Sujet Précédent Sujet Suivant

Virus Bagle au secours !!!

Résolu
elazhar Messages postés 54 Statut Membre -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,

Je suis infecte par bagle, impossible de lanver mes antivirus et ma connexion internet coupe environs apres 5mn de connexion (je post depuis un portable en wifi).
Je ne peux pas faire de scan en ligne.
Je n'arrive a demarer en mode sans echec seulement en faisant la commande executer/msconfig/ et en conchant boot ini.
J'ai fai plusieur pasage de elibagla (j'envoi le rapport) et combofix en le renomant combo (j'envoi aussi le rapport) mais rien n'y fait.
Un scan avec bitdefender m'a je pense localise le virus :

BitDefender Log File !!!!!
Product : BitDefender Total Security 2008
Version : BitDefender UIScanner v.11
Log date : 09:54:32 14/01/2009
Log path : C:\Documents and Settings\All Users.WINDOWS\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1231923272_1_02.xml

Scan Paths:Path0000: C:\
Path0001: I:\
Path0002: Y:\
Path0003: Z:\

Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes

Target selection options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : Yes
Scan runtime packers : Yes
Scan emails : Yes
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :

Target ProcessingDefault action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None

Scan engines summaryNumber of virus signatures : 0
Archive plugins : 0
Email plugins : 0
Scan plugins : 0
Archive plugins : 0
System plugins : 0
Unpack plugins : 0

Overall scan summaryScanned items : 0
Infected items : 0
Suspicious items : 0
Resolved items : 57
Individual viruses found : 0
Scanned directories : 0
Scanned boot sectors : 0
Scanned archives : 0
Input-output errors : 0
Scan time : 00:03:19:45
Files per second : 0

Scanned processes summaryScanned : 0
Infected : 0

Scanned registry keys summaryScanned : 0
Infected : 0

Scanned cookies summaryScanned : 0
Infected : 0

Remaining issues:Object Name Threat Name Final Status
C:\Documents and Settings\El Azhar\Local Settings\Application Data\Identities\{58A20F8C-59E2-424A-8A70-5D7878D0BA46}\Microsoft\Outlook Express\Boîte de réception.dbx=](message 180): TOURNICOTI TOUNICOTA =][Subject: Fw: TOURNICOTI TOUNICOTA ][Date: Tue, 23 Sep 2003 17:11:46 +0200]=](MIME part)=]metro.exe Application.Joke.Slidescreen.A No action was possible
C:\WINDOWS\report\20040419.log Generic.Qhost.452A825F No action was possible
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0397930.sys Rootkit.Bagle.Gen No action was possible
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0398961.sys Rootkit.Bagle.Gen No action was possible
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0399047.sys Rootkit.Bagle.Gen No action was possible
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0399077.sys Rootkit.Bagle.Gen No action was possible
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0399107.sys Rootkit.Bagle.Gen No action was possible
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0399131.sys Rootkit.Bagle.Gen No action was possible
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0399472.sys Rootkit.Bagle.Gen No action was possible
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0400311.sys Rootkit.Bagle.Gen No action was possible

Resolved issues:Object Name Threat Name Final Status
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2182\A0401888.exe Backdoor.Generic.134197 Deleted
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.10 MemScan:Trojan.Downloader.Bagle.LI Deleted
C:\Muestras\143421.EXE.Muestra EliBagle v12.10 MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\Muestras\145125.EXE.Muestra EliBagle v12.10 MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\Muestras\14767484.EXE.Muestra EliBagle v12.10 MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\Muestras\148234.EXE.Muestra EliBagle v12.10 MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\Muestras\14877296.EXE.Muestra EliBagle v12.10 MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\Muestras\150265.EXE.Muestra EliBagle v12.10 MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\Muestras\169843.EXE.Muestra EliBagle v12.10 MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\Muestras\228812.EXE.Muestra EliBagle v12.10 MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\Muestras\230203.EXE.Muestra EliBagle v12.10 MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\Muestras\235015.EXE.Muestra EliBagle v12.10 MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\Muestras\242828.EXE.Muestra EliBagle v12.10 MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\Muestras\253828.EXE.Muestra EliBagle v12.10 MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\Muestras\29389703.EXE.Muestra EliBagle v12.10 MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\Muestras\29465828.EXE.Muestra EliBagle v12.10 MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\Muestras\320359.EXE.Muestra EliBagle v12.10 MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\Muestras\332796.EXE.Muestra EliBagle v12.10 MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\Muestras\350968.EXE.Muestra EliBagle v12.10 MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\Muestras\391265.EXE.Muestra EliBagle v12.10 MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\Muestras\394390.EXE.Muestra EliBagle v12.10 MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\Muestras\43940828.EXE.Muestra EliBagle v12.10 MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\Muestras\44016515.EXE.Muestra EliBagle v12.10 MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\Muestras\491109.EXE.Muestra EliBagle v12.10 MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\Muestras\58483562.EXE.Muestra EliBagle v12.10 MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\Muestras\73049875.EXE.Muestra EliBagle v12.10 MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\Muestras\73274703.EXE.Muestra EliBagle v12.10 MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\Muestras\87785093.EXE.Muestra EliBagle v12.10 MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\Muestras\87951140.EXE.Muestra EliBagle v12.10 MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0399815.exe MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0399816.exe MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0399825.exe MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0399839.exe MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0399846.exe MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0399853.exe MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0399866.exe MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0399940.exe MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0399944.exe MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0399949.exe MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0399951.exe MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0399957.exe MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0399988.exe MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0400008.exe MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0400025.exe MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0400037.exe MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0400045.exe MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0400061.exe MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0400062.exe MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0400070.exe MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0400087.exe MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0400105.exe MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0400116.exe MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0400145.exe MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0400156.exe MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0400180.exe MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\System Volume Information\_restore{24537CC8-33A2-48C8-B213-A2E8249FF9B4}\RP2177\A0400197.exe MemScan:Trojan.PWS.LdPinch.TSE Deleted
C:\WINDOWS\system32\drivers\etc\tuneup2006keygen.exe Trojan.Packed.27015 Deleted

Objects that were not scanned:Object Name Reason Final Status
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CometCursors.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CometCursors.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchToolband.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchToolband.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb1.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb1.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb10.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb10.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb11.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb11.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb12.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb12.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb13.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb13.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb14.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb14.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb15.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb15.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb2.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb2.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb3.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb3.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb4.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb4.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb5.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb5.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb6.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb6.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb7.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb7.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb8.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb8.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb9.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWeb9.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts10.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts10.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts11.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts11.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts12.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts12.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts13.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts13.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts14.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts14.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts15.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts15.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts16.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts16.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts17.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts17.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts18.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts18.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts19.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts19.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip=]m3ffxtbr.manifest Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts20.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts20.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts21.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts21.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts22.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts22.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts23.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts23.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts24.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts24.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts25.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts25.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts26.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts26.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts27.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts27.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts28.zip=]ScreenSaver/Images/011C5713.urr Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts28.zip=]Shared/Cache/CursorManiaBtn.html Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts28.zip=]Shared/Cache/SmileyCentralBtn.html Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts28.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts29.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts29.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts3.zip=]m3ffxtbr.jar Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts3.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts30.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts30.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts31.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts31.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts32.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts32.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts33.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts33.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts34.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts34.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts35.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts35.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts36.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts36.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts37.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts37.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts38.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts38.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts39.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts39.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts40.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts40.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts41.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts41.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts42.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts42.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts43.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts43.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts44.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts44.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts45.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts45.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts46.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts46.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts47.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts47.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts48.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts48.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts49.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts49.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts5.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts5.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts50.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts50.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts51.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts51.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts52.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts52.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts53.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts53.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts54.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts54.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts55.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts55.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts56.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts56.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts57.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts57.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts58.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts58.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts6.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts6.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts7.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts7.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts8.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts8.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts9.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts9.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MagicAntiSpy.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MagicAntiSpy.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip=]MWSOESTB.DLL Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch10.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch10.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch11.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch11.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch12.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch12.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch13.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch13.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch14.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch14.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch15.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch15.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch16.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch16.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch17.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch17.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch18.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch18.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch19.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch19.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch20.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch20.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/F3BKGERR.JPG Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/F3BROVLY.DLL Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/F3CJPEG.DLL Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/F3DTACTL.DLL Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/F3HISTSW.DLL Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/F3HTMLMU.DLL Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/F3HTTPCT.DLL Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/F3IMSTUB.DLL Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/F3POPSWT.DLL Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/F3PSSAVR.SCR Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/F3REPROX.DLL Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/F3RESTUB.DLL Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/F3SCHMON.EXE Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/F3SCRCTR.DLL Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/F3SHLLVW.DLL Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/F3SPACER.WMV Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/F3WALLPP.DAT Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/F3WPHOOK.DLL Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/M3FFXTBR.JAR Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/M3FFXTBR.MANIFEST Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/M3HTML.DLL Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/M3IDLE.DLL Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/M3IMPIPE.EXE Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/M3MSG.DLL Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/M3NTSTBR.JAR Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/M3NTSTBR.MANIFEST Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/M3OUTLCN.DLL Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/M3PLUGIN.DLL Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/M3SKIN.DLL Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/M3SKPLAY.EXE Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/M3SLSRCH.EXE Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/MWSOEMON.EXE Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/MWSOEPLG.DLL Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/1.bin/NPMYWEBS.DLL Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/Avatar/COMMON.F3S Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/Cache/011C3EE8 Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/Cache/011C434D Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/Cache/011C486D.bin Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/Cache/011C4A52.bin Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/Cache/011C4BD8.bin Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/Cache/011C4DFB.bin Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/Cache/files.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/Game/CHECKERS.F3S Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/Game/CHESS.F3S Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/Game/REVERSI.F3S Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/History/search2 Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/icons/CM.ICO Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/icons/MFC.ICO Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/icons/PSS.ICO Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/icons/SMILEY.ICO Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/icons/WB.ICO Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/icons/ZWINKY.ICO Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/Message/COMMON.F3S Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/Notifier/COMMON.F3S Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/Notifier/DOG.F3S Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/Notifier/FISH.F3S Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/Notifier/KUNGFU.F3S Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/Notifier/LIFEGARD.F3S Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/Notifier/MAID.F3S Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/Notifier/MAILBOX.F3S Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/Notifier/OPERA.F3S Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/Notifier/ROBOT.F3S Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/Notifier/SEDUCT.F3S Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/Notifier/SURFER.F3S Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/Settings/prevcfg2.htm Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/Settings/setting2.htm Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/Settings/settings.dat Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]bar/Settings/s_pid.dat Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch22.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch22.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch23.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch23.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch24.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch24.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch25.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch25.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch26.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch26.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch27.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch27.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch28.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch28.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch29.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch29.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch30.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch30.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch31.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch31.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch32.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch32.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch33.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch33.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch35.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch35.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch36.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch36.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch37.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch37.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch38.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch38.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch39.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch39.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch40.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch40.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch41.zip=]sbRecovery.reg Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch41.zip=]sbRecovery.ini Password-Protected No action was possible
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch42.zip=]sbRec
A voir également:

77 réponses

Précédent
Réponse 41 / 77
elazhar Messages postés 54 Statut Membre
 
Salut

Est ce que quelqu'un pourrai reprendre le relai. Le virus est toujours present. Je galere
Merci
0
Réponse 42 / 77
elazhar Messages postés 54 Statut Membre
 
Toujours pas resolur ...
Au secours !
0
Réponse 43 / 77
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
"Il m'empeche de lancer mes antivirus"

---> Tu as un message d'erreur ?
0
Réponse 44 / 77
elazhar Messages postés 54 Statut Membre
 
Oui, il me dit que le programme que je lance (antivirus), n'est pas une application W32 valide.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 77
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Réinstalle les applications qui ont été infectées (Antivirus...).
0
Réponse 46 / 77
elazhar Messages postés 54 Statut Membre
 
Je pense que tu n'as pas regarder l'historique. J'ai ete infecter par le virus bagle. J'ai installe et re-installer plusieur fois mais tant que le virus est la c'est pareil
0
Réponse 47 / 77
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
"Je pense que tu n'as pas regarder l'historique."
---> Si si, j'ai regardé vite fait.

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
--> Il va te demander d'installer la console de récupération : accepte.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
0
Réponse 48 / 77
elazhar Messages postés 54 Statut Membre
 
ok, c'est en cours...
0
Réponse 49 / 77
elazhar Messages postés 54 Statut Membre
 
C'est fait, voici le rapport :

ComboFix 09-01-21.04 - Propriétaire 2009-01-25 21:16:09.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1627 [GMT 1:00]
Lancé depuis: c:\documents and settings\Propriétaire\Bureau\Combo.exe
FW: ZoneAlarm Firewall *enabled*
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-25 au 2009-01-25 ))))))))))))))))))))))))))))))))))))
.

2009-01-25 13:55 . 2009-01-25 13:55 <REP> d-------- c:\program files\Motive
2009-01-25 13:41 . 2009-01-25 13:41 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\BitDefender
2009-01-20 23:08 . 2009-01-20 23:08 <REP> d-------- C:\Nikon
2009-01-19 20:45 . 2009-01-19 20:45 0 --a------ c:\windows\ViewNX.INI
2009-01-19 20:16 . 2009-01-19 20:33 20 ---h----- c:\documents and settings\All Users.WINDOWS\Application Data\PKP_DLdw.DAT
2009-01-19 20:15 . 2009-01-19 20:15 <REP> d-------- c:\program files\Fichiers communs\muvee Technologies
2009-01-19 20:15 . 2009-01-19 20:15 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Nikon
2009-01-19 20:14 . 2009-01-19 22:02 20 ---h----- c:\documents and settings\All Users.WINDOWS\Application Data\PKP_DLdu.DAT
2009-01-16 00:24 . 2009-01-16 00:45 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-15 23:51 . 2009-01-15 23:51 <REP> d-------- C:\rsit
2009-01-15 22:19 . 2009-01-15 22:19 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-15 22:19 . 2009-01-15 22:19 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\Malwarebytes
2009-01-15 22:19 . 2009-01-15 22:19 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-01-15 22:19 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-15 22:19 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-15 21:36 . 2009-01-15 21:36 <REP> d-------- c:\documents and settings\PropriÚtaire
2009-01-15 20:22 . 2009-01-15 20:22 <REP> d-------- c:\windows\system32\Kaspersky Lab
2009-01-14 01:01 . 2009-01-14 01:01 86,792 --a------ c:\windows\system32\drivers\bdfndisf.sys.avxpnd
2009-01-13 22:45 . 2009-01-13 22:45 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2009-01-13 19:32 . 2009-01-13 19:32 <REP> d-------- c:\documents and settings\NetworkService.AUTORITE NT\Bureau
2009-01-13 18:16 . 2009-01-13 18:16 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\F-Secure
2009-01-13 18:08 . 2009-01-14 00:32 <REP> d-------- c:\program files\F-Secure Internet Security
2009-01-13 18:02 . 2009-01-13 18:20 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\fssg
2009-01-13 18:01 . 2009-01-14 00:27 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\f-secure
2009-01-12 01:13 . 2009-01-12 01:13 <REP> d--h-c--- c:\documents and settings\All Users.WINDOWS\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-01-12 00:27 . 2009-01-12 00:27 <REP> d-------- c:\documents and settings\LocalService.AUTORITE NT\Bureau
2009-01-12 00:21 . 2009-01-15 20:29 <REP> d-------- c:\documents and settings\Propriétaire\.housecall6.6
2009-01-12 00:21 . 2009-01-15 20:29 <REP> d-------- c:\documents and settings\Propriétaire\.housecall6.6
2009-01-11 23:57 . 2007-01-18 13:00 3,968 --a------ c:\windows\system32\drivers\AvgArCln.sys
2009-01-08 21:54 . 2009-01-08 21:54 20 --a------ c:\documents and settings\All Users.WINDOWS\Application Data\PKP_DLck.DAT
2009-01-08 20:20 . 2009-01-11 14:47 109,248 --a------ c:\windows\system\MSWINSCK.OCX
2009-01-08 20:10 . 2009-01-11 13:21 <REP> d-------- c:\program files\eToro
2009-01-08 01:21 . 2009-01-19 20:17 <REP> d-------- c:\program files\Nikon
2009-01-08 01:21 . 2009-01-19 20:21 <REP> d-------- c:\program files\Fichiers communs\Nikon
2009-01-08 01:21 . 2009-01-19 20:33 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\Nikon
2009-01-08 01:20 . 2009-01-19 20:16 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Ultima_T15
2009-01-08 01:20 . 2009-01-19 20:16 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\EnterNHelp
2009-01-08 01:20 . 2009-01-22 15:46 20 ---h----- c:\documents and settings\All Users.WINDOWS\Application Data\PKP_DLbx.DAT
2009-01-01 03:23 . 2009-01-01 03:23 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\TomTom
2009-01-01 03:21 . 2009-01-01 03:21 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\TomTom
2009-01-01 03:19 . 2009-01-01 03:20 <REP> d-------- c:\program files\TomTom HOME 2
2008-12-27 21:15 . 2008-12-27 21:15 <REP> d-------- c:\program files\NCH Swift Sound
2008-12-27 21:15 . 2008-12-27 21:15 <REP> d-------- c:\program files\NCH Software
2008-12-27 21:15 . 2008-12-27 21:17 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\NCH Swift Sound
2008-12-27 21:15 . 2008-12-27 21:15 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\NCH Swift Sound
2008-12-25 13:26 . 2008-12-25 13:28 <REP> d-------- c:\program files\Zg cd extractor

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-25 20:09 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2009-01-25 13:00 --------- d-----w c:\program files\Club-Internet
2009-01-25 12:43 --------- d-----w c:\program files\BitDefender
2009-01-25 12:37 --------- d-----w c:\program files\Google
2009-01-25 12:37 --------- d-----w c:\program files\CCleaner
2009-01-23 18:38 --------- d-----w c:\program files\lx_cats
2009-01-19 19:14 106,496 ----a-w c:\windows\system32\ATL71.DLL
2009-01-16 19:53 --------- d-----w c:\program files\KONAMI
2009-01-16 00:27 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-01-16 00:14 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Motive
2009-01-15 23:46 --------- d-----w c:\program files\Java
2009-01-15 23:02 --------- d-----w c:\program files\Hijackthis Version Française
2009-01-15 22:50 --------- d-----w c:\program files\Trend Micro
2009-01-15 20:05 --------- d-----w c:\program files\DkZ Studio
2009-01-14 01:02 --------- d-----w c:\program files\Amigo DVD Ripper
2009-01-13 23:42 --------- d-----w c:\program files\Fichiers communs\BitDefender
2009-01-13 23:40 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-13 23:37 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-01-12 00:13 --------- d-----w c:\program files\Uniblue
2009-01-11 14:11 --------- d-----w c:\program files\Microsoft ActiveSync
2009-01-11 12:33 --------- d-----w c:\program files\a-squared Anti-Malware
2009-01-10 23:50 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Uniblue
2009-01-08 22:41 510,776 ----a-w c:\windows\system32\drivers\fidbox.idx
2009-01-08 22:41 43,227,168 ----a-w c:\windows\system32\drivers\fidbox.dat
2009-01-08 12:00 --------- d-----w c:\program files\eMule
2009-01-01 13:56 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-01 02:16 --------- d-----w c:\program files\TomTom HOME
2008-12-25 11:56 --------- d-----w c:\program files\Web Hottest Videos Personal Player
2008-12-24 20:37 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2008-12-21 23:58 --------- d-----w c:\documents and settings\Propriétaire\Application Data\XnView
2008-12-21 21:11 1,957,888 ----a-w c:\windows\Internet Logs\xDB6.tmp
2008-12-18 22:03 --------- d-----w c:\program files\Messenger Plus! Live
2008-12-17 20:04 --------- d-----w c:\program files\Windows Live
2008-12-17 20:04 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-17 20:00 --------- d-----w c:\program files\Microsoft
2008-12-17 19:59 --------- d-----w c:\program files\Windows Live SkyDrive
2008-12-11 21:04 --------- d-----w c:\program files\mp3split
2008-12-11 21:03 --------- d-----w c:\program files\Easy Audio Cutter
2008-12-11 20:58 --------- d-----w c:\program files\K-Lite Codec Pack
2008-12-11 20:57 --------- d-----w c:\program files\AviSynth 2.5
2008-12-11 20:57 --------- d-----w c:\program files\ALO SOFT
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-04 12:10 --------- d-----w c:\documents and settings\Propriétaire\Application Data\WIPE
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-12-02 16:22 11,579,734 ----a-w c:\windows\Internet Logs\tvDebug.zip
2007-07-13 00:30 155 ----a-w c:\program files\lazhar.txt
2007-07-13 00:18 7 ----a-w c:\program files\nomutil.txt
2007-03-12 22:57 21,822,168 -c--a-w c:\program files\AdbeRdr80_en_US.exe
2007-02-09 16:43 386,630 -c--a-w c:\program files\wunauclt.tbe
2007-02-09 16:43 386,630 ----a-w c:\program files\wunauclt.zip
2007-01-14 18:58 52,432 -c--a-w c:\documents and settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2007-01-07 19:00 349 ----a-w c:\program files\secure32.html
2006-08-27 13:19 56,239 -c--a-w c:\program files\svchosts.tbe
2005-09-09 17:55 7,155,864 ----a-w c:\program files\NGhost10.msi
2005-09-09 17:55 4,588,454 -c--a-w c:\program files\setup.exe
2005-09-09 17:55 37,766,164 ----a-w c:\program files\Data1.cab
2005-09-09 17:55 35 -c--a-w c:\program files\SCSSDist.ini
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 65536]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-16 136600]
"Motive SmartBridge"="c:\progra~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-16 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
Club Internet.lnk - c:\program files\Club-Internet\Lanceur\lanceur.exe [2007-12-26 5484544]

c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
LE COMPAGNON CLUB.lnk - c:\program files\Club-Internet\Le Compagnon Club\bin\matcli.exe [2009-01-25 217088]
Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2008-06-05 479232]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0/u]
Source= c:\documents and settings\Propriétaire\Bureau\photoyacine\DSC00053.JPG
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source= c:\documents and settings\Propriétaire\Bureau\photoyacine\DSC00030.JPG
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4]
Source= c:\documents and settings\Propriétaire\Mes documents\Mes images\x1pxOYwqu4SjF6yyW8jl-IjEzi2CNv0M43k5mdU9lKuLRdHkIWwhryqL08V0wtGuXoMfXpgtLo9Uo-8DFNxflY88gs63DIaKmDmS47D0FyZdnWwuQClhJ68aQ_gGrEccdttdJEP2wBnRyWXBk0Pm8R.jpg
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\5]
Source= c:\documents and settings\Propriétaire\Bureau\100MSDCF\DSC00066.JPG
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\6]
Source= c:\documents and settings\Propriétaire\Mes documents\Mes images\[u]0/u75.jpg
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\7]
Source= c:\documents and settings\Propriétaire\Mes documents\Mes images\x1pxOYwqu4SjF6yyW8jl-IjEzi2CNv0M43k5mdU9lKuLRfj1AWBSYIT_9qJIb3q2xSylERjr0rixWZmmyM7k8rs7542umfLd0FtxTiG_wfzP8KaxJ5qmk4Rxr9bTDFqFxGzzcEGw4Hm7M9nzaKX2Pc.jpg
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\8]
Source= c:\documents and settings\Propriétaire\Mes documents\Mes images\x1pxOYwqu4SjF6yyW8jl-IjEzi2CNv0M43k5mdU9lKuLRd1iee4tvpR7GD7j6a7SbLS4THRbKIORKsoO2zepHLTti6opRRe6uK2F5egTgA8EopL0O84mTJsiNXzizt-fLqzy1ZSloV48Oc3hA5EJaR.jpg
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\9]
Source= c:\documents and settings\Propriétaire\Mes documents\Mes images\x1pxOYwqu4SjF6yyW8jl-IjEzi2CNv0M43k5mdU9lKuLReaxMscOQe1-bYF3O2fVkC5b20yR_zfFfJlB0UMkcVA7EHquHIFeXKGTgaYWxVA9j8PU6ZA2ZfA3-J4Nh7WrEwuyaA1zm1N4aui_vXuC4a.jpg
FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uSsiEfr.e\[u]0/ulsdelete

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^desktop.ini]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\desktop.ini
backup=c:\windows\pss\desktop.iniCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^DVD@ccess.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\DVD@ccess.lnk
backup=c:\windows\pss\DVD@ccess.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Google Updater.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^GStartup.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\GStartup.lnk
backup=c:\windows\pss\GStartup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^LE COMPAGNON CLUB.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\LE COMPAGNON CLUB.lnk
backup=c:\windows\pss\LE COMPAGNON CLUB.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Salat Time.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Salat Time.lnk
backup=c:\windows\pss\Salat Time.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^Club Internet.lnk]
path=c:\documents and settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\Club Internet.lnk
backup=c:\windows\pss\Club Internet.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^desktop.ini]
path=c:\documents and settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\desktop.ini
backup=c:\windows\pss\desktop.iniStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
path=c:\documents and settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
backup=c:\windows\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]
path=c:\documents and settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
backup=c:\windows\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^Y'z Shadow.lnk]
path=c:\documents and settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
backup=c:\windows\pss\Y'z Shadow.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^Y'z Toolbar.lnk]
path=c:\documents and settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\Y'z Toolbar.lnk
backup=c:\windows\pss\Y'z Toolbar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I downloaded pirated Software from P2P]
Virtua Tennis 3 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I downloaded pirated Software from P2P ]
Need for Speed Carbon [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
--a------ 2009-01-11 14:36 2782352 c:\program files\a-squared Anti-Malware\a2guard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
--a------ 2008-02-16 17:45 360448 c:\program files\BitDefender\BitDefender 2008\bdagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
--a------ 2007-10-09 15:46 61440 c:\program files\BitDefender\BitDefender 2008\IEShow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
--a------ 2003-01-27 17:16 376912 c:\program files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanalPlayer]
--a------ 2007-07-16 16:15 2016928 c:\program files\Lecteur CANALPLAY\CanalPlayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
--a------ 2008-12-19 19:28 1434864 c:\program files\CCleaner\ccleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a------ 2007-08-16 12:00 531272 c:\program files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 18:34 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
--a------ 2006-02-07 01:10 98304 c:\program files\Lexmark 2400 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
--a--c--- 2006-01-02 02:48 1591808 c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 3100 Series]
--a------ 2003-09-03 21:39 106496 c:\program files\Lexmark 3100 Series\lxbrbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-28 13:30 221184 c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcrmon.exe]
--a------ 2006-03-06 13:48 286720 c:\program files\Lexmark 2400 Series\lxcrmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2006-04-21 15:41 438359 c:\progra~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 18:34 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
--a------ 2009-01-11 12:58 1122304 c:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-16 13:01 13529088 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 13:01 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2008-02-12 19:10 21898024 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-01 18:45 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-11-16 23:28 185896 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-12-09 11:12 234856 c:\program files\TomTom HOME 2\HOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2009-01-11 14:36 919016 c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HI-SPEED USB DEVICE Coinstaller]
--a------ 2003-06-19 08:51 86016 c:\windows\system32\PL15Co2K.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2007-01-23 14:44 101136 c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2007-01-23 14:44 101136 c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-16 13:01 1630208 c:\windows\system32\nwiz.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"=c:\program files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"AAWTray"=c:\program files\Lavasoft\Ad-Aware 2007\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-08-02 138780]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [2006-02-25 149376]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-08-02 46779]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-01-25 85520]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2007-10-21 33792]
R4 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S1 hidfltr;HID Filter Driver;c:\windows\system32\drivers\MWhid.sys [2004-07-22 13300]
S3 DIGIRPS;Pilote PortServer Digi;c:\windows\system32\drivers\digirlpt.sys [2006-02-25 42656]
S3 Fadpu16E;Fadpu16E;\??\c:\docume~1\PROPRI~2\LOCALS~1\Temp\Fadpu16E.sys --> c:\docume~1\PROPRI~2\LOCALS~1\Temp\Fadpu16E.sys [?]
S3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.sys [2007-08-16 31899]
S3 Service CANALPLAY;Service CANALPLAY;c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [2007-10-19 419488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e852422-8661-11dc-a938-000c76358aaf}]
\Shell\AutoRun\command - H:\InstallTomTomHOME.exe
.
Contenu du dossier 'Tâches planifiées'

2009-01-02 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 18:18]

2009-01-19 c:\windows\Tasks\Nettoyage de disque.job
- c:\windows\system32\cleanmgr.exe [2008-04-13 18:33]

2009-01-25 c:\windows\Tasks\User_Feed_Synchronization-{94A22F57-DB80-4B51-A07D-BEE3BFFCDB7B}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 12:58]
.
- - - - ORPHELINS SUPPRIMES - - - -

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_01\bin\jusched.exe

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.club-internet.fr
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.01net.com/telecharger/
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 3.73\AMVConverter\grab.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with &FileFactory Turbo - c:\program files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 3.73\MediaManager\grab.html
Trusted Zone: canalplay.com
Trusted Zone: canalplusactive.com
Trusted Zone: canalplay.com
Trusted Zone: canalplusactive.com
DPF: ConferenceRoom Java Client - hxxp://irc2.bluewin.ch/java/cr.cab
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: teleir_cert - hxxps://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - hxxp://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} - file://c:\program files\Formation interactive Microsoft\o10c\mitm0026.cab
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_12.cab
FF - ProfilePath - c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\tp130llb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.club-internet.fr/hautdebit/
FF - plugin: c:\program files\Fichiers communs\fluxDVD\APIX\NPAPIX.dll
FF - plugin: c:\program files\Fichiers communs\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Fichiers communs\mpDRM\NPMPDRM.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAPIX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMPDRM.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-25 21:17:58
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

c:\windows\explorer.exe [2648] 0x89F43630

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-606747145-1972579041-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d6,40,dd,b4,97,79,de,75,14,a7,6b,70,d5,dc,3c,5b,9e,8d,90,7d,bb,06,18,
c6,1b,0f,0c,b4,dc,f7,cf,0d,b4,ef,f0,84,4b,05,3b,5f,ae,49,f3,04,c8,0d,1f,70,\
"??"=hex:ef,92,1b,d5,92,cc,3b,48,03,5d,22,0a,98,4c,84,90

[HKEY_USERS\S-1-5-21-606747145-1972579041-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:5e,76,07,80,14,a8,aa,54,44,18,bb,fe,c1,bf,ab,d4,35,7c,c3,9b,93,
ea,37,71,32,fc,c3,4a,c7,fe,d0,ab,12,90,26,2f,32,b2,96,b0,04,f6,85,7b,e0,65,\
"rkeysecu"=hex:6c,f7,1e,c2,3e,80,cb,27,0a,6c,5b,bd,b9,4d,28,43

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,2d,01,ac,06,17,
f8,a9,71,c8,28,51,af,b0,29,a3,98,40,6b,68,d2,c7,db,8e,92,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,34,90,e0,85,08,
7a,1e,8c,71,3b,04,66,8b,46,0d,96,db,fc,d5,49,44,b4,81,39,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,35,4f,1c,e4,f1,
26,41,1e,25,da,ec,7e,55,20,c9,26,1c,2d,6c,b3,5d,a9,63,af,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,48,6f,be,26,6d,
ca,e3,b0,3e,1e,9e,e0,57,5a,93,61,e5,86,5c,bb,01,ca,9f,1a,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,6e,97,94,4a,ec,
d4,9e,64,cd,44,cd,b9,a6,33,6c,cd,61,84,cc,31,a1,d2,f2,ad,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,b4,4c,1a,e7,20,
df,23,11,b0,18,ed,a7,3f,8d,37,a4,66,8a,da,5c,58,9f,9a,51,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,77,f2,05,49,c8,
6c,9a,54,31,77,e1,ba,b1,f8,68,02,b9,65,c6,8c,1b,c9,cb,c3,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,53,12,6d,4b,ac,
fd,43,74,83,6c,56,8b,a0,85,96,ab,c4,18,15,5a,97,32,49,45,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,67,27,1d,97,f2,
0a,f0,1b,51,fa,6e,91,28,9e,14,cc,2e,36,3d,a9,04,27,0f,8d,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,1a,49,ca,8e,de,
a2,ee,6d,b1,cd,45,5a,a8,c4,f8,b9,bf,6e,82,7d,34,38,77,f7,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,32,04,41,33,75,
30,15,2b,e3,0e,66,d5,eb,bc,2f,6b,a3,74,6b,fb,57,aa,d0,9a,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,97,71,d7,c2,73,
74,96,51,fa,ea,66,7f,d4,3b,6b,70,ce,53,28,79,28,d1,09,43,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1164)
c:\windows\system32\WRLogonNTF.dll
.
Heure de fin: 2009-01-25 21:20:03
ComboFix-quarantined-files.txt 2009-01-25 20:20:01

Avant-CF: 26 278 678 528 octets libres
Après-CF: 26,321,264,640 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn /TUTag=JQ8NFV

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
492 --- E O F --- 2009-01-16 00:27:43
0
Réponse 50 / 77
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Apparemment, Bagle est mort donc si tu réinstalles ton antivirus, tu ne devrais plus avoir de message d'erreur win32.
0
Réponse 51 / 77
elazhar Messages postés 54 Statut Membre
 
ok, j'essai
0
Réponse 52 / 77
elazhar Messages postés 54 Statut Membre
 
Lorsque j'essai de lancer l'exe zonealarm, j'ai le message suivant (une fenetre windows) :

Le programme d'installation ne peut fermer TrueVector. Fermer le service TrueVector pour poursuivre l'installation. Utilisez le gestionnaire de service pour fermer le service Truevector, puis redemarrez le programme d'installation.
J'ai ouver le gestionnaire des tache mais je ne trouve pas de service TrueVector.
De quoi sagit t'il ?
0
Réponse 53 / 77
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Essaie ceci :
http://download.zonealarm.com/bin/free/support/cpes_clean.exe
0
Réponse 54 / 77
elazhar Messages postés 54 Statut Membre
 
Ok, nickel.
J'ai re-installer ZA. Par contre ma connexion ne se lance pas. Le navigateur se conecte bizarement au site : 194.158.121.15 au lieu d'aller sur ma page d'acceuil.
Et internet ne marche pas du tout.
0
Réponse 55 / 77
elazhar Messages postés 54 Statut Membre
 
Je precise que mon modem fonctionne, je suis connecte aussi en wifi sans probleme sur mon autre pc portable. (celui qui etait infecte est un fixe)
0
Réponse 56 / 77
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
--> Télécharge WinsockXPFix sur ton Bureau.

--> Double-clique sur WinsockXPFix.exe.
--> Tout d'abord, clique sur le boutton ReG-Backup. Cela sauvegardera ton registre par précaution.
--> Clique sur OK, et encore une fois. Tu verras une fenêtre de sauvegarde de ton registre, tu cliqueras une nouvelle fois sur OK.

--> Retourne à la fenêtre principale.
--> Clique sur Fix.
--> Clique sur Yes.
--> Il se lancera pendant une minute ou deux et un bip se fera entendre et tu verras cette fenêtre.
--> Finalement, clique sur OK et laisse ton PC redémarrer.
0
Réponse 57 / 77
elazhar Messages postés 54 Statut Membre
 
Ok fait.
J'ai remarquer en fait que internet ne fonctionne pas lorsque ZA est activer. ZA me demande d'autoriser ou de refuser l'acces a generic host proccess W32. Je ne sais pas quoi repondre.
0
Réponse 58 / 77
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Si tu n'autorises pas generic host proccess W32, tu ne risques pas d'avoir Internet ^^
0
Réponse 59 / 77
elazhar Messages postés 54 Statut Membre
 
Apparement que j'autorisais ou pas, je navais pas acces a internet avec ZA d'activer.
J'ai re-desinstaller ZA (avec le log) et re-installer une version a jour. Tout a l'air d'etre rentrer dans l'ordre.
Je reste encore connecter pour voir si tout se passe bien.
Merci en tout cas. Si tout est ok, je validerai le resolu
a bientot merci beaucoup.
0
Réponse 60 / 77
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:files
c:\program files\Web Hottest Videos Personal Player

:commands
[purity]
[emptytemp]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses