdm.exe c:\windows\system32\wintems.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_SROSA -------\Legacy_SROSA -------\Legacy_SK9OU0S -------\Service_sK9Ou0s ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-07 au 2009-01-07 )))))))))))))))))))))))))))))))))))) . 2009-01-07 00:26 . 2009-01-07 00:26 d-------- c:\program files\CCleaner 2009-01-06 23:34 . 2009-01-06 23:34 3,120 --a------ c:\windows\system32\118290.54 2009-01-06 23:34 . 2009-01-06 23:34 3,120 --a------ c:\windows\118294.78 2009-01-06 23:33 . 1996-08-20 20:37 15,840 --a------ c:\windows\system32\Machnm1.exe 2009-01-06 23:33 . 2005-09-25 16:37 5,632 --a------ c:\windows\system32\Machnm64.sys 2009-01-06 23:33 . 2003-08-13 00:27 2,304 --a------ c:\windows\system32\Machnm32.sys 2009-01-06 23:09 . 2009-01-06 23:09 d-------- c:\program files\Panda Security 2009-01-06 22:19 . 2009-01-07 00:16 d-------- c:\program files\FindyKill 2009-01-06 19:35 . 2009-01-06 23:43 d-------- c:\windows\BDOSCAN8 2009-01-05 13:56 . 2009-01-05 13:56 d-------- c:\documents and settings\Flo\Application Data\AVGTOOLBAR 2009-01-04 00:52 . 2009-01-07 02:48 d--h----- c:\documents and settings\Flo\Application Data\drivers 2008-12-23 12:03 . 2008-12-23 12:03 d-------- C:\Poker 2008-12-08 19:21 . 2008-12-08 19:22 d-------- c:\program files\QuickTime 2008-12-08 19:21 . 2008-12-08 19:21 d-------- c:\program files\Fichiers communs\Apple . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-06 23:18 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-06 20:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-05 15:24 --------- d-----w c:\program files\eMule 2009-01-05 14:46 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2008-12-18 13:10 --------- d-----w c:\program files\TuneUp Utilities 2006 2008-12-08 18:21 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2008-12-04 18:32 --------- d-----w c:\program files\SFR 1999-04-06 12:27 99,840 -c--a-w c:\program files\Fichiers communs\IRAABOUT.DLL 1998-12-09 02:53 70,144 -c--a-w c:\program files\Fichiers communs\IRAMDMTR.DLL 1998-12-09 02:53 48,640 -c--a-w c:\program files\Fichiers communs\IRALPTTR.DLL 1998-12-09 02:53 31,744 -c--a-w c:\program files\Fichiers communs\IRAWEBTR.DLL 1998-12-09 02:53 186,368 -c--a-w c:\program files\Fichiers communs\IRAREG.DLL 1998-12-09 02:53 17,920 -c--a-w c:\program files\Fichiers communs\IRASRIAL.DLL 2004-12-13 18:27 8 -csh--r c:\windows\system32\EAB808E419.sys 2004-12-13 18:27 4,184 -csha-w c:\windows\system32\KGyGaAvL.sys 2008-08-27 15:43 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082720080828\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-05-21 160592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-08 159744] "D-Link AirPlus XtremeG"="c:\program files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2005-08-04 1294336] "HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-05-22 483328] "HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 49152] "Autoconfigurateur WiFi SFR"="c:\program files\SFR\Kit\WiFi\9wifi.exe" [2008-09-01 287984] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "AGRSMMSG"="AGRSMMSG.exe" [2004-01-30 c:\windows\AGRSMMSG.exe] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 c:\windows\LOGI_MWX.EXE] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codecp.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^LUMIX Simple Viewer.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\LUMIX Simple Viewer.lnk backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "LDM"=c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe "swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "MMTray"=c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe "UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r "mmtask"=c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe "EPSON Stylus Photo RX520 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520" "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe "HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe "BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "\LEGROS\EPSON Stylus Photo RX520 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P40 "\LEGROS\EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520" "nwiz"=nwiz.exe /install "Cpqset"=c:\program files\HPQ\Default Settings\cpqset.exe "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" /Start [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "c:\Program Files\Messenger\msmsgs.exe"= "c:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "c:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"= "c:\Program Files\eMule\emule.exe"= "c:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "c:\Program Files\Windows Live\Messenger\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "25491:TCP"= 25491:TCP:emule_TCP "50920:UDP"= 50920:UDP:eMule_UDP "4662:TCP"= 4662:TCP:emule_tcp "4662:UDP"= 4662:UDP:emule_udp "4711:TCP"= 4711:TCP:emule_tcp "4672:TCP"= 4672:TCP:Emule TCP [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowOutboundDestinationUnreachable"= 1 (0x1) "AllowOutboundSourceQuench"= 1 (0x1) "AllowOutboundTimeExceeded"= 1 (0x1) "AllowRedirect"= 1 (0x1) R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-03-22 547744] S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;c:\windows\system32\drivers\usbiad.sys [2005-05-18 31547] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{340acdb2-4ef6-11dd-b6e8-0015e98418a7}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe \Shell\Open(&0)\command - Recycled\ctfmon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c29aa511-c2d6-11dd-b749-000fb0416dbe}] \Shell\Auto\command - cmd /C launch.bat \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat . Contenu du dossier 'Tâches planifiées' 2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-01-02 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-11-10 22:03] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe HKCU-Run-isyuo - c:\documents and settings\flo\local settings\application data\isyuo.exe Notify-NavLogon - (no file) . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uInternet Settings,ProxyOverride = localhost uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Enregistrer le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Personnaliser le menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Remplir le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-07 02:51:50 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\wscntfy.exe c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE c:\windows\system32\rundll32.exe c:\program files\Apoint2K\ApntEx.exe . ************************************************************************** . Heure de fin: 2009-01-07 2:59:09 - La machine a redémarré ComboFix-quarantined-files.txt 2009-01-07 01:59:02 Avant-CF: 12,307,824,640 octets libres AprÞs-CF: 12,369,104,896 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=Alwaysoff 753 --- E O F --- 2009-01-07 01:45:48

Destrio5 · Answer

Tu peux faire l'option 2 de FindyKill et poster le rapport ;)

shivafro · Answer

c magique, ca marche...!

rapport findykill:



----------------- FindyKill V4.707 ------------------

* User : Flo - FLORIANE
* executed from : C:\Program Files\FindyKill
* Update on 06/12/08 par Chiquitine29
* Start at  3:30:15 the 07/01/2009
* Windows XP - Internet Explorer 7.0.5730.11
 
 
((((((((((((((( *** deleting *** ))))))))))))))))))  
 
 
--------------- [ Active Processes ] ----------------  
 

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
 
--------------- [ Infected files / folders ] ----------------  
 
 
»»»» Supression files in C: 
 
 
»»»» Supression files in C:\WINDOWS 
 
 
»»»» Supression files in C:\WINDOWS\Prefetch 
 
Deleted ! - C:\WINDOWS\prefetch\103250.EXE-2C9D3F57.pf 
Deleted ! - C:\WINDOWS\prefetch\131828.EXE-119FFF4A.pf 
Deleted ! - C:\WINDOWS\prefetch\141640.EXE-23847329.pf 
Deleted ! - C:\WINDOWS\prefetch\185953.EXE-2C51CD2F.pf 
Deleted ! - C:\WINDOWS\prefetch\219796.EXE-161EBBA0.pf 
Deleted ! - C:\WINDOWS\prefetch\227937.EXE-352A938E.pf 
Deleted ! - C:\WINDOWS\prefetch\307109.EXE-048A7335.pf 
Deleted ! - C:\WINDOWS\prefetch\420187.EXE-2452EA7D.pf 
Deleted ! - C:\WINDOWS\prefetch\526140.EXE-2F079FDA.pf 
Deleted ! - C:\WINDOWS\prefetch\561906.EXE-331FA353.pf 
Deleted ! - C:\WINDOWS\prefetch\94562.EXE-140ABE00.pf 
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-26D1F83A.pf 
Deleted ! - C:\WINDOWS\prefetch\KEYGEN.EXE-074286F1.pf 
Deleted ! - C:\WINDOWS\prefetch\KEYGEN.EXE-373FD45E.pf 
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf 
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf 
 
»»»» Supression files in C:\WINDOWS\system32 
 
 
»»»» Supression files in C:\WINDOWS\system32\drivers 
 
 
»»»» Supression files in C:\Documents and Settings\Flo\Application Data 
 
 
»»»» Supression files in C:\DOCUME~1\Flo\LOCALS~1\Temp 
 
 
»»»» Supression files in C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5 
 
Deleted ! - C:\Documents and Settings\Flo\Local Settings\Application Data\Microsoft\Media Player\Cache d'images\LocalMLS\{BF792C5B-2AB7-4B64-81DD-7A4B08792F32}.jpg    
 
--------------- [  Registry / Infected keys ] ---------------- 
 
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA   
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S   
Deleted ! - HKEY_USERS\S-1-5-21-816922679-1068368558-965301425-1007\Software\Local AppWizard-Generated Applications\keygen   
 
--------------- [ States / Restarting of services ] ---------------- 
 


+- Services : [ Auto=2 / Request=3 / Disable=4 ] 

 Ndisuio - Type of startup  = 3 
 
 EapHost - Type of startup  = 2 
 
 Ip6Fw - Type of startup  = 2 
 
 SharedAccess - Type of startup  = 2 
 
 wuauserv - Type of startup  = 2 
 
 wscsvc - Type of startup  = 2 
 
 
---------------   [ Cleaning removable drives ] ----------------  
 
+- Informations : 

C: - Lecteur fixe

 
+- deleting files : 
 
 
--------------- [ Registry / Mountpoint2 ] ----------------  
 
 
 -> Not found ! 
 
 
--------------- [ Searching Cracks / Keygen ] ----------------  
 
C:\Documents and Settings\Flo\Favoris\Astalavista.MS - Underground search for cracks serials keygens patches warez search, free cracks serials keygens patches, anony.url
 
 
---------------- ! End of report ! ------------------

Destrio5 · Answer

Bien. Il y a encore du nettoyage à faire, tu n'avais pas que Bagle.

--> Réinstalle les logiciels qui ont été infectés (Antivirus...)

--> Télécharge UsbFix (de Chiquitine29) sur ton Bureau.

--> Lance l'installation avec les paramètres par défaut.

--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

--> Double-clique sur le raccourci UsbFix sur ton Bureau.

--> Choisis l'option 1 (Nettoyage).

--> Le PC va redémarrer.

--> Après redémarrage, poste le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

(Si le Bureau ne réapparaît pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)

shivafro · Answer

merci.

Rapport usb fix:
 

-------------- UsbFix V2.413.9 ---------------

* User : Flo - FLORIANE
* Outils mis a jours le 05/01/2009 par Chiquitine29 et Chimay8
* Recherche effectuée à  3:49:53 le 07/01/2009
* Windows Xp - Internet Explorer 7.0.5730.11 
  
  
--------------- [ Processus actifs ] ----------------   
  
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
  
--------------- [ Informations lecteurs ] ----------------   
  
C: - Lecteur fixe

E: - Lecteur amovible

 
+- Contenu de l'autorun : E:\autorun.inf  

[autorun]
shellexecute=wscript.exe MS32DLL.dll.vbs

--------------- [ Lecteur C ] ---------------- 

C: - Lecteur fixe


+- Listing des fichiers présents :

[05/08/2004 09:00][-rahs----] C:
tdetect.com   
[24/05/2001 12:59][--a------] C:\UNWISE.EXE   
[07/01/2009 02:40][-rahs----] C:\boot.ini   
[07/01/2009 02:59][--a------] C:\ComboFix.txt   
[07/01/2009 02:59][--a------] C:\FindyKill.txt   
[07/01/2009 02:59][--a------] C:\log_lobby.txt   
[07/01/2009 02:59][--a------] C:\log_lobby_dumper.txt   
[07/01/2009 02:59][--a------] C:\UsbFix.txt   
[][] C:\hiberfil.sys   
[][] C:\IO.SYS   
[][] C:\MSDOS.SYS   
[][] C:\pagefile.sys   

--------------- [ Lecteur E ] ---------------- 

E: - Lecteur amovible


+- Listing des fichiers présents :

[18/11/2008 13:49][-rahs----] E:\MS32DLL.dll.vbs   
[18/11/2008 13:49][-rahs----] E:\MS32DLL.dll.vbs   
[18/11/2008 13:49][-rahs----] E:\autorun.inf   
  
--------------- [ Registre / Startup ] ----------------   
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
  
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] 
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
  
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersionun]
   ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
   RoboForm="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionun]
   Apoint="C:\Program Files\Apoint2K\Apoint.exe"
   AGRSMMSG=AGRSMMSG.exe
   Logitech Utility=Logi_MwX.Exe
   D-Link AirPlus XtremeG="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe"
   HPHmon05=C:\WINDOWS\system32\hphmon05.exe
   HPHUPD05="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
   BluetoothAuthenticationAgent=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
   Autoconfigurateur WiFi SFR="C:\Program Files\SFR\Kit\WiFi\9wifi.exe"
   QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents\IMAIL=
   Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents\MAPI=
   NoChange=1
   Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents\MSFS=
   Installed=1
  
--------------- [ Registre / Mountpoint2 ] ----------------   
  
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{340acdb2-4ef6-11dd-b6e8-0015e98418a7}\Shell\AutoRun\command  
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c29aa511-c2d6-11dd-b749-000fb0416dbe}\Shell\AutoRun\command  
  
--------------- [ Nettoyage des disques ] ----------------   
   
Supprimé ! - [18/11/2008 13:49][-rahs----] E:\autorun.inf    
Supprimé ! - [18/11/2008 13:49][-rahs----] E:\MS32DLL.dll.vbs    
  
--------------- [ Resumé ] ----------------   
  
 -> /!\ Le resultat doit etre interprété par un spécialiste  /!\   
  
[05/08/2004 09:00][-rahs----] C:
tdetect.com   
[24/05/2001 12:59][--a------] C:\UNWISE.EXE   
[07/01/2009 02:40][-rahs----] C:\boot.ini   
   
--------------- [ Vaccination ] ----------------   
   
C:\autorun.inf -> Dossier autorun.inf crée par UsbFix !  
E:\autorun.inf -> Dossier autorun.inf crée par UsbFix !  
 
--------------- ! Fin du rapport ! ----------------

Destrio5 · Answer

Je vais dormir, bonne nuit ;)

---> Désinstalle UsbFix et FindyKill.

- Télécharge Navilog1 (de IL-MAFIOSO) et enregistre-le sur le Bureau.

- Double-clique sur Navilog1.exe afin de lancer l'installation.

- Si le fix ne se lance pas automatiquement après son installation, double-clique sur Navilog1 présent sur le Bureau.

- Appuie sur F ou f  puis valide par Entrée.

- Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options.

- Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix.

- Patiente jusqu'au message : *** Analyse terminée le ..... ***

- Le scan fini, le Bloc-notes contenant le rapport sera affiché, poste le contenu de ce rapport dans ta prochaine réponse.

- Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\fixnavi.txt

N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan.

shivafro · Answer

merci encore bonne nuit

shivafro · Answer

rapport navilog:
Search Navipromo version 3.7.1 commencé le 07/01/2009 à  4:35:02,06

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1

Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO

Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation 1996-2001. Tous droits r‚serv‚s.

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP Processor 3000+ )
BIOS : Ver 1.00PARTTBL
USER : Flo ( Administrator )
BOOT : Normal boot




C:\ (Local Disk) - NTFS - Total:37 Go (Free:11 Go)
D:\ (CD or DVD)


Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Flo\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\Flo\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\Flo\menudm~1\progra~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" *** 


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Flo\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 



*** Recherche fichiers *** 



*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\Flo\locals~1\applic~1" : 


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" : 


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :



*** Analyse terminée le 07/01/2009 à  4:42:41,04 ***

Destrio5 · Answer

---> Relance Navilog1, fais l'option 2 et poste le rapport.

shivafro · Answer

rapport navilog:

Clean Navipromo version 3.7.1 commencé le 07/01/2009 à 15:51:59,60

Outil exécuté depuis C:\Program Files
avilog1

Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO

Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation 1996-2001. Tous droits r‚serv‚s.

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP Processor 3000+ )
BIOS : Ver 1.00PARTTBL
USER : Flo ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1296 [VPS 090106-1] 4.8.1296 (Activated)


C:\ (Local Disk) - NTFS - Total:37 Go (Free:11 Go)
D:\ (CD or DVD)


Mode suppression automatique 
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur

 
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
 

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\Flo\locals~1\applic~1" * 


* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 


*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Flo\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\Flo\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\Flo\menudm~1\progra~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" *** 



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Flo\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


* Dans "C:\Documents and Settings\Flo\locals~1\applic~1" * 


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Recherche autres dossiers et fichiers connus ***



*** Nettoyage terminé le 07/01/2009 à 15:58:28,25 ***

Destrio5 · Answer

---> Désinstalle Navilog1.

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.

shivafro · Answer

rapports RSIT

Logfile of random's system information tool 1.05 (written by random/random)
Run by Flo at 2009-01-07 16:36:09
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 11 GB (30%) free of 38 GB
Total RAM: 255 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:36:44, on 07/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\SFR\Kit\WiFi\9wifi.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Flo\Bureau\RSIT.exe
C:\Program Files	rend micro\Flo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - (no file)
O3 - Toolbar: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] "C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPHUPD05] "c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Autoconfigurateur WiFi SFR] "C:\Program Files\SFR\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: offline-8876480 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Destrio5 · Answer

1/

---> Lance ce fichier : C:\Program Files	rend micro\Flo.exe 

---> Choisis Do a system scan only.

---> Coche les cases qui sont devant les lignes suivantes :

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC 

O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) 

O2 - BHO: (no name) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - (no file) 

O3 - Toolbar: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file) 

O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) 

---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

---> Ferme HijackThis.


2/

---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

shivafro · Answer

rapport:

Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1627
Windows 5.1.2600 Service Pack 3

07/01/2009 17:01:02
mbam-log-2009-01-07 (17-01-02).txt

Type de recherche: Examen rapide
Eléments examinés: 55321
Temps écoulé: 8 minute(s), 55 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-100005000004} (Rogue.Installer) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Destrio5 · Answer

1/

---> Relance MBAM, va dans Quarantaine et supprime tout.

---> Menu Démarrer > Exécuter > Tape combofix /u et valide.

---> Télécharge ToolsCleaner2 sur ton Bureau.
* Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser. 
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport. 
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


2/

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.

shivafro · Answer

voici les rapports:

[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]

-->- Recherche: 

C:\Combofix.txt: trouvé !
C:\fixnavi.txt: trouvé !
C:\cleannavi.txt: trouvé !
C:\FindyKill.txt: trouvé !
C:\UsbFix.txt: trouvé !
C:\Qoobox: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\Flo\Bureauapports infection\FindyKill.txt: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\UsbFix: trouvé !
C:\Program Files\FindyKill: trouvé !
C:\Program Files	rend micro\HijackThis.exe: trouvé !
C:\Program Files	rend micro\hijackthis.log: trouvé !
C:\TEMP\HijackThis: trouvé !
C:\TEMP\hijackthis\HijackThis.exe: trouvé !
C:\TEMP\hijackthis\hijackthis.log: trouvé !

---------------------------------
-->- Suppression: 

C:\Program Files	rend micro\HijackThis.exe: supprimé !
C:\TEMP\hijackthis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\fixnavi.txt: supprimé !
C:\cleannavi.txt: supprimé !
C:\FindyKill.txt: supprimé !
C:\UsbFix.txt: supprimé !
C:\Documents and Settings\Flo\Bureauapports infection\FindyKill.txt: supprimé !
C:\Program Files	rend micro\hijackthis.log: supprimé !
C:\TEMP\hijackthis\hijackthis.log: supprimé !
C:\Qoobox: supprimé !
C:\Rsit: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\UsbFix: supprimé !
C:\Program Files\FindyKill: supprimé !
C:\TEMP\HijackThis: supprimé !

Point de restauration crée !
Corbeille vidée!
Fichiers temporaires nettoyés !


Logfile of random's system information tool 1.05 (written by random/random)
Run by Flo at 2009-01-07 17:26:13
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 12 GB (31%) free of 38 GB
Total RAM: 255 MB (13% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:26:52, on 07/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\SFR\Kit\WiFi\9wifi.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Flo\Bureau\RSIT.exe
C:\Program Files	rend micro\Flo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] "C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPHUPD05] "c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Autoconfigurateur WiFi SFR] "C:\Program Files\SFR\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: offline-8876480 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Destrio5 · Answer

1/

---> Désinstalle HijackThis.

---> Mets à jour Adobe Reader :
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html

---> Télécharge ToolsCleaner2 sur ton Bureau.
* Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser. 
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport. 
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


2/

---> Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
* Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage. 
* Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).


3/

---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger :
http://www.infos-du-net.com/forum/272480-11-desactiver-activer-restauration-systeme

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
https://www.vulgarisation-informatique.com/creer-point-restauration.php


4/

Je te conseille de remplacer Avast par Antivir :
http://www.commentcamarche.net/telecharger/telecharger 55 antivir

Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

Comme navigateur, utilise plutôt Mozilla Firefox qu'Internet Explorer. Tu peux utiliser l'extension Noscript pour plus de sécurité.

Change tes mots de passe vu que tu étais infecté.

Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, Onglet Mises à jour automatiques).

Tu peux aussi modifier le fichier Hosts pour améliorer la sécurité de ton PC :
http://www.commentcamarche.net/faq/sujet 5993 modifier son fichier hosts
https://blog.sosordi.net/category/articles

Par rapport au P2P :
http://www.libellules.ch/...

Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) :
https://www.malekal.com/fichiers/projetantimalwares/prevention-protection.pdf

shivafro · Answer

rapport:
[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]

-->- Recherche: 

C:\Rsit: trouvé !
C:\Program Files	rend micro\HijackThis.exe: trouvé !
C:\Program Files	rend micro\hijackthis.log: trouvé !

---------------------------------
-->- Suppression: 

C:\Program Files	rend micro\HijackThis.exe: supprimé !
C:\Program Files	rend micro\hijackthis.log: supprimé !
C:\Rsit: supprimé !

Point de restauration crée !
Corbeille vidée!
Fichiers temporaires nettoyés !

Destrio5 · Answer

Tu peux supprimer ToolsCleaner.

shivafro · Answer

Merci beaucoup....    :):):)

Destrio5 · Answer

Tu peux refaire un scan en ligne pour vérifier, c'est plus prudent.

Virus bagle LI - Page 2

Discussions similaires

Newsletters