probleme logiciel de securiteRésolu/Fermé

Question

Bonjour,
a nouveau de retour pour quelques soucis, je ne peux plus lancer antivir, ni le désinstaller, je ne peux pas redemarrer non plus en mode sans echec, lorsque je lance ccleaner, j'arrive à nettoyer et il se ferme tout seul
en regardant dans le forum j'ai fait quelques manipulations mais rien n'y fait
la  je vais lancer jacfind et puis je vous posterai le rapport
merci de votre aide

crapoulou · Accepted Answer

Très bien.

Nettoyage avec Findykill :

! Déconnecte toi et ferme toutes application en cours (Navigateur Internet compris) !

* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)
* Relance "FindyKill".
* Au menu principal choisis l’option "F" pour français et tape sur [Entrée].
* Au second menu choisis l’option "2" (Suppression) et tape sur [Entrée].
* Le PC va redémarrer automatiquement.
=> Le programme va travailler, ne touche à rien. Ton bureau ne sera pas accessible, c’est normal !

* Poste le rapport qui apparaît à la fin (le rapport est sauvegardé aussi sous C:\FindyKill.txt)

/!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide /!\

Aide en images (Suppression) :
ICI

mimie17 · Answer

Voilà le rapport 

############################## | FindyKill V5.022 |

# User : MYRIAM (Administrateurs) # PCMIMI
# Update on 24/12/2009 by Chiquitine29
# Start at: 10:12:11 | 16/01/2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

# AMD Athlon(tm) 64 X2 Dual Core Processor 4400+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Enabled
# AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

# C:\ # Disque fixe local # 48,83 Go (32,3 Go free) [SYSTEM] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 184,06 Go (148,2 Go free) [DATA] # NTFS

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\MYRIAM\Application Data\drivers\winupgro.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winsudate\gibsvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\MYRIAM\Application Data\m\flec006.exe
C:\WINDOWS\wintems.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
 
############################## | Processus infectieux stoppés  | 

"C:\Documents and Settings\MYRIAM\Application Data\drivers\winupgro.exe"  (1784)
"C:\Documents and Settings\MYRIAM\Application Data\m\flec006.exe"  (3552)
"C:\WINDOWS\wintems.exe"  (3608)

################## | C: |


################## | C:\WINDOWS |

Présent ! C:\WINDOWS\ban_list.txt  
Présent ! C:\WINDOWS\mdelk.exe  
Présent ! C:\WINDOWS\wintems.exe  
Présent ! C:\WINDOWS\Prefetch\140828.EXE-0FD68AA5.pf  
Présent ! C:\WINDOWS\Prefetch\158296.EXE-102DE535.pf  
Présent ! C:\WINDOWS\Prefetch\164906.EXE-21F4A761.pf  
Présent ! C:\WINDOWS\Prefetch\168078.EXE-11F0EED4.pf  
Présent ! C:\WINDOWS\Prefetch\64421.EXE-2B62F1BE.pf  
Présent ! C:\WINDOWS\Prefetch\67671.EXE-2635F061.pf  
Présent ! C:\WINDOWS\Prefetch\81046.EXE-2431BD38.pf  
Présent ! C:\WINDOWS\Prefetch\85203.EXE-28D955AF.pf  
Présent ! C:\WINDOWS\Prefetch\FLEC006.EXE-07147BC0.pf  
Présent ! C:\WINDOWS\Prefetch\MDELK.EXE-087EF2B4.pf  
Présent ! C:\WINDOWS\Prefetch\WINTEMS.EXE-127B61D4.pf  

################## | C:\WINDOWS\system32 |

Présent ! C:\WINDOWS\system32\srosa2.sys  
Présent ! C:\WINDOWS\system32\wfsintwq.sys  

################## | C:\WINDOWS\system32\drivers |


################## | C:\Documents and Settings\MYRIAM\Application Data |

Présent ! C:\Documents and Settings\MYRIAM\Application Data\drivers  
Présent ! C:\Documents and Settings\MYRIAM\Application Data\drivers\downld  
Présent ! C:\Documents and Settings\MYRIAM\Application Data\drivers\winupgro.exe  
Présent ! C:\Documents and Settings\MYRIAM\Application Data\m  
Présent ! C:\Documents and Settings\MYRIAM\Application Data\m\data.oct  
Présent ! C:\Documents and Settings\MYRIAM\Application Data\m\flec006.exe  
Présent ! C:\Documents and Settings\MYRIAM\Application Data\m\list.oct  
Présent ! C:\Documents and Settings\MYRIAM\Application Data\m\srvlist.oct  
Présent ! C:\Documents and Settings\MYRIAM\Application Data\m\shared  
################## | Temporary Internet Files |

Présent ! C:\Documents and Settings\MYRIAM\Local Settings\Temporary Internet Files\Content.IE5\OP23GHUV\servernames[1].htm  

################## | Registre / Clés infectieuses |

Présent ! [HKLM\SYSTEM\ControlSet004\Services\sK9Ou0s]  
Présent ! [HKLM\SYSTEM\CurrentControlSet\Services\srosa]  
Présent ! [HKLM\SYSTEM\ControlSet001\Services\srosa]  
Présent ! [HKLM\SYSTEM\ControlSet003\Services\srosa]  
Présent ! [HKLM\SYSTEM\ControlSet004\Services\srosa]  
Présent ! [HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S]  
Présent ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]  
Présent ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]  
Présent ! [HKCU\Software\bisoft]  
Présent ! [HKCU\Software\DateTime4]  
Présent ! [HKCU\Software\MuleAppData]  
Présent ! [HKCU\Software\WS35]  
Présent ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"  
Présent ! [HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"  
Présent ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"  
Présent ! [HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"  
Présent ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "mule_st_key"  
Présent ! [HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run] "mule_st_key"  
Présent ! [HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\bisoft]  
Présent ! [HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\DateTime4]  
Présent ! [HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\MuleAppData]  
Présent ! [HKCU\Software\Local AppWizard-Generated Applications\keygen]  
Présent ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]  
Présent ! [HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\Local AppWizard-Generated Applications\keygen]  
Présent ! [HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\Local AppWizard-Generated Applications\winupgro]  

################## | Etat / Services / Informations |

# Affichage des fichiers cachés : OK
 
Clé manquante : HKLM\...\SafeBoot | Mode sans echec non fonctionnel !  
 
# (!) Ndisuio -> Start = 4 ( Good = 3 | Bad = 4 )  
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 ) 
# (!) Ip6Fw -> Start = 4 ( Good = 2 | Bad = 4 )  
# (!) SharedAccess -> Start = 4 ( Good = 2 | Bad = 4 )  
# (!) wuauserv -> Start = 4 ( Good = 2 | Bad = 4 )  
# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )  


################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # FindyKill V5.022 ! |

mimie17 · Answer

en attendant votre aide, j'ai essayer d'installer plusieurs logiciels type : 
kaspersky, spywareterminator, rien à faire, je ne peux lancer aucun logiciel de protection

j'ai meme essayer de telecharcher hitjackis des que je veux le telecharger la page internet se ferme

merci de m'aider, s'il vous plait

crapoulou · Answer

Salut,
C'est normal, tu as une infection bagle !
Si ton souci provient du téléchargement de quelque chose sur le p2p, supprime le !

*******

Ta version de findukill n'est pas à jjour.
Prends celle-ci stp :
https://www.commentcamarche.net/telecharger/securite/2759-adwcleaner/

Et refais l'option 1 pour le moment.

mimie17 · Answer

Salut,

je peux pas aller sur le lien que tu m'as donner ma page internet se ferme dessuite

crapoulou · Answer

Essaye ce lien direct :
http://pagesperso-orange.fr/NosTools/Chiquitine29/Setup.exe

mimie17 · Answer

voilà le rapport

############################## | FindyKill V5.024 |

# User : MYRIAM (Administrateurs) # PCMIMI
# Update on 09/01/2010 by El Desaparecido
# Start at: 11:23:48 | 16/01/2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

# AMD Athlon(tm) 64 X2 Dual Core Processor 4400+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Enabled

# C:\ # Disque fixe local # 48,83 Go (32,5 Go free) [SYSTEM] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 184,06 Go (148,2 Go free) [DATA] # NTFS

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winsudate\gibsvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\MYRIAM\Application Data\drivers\winupgro.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\MYRIAM\Application Data\m\flec006.exe
C:\WINDOWS\wintems.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
 
############################## | Processus infectieux stoppés  | 

"C:\Documents and Settings\MYRIAM\Application Data\drivers\winupgro.exe"  (488)
"C:\Documents and Settings\MYRIAM\Application Data\m\flec006.exe"  (3236)
"C:\WINDOWS\wintems.exe"  (3300)

################## | C: |


################## | C:\WINDOWS |

Présent ! C:\WINDOWS\ban_list.txt  
Présent ! C:\WINDOWS\mdelk.exe  
Présent ! C:\WINDOWS\wintems.exe  

################## | C:\WINDOWS\Prefetch |

Présent ! C:\WINDOWS\Prefetch\140828.EXE-0FD68AA5.pf  
Présent ! C:\WINDOWS\Prefetch\158296.EXE-102DE535.pf  
Présent ! C:\WINDOWS\Prefetch\164906.EXE-21F4A761.pf  
Présent ! C:\WINDOWS\Prefetch\168078.EXE-11F0EED4.pf  
Présent ! C:\WINDOWS\Prefetch\198187.EXE-027FFD67.pf  
Présent ! C:\WINDOWS\Prefetch\64421.EXE-2B62F1BE.pf  
Présent ! C:\WINDOWS\Prefetch\67671.EXE-2635F061.pf  
Présent ! C:\WINDOWS\Prefetch\69484.EXE-244ABBEC.pf  
Présent ! C:\WINDOWS\Prefetch\72187.EXE-2D87B863.pf  
Présent ! C:\WINDOWS\Prefetch\75281.EXE-33A638CD.pf  
Présent ! C:\WINDOWS\Prefetch\77828.EXE-1F57CEC6.pf  
Présent ! C:\WINDOWS\Prefetch\80687.EXE-18587A7A.pf  
Présent ! C:\WINDOWS\Prefetch\81046.EXE-2431BD38.pf  
Présent ! C:\WINDOWS\Prefetch\85203.EXE-28D955AF.pf  
Présent ! C:\WINDOWS\Prefetch\85515.EXE-2B3C6D0C.pf  
Présent ! C:\WINDOWS\Prefetch\90671.EXE-1AE22A8D.pf  
Présent ! C:\WINDOWS\Prefetch\93156.EXE-1E3987A3.pf  
Présent ! C:\WINDOWS\Prefetch\FLEC006.EXE-07147BC0.pf  
Présent ! C:\WINDOWS\Prefetch\MDELK.EXE-087EF2B4.pf  
Présent ! C:\WINDOWS\Prefetch\WINTEMS.EXE-127B61D4.pf  

################## | C:\WINDOWS\system32 |

Présent ! C:\WINDOWS\system32\srosa2.sys  
Présent ! C:\WINDOWS\system32\wfsintwq.sys  

################## | C:\WINDOWS\system32\drivers |


################## | C:\Documents and Settings\MYRIAM\Application Data |

Présent ! C:\Documents and Settings\MYRIAM\Application Data\drivers  
Présent ! C:\Documents and Settings\MYRIAM\Application Data\drivers\downld  
Présent ! C:\Documents and Settings\MYRIAM\Application Data\drivers\winupgro.exe  
Présent ! C:\Documents and Settings\MYRIAM\Application Data\m  
Présent ! C:\Documents and Settings\MYRIAM\Application Data\m\data.oct  
Présent ! C:\Documents and Settings\MYRIAM\Application Data\m\flec006.exe  
Présent ! C:\Documents and Settings\MYRIAM\Application Data\m\list.oct  
Présent ! C:\Documents and Settings\MYRIAM\Application Data\m\srvlist.oct  
Présent ! C:\Documents and Settings\MYRIAM\Application Data\m\shared  

################## | Temporary Internet Files |


################## | Registre |

Présent ! [HKLM\SYSTEM\ControlSet004\Services\sK9Ou0s]  
Présent ! [HKLM\SYSTEM\CurrentControlSet\Services\srosa]  
Présent ! [HKLM\SYSTEM\ControlSet001\Services\srosa]  
Présent ! [HKLM\SYSTEM\ControlSet003\Services\srosa]  
Présent ! [HKLM\SYSTEM\ControlSet004\Services\srosa]  
Présent ! [HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S]  
Présent ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]  
Présent ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]  
Présent ! [HKCU\Software\bisoft]  
Présent ! [HKCU\Software\DateTime4]  
Présent ! [HKCU\Software\MuleAppData]  
Présent ! [HKCU\Software\WS35]  
Présent ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"  
Présent ! [HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"  
Présent ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"  
Présent ! [HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"  
Présent ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "mule_st_key"  
Présent ! [HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run] "mule_st_key"  
Présent ! [HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\bisoft]  
Présent ! [HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\DateTime4]  
Présent ! [HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\MuleAppData]  
Présent ! [HKCU\Software\Local AppWizard-Generated Applications\keygen]  
Présent ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]  
Présent ! [HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\Local AppWizard-Generated Applications\keygen]  
Présent ! [HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\Local AppWizard-Generated Applications\winupgro]  

################## | Etat |

# Affichage des fichiers cachés : OK
 
Clé manquante : HKLM\...\SafeBoot | Mode sans echec non fonctionnel !  
 
# (!) Ndisuio -> Start = 4 ( Good = 3 | Bad = 4 )  
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 ) 
# (!) Ip6Fw -> Start = 4 ( Good = 2 | Bad = 4 )  
# (!) SharedAccess -> Start = 4 ( Good = 2 | Bad = 4 )  
# (!) wuauserv -> Start = 4 ( Good = 2 | Bad = 4 )  
# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )  


################## | Cracks > Keygens > Serials |


################## | ! Fin du rapport # FindyKill V5.024 ! |

mimie17 · Answer

est-ce que je dois repasser Findy Kill 
et faire le 2 ou pas

crapoulou · Answer

Oui, tu peux faire le 2 et poster le rapport. Voilà la procédure : Nettoyage avec Findykill : ! Déconnecte toi et ferme toutes application en cours (Navigateur Internet compris) ! * Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) * Relance "FindyKill". * Au menu principal choisis l’option "F" pour français et tape sur [Entrée]. * Au second menu choisis l’option "2" (Suppression) et tape sur [Entrée]. * Le PC va redémarrer automatiquement. => Le programme va travailler, ne touche à rien. Ton bureau ne sera pas accessible, c’est normal ! * Poste le rapport qui apparaît à la fin (le rapport est sauvegardé aussi sous C:\FindyKill.txt) /!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide /!\ Aide en images (Suppression) : ICI ******** Pour un diagnostic en profondeur de ton PC : Télécharge Random’s System Information Tool (RSIT) de random/random et enregistre l’exécutable sur le Bureau. = = = = >>> En cliquant ici <<< = = = = * Double clique sur RSIT.exe pour le lancer. * Une première fenêtre s’ouvre, clique alors sur Continue (Disclaimer). * Si la dernière version de HijackThis n’est pas détectée sur ton PC, RSIT le téléchargera et te demandera d’accepter la licence. * Lorsque l’analyse sera terminée, deux fichiers texte s’ouvriront (probablement avec le bloc-notes). * Poste le contenu de log.txt.

mimie17 · Answer

j'ai fait toutes les manipulations avec Findykill

effectivement le PC redémarre, mon bureau n'est pas accessible pendant un certain temps, mais le rapport ne s'affiche pas et quand je vais dans C:\FindyKill.txt , tout se ferme je n'arrive pas à ouvrir le dossier

je vais essayer de passer Random's System Information Tool et je poste le rapport si je peux

crapoulou · Answer

Ok.
Je file, je reviens en fin de soirée.
Si tu as ton bureau mais pas les icônes, tu sais ce qu'il faut faire.
Si t'as des messages d'erreur, n'hésite pas à les relever.
A ce soir.

mimie17 · Answer

ok merci pour ton aide je te poste quand meme le rapport RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by MYRIAM at 2010-01-16 19:00:12
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 33 GB (66%) free of 50 GB
Total RAM: 1023 MB (67% free)


======Scheduled tasks folder======

C:\WINDOWS	asks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-24 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-24 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2007-06-09 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2007-06-09 86016]
"SchedulingAgent"=mstinit.exe /firstlogon []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2006-01-27 842752]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
""= []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2009-01-29 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\System32\NvCpl.dll [2007-06-09 7700480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\System32\NvMcTray.dll [2007-06-09 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
wiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-06-28 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2007-10-16 16855552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2007-10-11 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EPSON Status Monitor 3 Environment Check.lnk]
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE  []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE  []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin220.lnk]
C:\PROGRA~1\Philips\PHILIP~1\TRAYMI~1.EXE [2007-03-09 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Boonty Games"=3
"avast! Web Scanner"=3
"avast! Mail Scanner"=3
"avast! Antivirus"=2
"aswUpdSv"=2
"aawservice"=2

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Démarrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\eMule0.48a\emule.exe"="C:\eMule0.48a\emule.exe:*:Enabled:eMule"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f035a43-aae2-11dc-a906-001d7d925331}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs


======List of files/folders created in the last 1 months======

2010-01-16 19:00:12 ----D---- C:sit
2010-01-16 18:56:24 ----A---- C:\WINDOWS\ban_list.txt
2010-01-16 18:56:14 ----HD---- C:\Documents and Settings\MYRIAM\Application Data\m
2010-01-16 18:55:50 ----HD---- C:\Documents and Settings\MYRIAM\Application Data\drivers
2010-01-16 18:55:05 ----A---- C:\Log.txt
2010-01-16 09:41:26 ----D---- C:\FindyKill
2010-01-12 20:36:14 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-09 21:00:58 ----D---- C:\Program Files\Dactylo
2009-12-25 23:18:39 ----D---- C:\WINDOWS\system32\XPSViewer
2009-12-25 23:18:35 ----D---- C:\Program Files\MSBuild
2009-12-25 23:18:33 ----D---- C:\WINDOWS\system32\en-US
2009-12-25 23:18:29 ----D---- C:\Program Files\Reference Assemblies
2009-12-25 23:17:34 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-12-25 23:17:33 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-12-25 23:17:33 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-12-23 21:48:44 ----DC---- C:\WINDOWS\$NtUninstallKB959426$
2009-12-23 21:48:40 ----DC---- C:\WINDOWS\$NtUninstallKB960859$
2009-12-23 21:47:51 ----DC---- C:\WINDOWS\$NtUninstallKB958869$
2009-12-23 21:47:34 ----DC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-12-23 21:47:31 ----DC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-23 21:47:26 ----DC---- C:\WINDOWS\$NtUninstallKB951978$
2009-12-23 21:47:20 ----DC---- C:\WINDOWS\$NtUninstallKB969059$
2009-12-23 21:47:05 ----DC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-12-23 21:46:00 ----DC---- C:\WINDOWS\$NtUninstallKB961503$
2009-12-23 21:45:56 ----DC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-12-23 21:45:51 ----DC---- C:\WINDOWS\$NtUninstallKB971657$
2009-12-23 21:45:47 ----DC---- C:\WINDOWS\$NtUninstallKB971557$
2009-12-23 21:45:43 ----DC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-12-23 21:45:25 ----DC---- C:\WINDOWS\$NtUninstallKB956744$
2009-12-23 21:45:21 ----DC---- C:\WINDOWS\$NtUninstallKB974112$
2009-12-23 21:45:14 ----DC---- C:\WINDOWS\$NtUninstallKB956572$
2009-12-23 21:44:48 ----DC---- C:\WINDOWS\$NtUninstallKB956844$
2009-12-23 21:44:31 ----DC---- C:\WINDOWS\$NtUninstallKB961501$
2009-12-23 21:44:17 ----DC---- C:\WINDOWS\$NtUninstallKB971633$
2009-12-23 21:44:12 ----DC---- C:\WINDOWS\$NtUninstallKB973869$
2009-12-23 21:44:08 ----DC---- C:\WINDOWS\$NtUninstallKB975025$
2009-12-23 21:44:03 ----DC---- C:\WINDOWS\$NtUninstallKB952004$
2009-12-23 21:43:58 ----DC---- C:\WINDOWS\$NtUninstallKB974571$
2009-12-23 21:43:52 ----DC---- C:\WINDOWS\$NtUninstallKB976325$
2009-12-23 21:43:46 ----DC---- C:\WINDOWS\$NtUninstallKB973507$
2009-12-23 21:43:42 ----DC---- C:\WINDOWS\$NtUninstallKB973687$
2009-12-23 21:43:25 ----DC---- C:\WINDOWS\$NtUninstallKB973354$
2009-12-23 21:43:20 ----DC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-23 21:43:08 ----DC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-12-23 21:42:35 ----DC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-23 21:42:31 ----DC---- C:\WINDOWS\$NtUninstallKB954459$
2009-12-23 21:41:36 ----DC---- C:\WINDOWS\$NtUninstallKB970238$
2009-12-23 21:41:28 ----DC---- C:\WINDOWS\$NtUninstallKB971486$
2009-12-23 21:41:22 ----DC---- C:\WINDOWS\$NtUninstallKB960803$
2009-12-23 21:41:13 ----DC---- C:\WINDOWS\$NtUninstallKB973815$
2009-12-23 21:41:09 ----DC---- C:\WINDOWS\$NtUninstallKB973525$
2009-12-23 21:39:20 ----DC---- C:\WINDOWS\$NtUninstallKB923561$
2009-12-23 21:39:16 ----DC---- C:\WINDOWS\$NtUninstallKB971961$
2009-12-23 21:39:12 ----DC---- C:\WINDOWS\$NtUninstallKB975467$
2009-12-23 21:39:07 ----DC---- C:\WINDOWS\$NtUninstallKB968389$
2009-12-23 21:39:00 ----DC---- C:\WINDOWS\$NtUninstallKB969947$
2009-12-22 10:51:19 ----D---- C:\WINDOWS\Bubble Town

======List of files/folders modified in the last 1 months======

2010-01-16 19:00:14 ----D---- C:\Program Files\Trend Micro
2010-01-16 18:56:33 ----D---- C:\WINDOWS\Prefetch
2010-01-16 18:56:25 ----D---- C:\WINDOWS
2010-01-16 18:56:15 ----D---- C:\Program Files\Mozilla Firefox
2010-01-16 18:56:00 ----D---- C:\WINDOWS\system32
2010-01-16 18:55:09 ----D---- C:\WINDOWS\TEMP
2010-01-16 18:54:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-16 18:49:36 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-01-16 12:39:06 ----SHD---- C:\WINDOWS\Installer
2010-01-16 12:39:06 ----HD---- C:\WINDOWS\system32\drivers
2010-01-16 12:39:06 ----D---- C:\Config.Msi
2010-01-16 12:39:03 ----RD---- C:\Program Files
2010-01-16 12:38:21 ----HD---- C:\WINDOWS\inf
2010-01-16 12:38:12 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-16 10:47:54 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-01-16 09:37:34 ----D---- C:\Documents and Settings\MYRIAM\Application Data\vlc
2010-01-16 09:14:45 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-01-16 09:13:53 ----D---- C:\Program Files\Windows Media Player
2010-01-15 21:21:22 ----D---- C:\Program Files\Oberon Media
2010-01-13 17:41:37 ----D---- C:\Program Files\Fichiers communs\Adobe
2010-01-13 17:41:36 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-01-13 17:41:27 ----D---- C:\Program Files\Adobe
2010-01-13 08:21:52 ----D---- C:\WINDOWS\AppPatch
2010-01-12 20:36:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-12 20:36:10 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-02 12:13:20 ----D---- C:\Documents and Settings\MYRIAM\Application Data\dvdcss
2009-12-27 09:25:41 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2009-12-26 10:27:22 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-26 10:27:20 ----RSD---- C:\WINDOWS\assembly
2009-12-25 23:21:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-25 23:21:01 ----D---- C:\WINDOWS\WinSxS
2009-12-25 23:18:32 ----RSD---- C:\WINDOWS\Fonts
2009-12-25 23:18:20 ----D---- C:\WINDOWS\system32\spool
2009-12-25 23:18:10 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-25 11:50:35 ----D---- C:\WINDOWS\Debug
2009-12-25 11:50:35 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-24 23:20:02 ----D---- C:\WINDOWS\system32\wbem
2009-12-24 23:19:18 ----D---- C:\WINDOWS\system32\config
2009-12-24 23:18:57 ----D---- C:\WINDOWS\Registration
2009-12-24 23:18:33 ----D---- C:\Program Files\Microsoft Silverlight
2009-12-24 23:18:30 ----D---- C:\Program Files\Outlook Express
2009-12-23 06:57:32 ----D---- C:\WINDOWS\system32\NtmsData
2009-12-22 10:51:19 ----D---- C:\Program Files\Bubble Town
2009-12-22 08:02:48 ----D---- C:\Program Files\Winsudate
2009-12-21 17:13:32 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender
2009-12-21 17:13:32 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 MarxDev1;MarxDev1; C:\WINDOWS\system32\drivers\MarxDev1.sys [2001-05-28 8864]
R2 MarxDev2;MarxDev2; C:\WINDOWS\system32\drivers\MarxDev2.sys [2001-05-28 8864]
R2 MarxDev3;MarxDev3; C:\WINDOWS\system32\drivers\MarxDev3.sys [2001-05-28 8864]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-16 4615168]
R3 MMRTKRNL;MMRTKRNL; C:\WINDOWS\system32\drivers\mmrtkrnl.sys [2001-11-05 32960]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-28 12288]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS
v4_mini.sys [2007-06-09 3988384]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2006-11-27 58368]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS
vnetbus.sys [2006-11-27 19968]
R3 SPC220NC;Philips SPC220NC Webcam; C:\WINDOWS\System32\DRIVERS\SPC220NC.SYS [2007-01-09 507136]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2009-03-10 103744]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
S3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 Profos;Profos; \??\C:\Program Files\Softwin\BitDefender10\profos.sys []
S3 SE26bus;Sony Ericsson Device 038 Driver driver (WDM); C:\WINDOWS\System32\DRIVERS\SE26bus.sys [2006-08-28 61600]
S3 SE26mdfl;Sony Ericsson Device 038 USB WMC Modem Filter; C:\WINDOWS\System32\DRIVERS\SE26mdfl.sys [2006-08-28 9360]
S3 SE26mdm;Sony Ericsson Device 038 USB WMC Modem Driver; C:\WINDOWS\System32\DRIVERS\SE26mdm.sys [2006-08-28 97184]
S3 SE26mgmt;Sony Ericsson Device 038 USB WMC Device Management Drivers (WDM); C:\WINDOWS\System32\DRIVERS\SE26mgmt.sys [2006-08-28 88688]
S3 se26nd5;Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (NDIS); C:\WINDOWS\System32\DRIVERS\se26nd5.sys [2006-08-28 18704]
S3 SE26obex;Sony Ericsson Device 038 USB WMC OBEX Interface; C:\WINDOWS\System32\DRIVERS\SE26obex.sys [2006-08-28 86560]
S3 se26unic;Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (WDM); C:\WINDOWS\System32\DRIVERS\se26unic.sys [2006-08-28 90768]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-09-28 7168]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 Trufos;Trufos; \??\C:\Program Files\Softwin\BitDefender10	rufos.sys []
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-24 152984]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32
vsvc32.exe [2007-06-09 159810]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 WinSvc;Gestionnaire de mise à jour Winsudate; C:\Program Files\Winsudate\gibsvc.exe [2009-07-27 70896]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-07 137200]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

crapoulou · Answer

Très bien, il en manque un bout, on va l'avoir autrement : - Télécharge HijackThis Version 2.02 afin que je fasse un diagnostic sur la/les éventuelle(s) infection(s) présente(s) sur ton PC. = = = = >>> En cliquant ici <<< = = = = - Enregistre "HJTInstall.exe" sur ton bureau. - Fais un double-clic (gauche) sur HJTInstall.exe afin de lancer l’installation - Clique sur Install ensuite sur "I Accept". - Clique sur "Do a scan system and save log file". - Le bloc-notes s’ouvrira, fais un copier - coller de tout son contenu ici dans ta prochaine réponse.

mimie17 · Answer

grrrrrrrrrr je peux pas ouvrir

crapoulou · Answer

Message d'erreur, problème particulier ?
L'option 2 a-t-elle été passée convenablement ?

crapoulou · Answer

Ok. ******* Télécharge Malwarebytes’ Anti-Malware = = = = >>> En cliquant ici <<< = = = = - Enregistre le sur le bureau - Double clique sur le fichier téléchargé pour lancer le processus d’installation - Lorsqu’il te le sera demandé, mets à jour Malwarebytes anti malware - Si le pare-feu demande l’autorisation de se connecter pour malwarebytes, acceptes - Une fois la mise à jour terminée, ferme Malwarebytes - Double-clique sur l’icône de malwarebytes pour le relancer - Dans l’onglet, Recherche, probablement ouvert par défaut, - Sélectionne Exécuter un examen complet - Clique sur Rechercher - Le scan démarre - A la fin de l’analyse, un message s’affiche : L’examen s’est terminé normalement. Cliquez sur ‘Afficher les résultats’ pour afficher tous les objets trouvés. - Clique sur Ok pour poursuivre. - Si des malwares ont été détectés, cliques sur Afficher les résultats - Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine. - Malwarebytes va ouvrir le bloc-notes et y copier le rapport d’analyse. - Rends toi dans l’onglet rapport/log - Tu clique dessus pour l’afficher. - Une fois affiché, cliques sur édition en haut du bloc notes, et puis sur sélectionner tout - Tu recliques sur édition et puis sur copier et tu reviens sur le forum et dans ta réponse - Tu clique droit dans le cadre de la réponse et coller Si tu as besoin d’aide regarde ce tutorial ICI

mimie17 · Answer

Voilà le premier rapport, certains elements n'ont pu etre supprimer je dois donc redémarrer et je poste le nouveau rapport après, 


Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3581
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

17/01/2010 12:06:20
mbam-log-2010-01-17 (12-06-20).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 206007
Temps écoulé: 26 minute(s), 57 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 466

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\bisoft (Worm.Bagle) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\srosa (Worm.Bagle) -> Delete on reboot.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drvsyskit (Worm.Bagle) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\german.exe (Worm.Bagle) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Worm.Bagle) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\LocalService\Application Data\drivers\downld (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\m (Trojan.Agent) -> Delete on reboot.

Fichier(s) infecté(s):
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP339\A0056699.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP339\A0056705.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP339\A0057083.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP339\A0057475.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP339\A0057476.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP339\A0057477.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP339\A0057492.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP339\A0057495.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP339\A0057882.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP339\A0057888.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP339\A0057889.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP339\A0057902.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP339\A0057942.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP339\A0057947.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP339\A0057907.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP339\A0057910.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP341\A0057959.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP342\A0057985.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP342\A0058126.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP342\A0058133.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP342\A0058134.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP342\A0058135.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP343\A0058197.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP343\A0058204.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP343\A0058210.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP343\A0058211.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP343\A0058214.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP343\A0058219.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP343\A0058335.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP343\A0058467.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP343\A0058285.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP343\A0058290.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP343\A0058295.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP343\A0058334.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP343\A0058353.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP343\A0058466.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP343\A0058468.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP346\A0058561.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP346\A0058562.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP346\A0058568.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP346\A0058571.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP346\A0059094.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP346\A0058864.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP346\A0058867.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP346\A0058887.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP346\A0058891.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP346\A0058895.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP346\A0059092.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP346\A0059093.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0059653.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0059660.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0059709.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0059713.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0059714.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0059716.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0059938.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0059943.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0059657.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0059946.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0059988.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0059989.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0059990.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0060388.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0060392.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0060395.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0060412.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0060413.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0060414.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0060446.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0060447.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0060452.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0060455.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0060510.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0060513.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0061105.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0061109.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0061134.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0061142.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0061145.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0061238.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0061240.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0061135.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0061262.dll (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0061263.dll (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0061264.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0061265.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0061640.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0061644.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0061648.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0061653.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0061654.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0062141.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0062148.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0062153.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0061697.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0061701.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0061705.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0061655.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0062099.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0062100.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0062101.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0062520.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0062521.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0062533.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0062537.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0062522.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0062541.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0062915.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0062916.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0062917.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0062940.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0062941.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0062948.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0062952.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0062955.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0063066.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0063416.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0063420.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0063423.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0063465.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0063466.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0063467.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\WINDOWS\wintems.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\WINDOWS\mdelk.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Ad-Remover\QUARANTINE\PROGRA~1\WINSUD~1\gibcom.dll.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Ad-Remover\QUARANTINE\PROGRA~1\WINSUD~1\gibidl.dll.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Ad-Remover\QUARANTINE\PROGRA~1\WINSUD~1\gibsvc.exe.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Ad-Remover\QUARANTINE\PROGRA~1\WINSUD~1\gibupt.exe.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\88312.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\94843.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\m\flec006.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\100000.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\100390.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\100734.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\100953.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\101140.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\101312.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\102187.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\102828.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\103031.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\103250.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\103515.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\103796.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\104203.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\104640.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\105500.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\106125.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\106343.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\106562.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\107843.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\108437.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\108750.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\109000.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\109312.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\109640.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\109875.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\110078.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\110312.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\110546.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\110718.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\110890.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\111531.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\112140.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\113250.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\114140.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\114359.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\114546.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\114734.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\114937.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\115921.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\116890.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\117046.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\118265.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\118937.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\119625.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\121343.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\121890.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\122140.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\122359.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\122734.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\123156.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\123312.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\123484.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\123703.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\123906.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\124109.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\124296.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\124875.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\125484.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\125718.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\125937.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\126125.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\130921.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\131343.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\131781.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\132843.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\133265.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\133843.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\134250.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\134734.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\135156.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\135859.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\136250.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\137828.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\138250.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\138453.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\138671.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\138859.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\181265.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\181906.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\182578.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\182843.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\183140.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\183546.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\184000.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\184453.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\184906.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\185140.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\186093.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\187062.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\188031.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\188281.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\188562.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\188750.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\192156.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\192593.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\193015.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\193484.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\193937.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\195218.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\196718.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\196906.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\217437.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\218031.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\221359.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\221593.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\221812.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\222015.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\222218.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\222625.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\223015.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\223640.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\224203.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\224625.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\225046.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\225500.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\225859.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\226109.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\226359.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\228109.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\228531.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\229187.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\229843.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\230093.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\230375.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\230640.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\230890.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\231125.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\231343.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\232000.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\232656.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\232875.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\233062.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\233281.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\233515.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\233953.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\234359.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\235781.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\237703.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\237906.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\238125.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\238375.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\238609.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\238968.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\239281.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\239437.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\239609.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\239828.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\240046.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\240234.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\240421.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\241109.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\241765.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\242171.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\242546.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\242750.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\285406.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\285812.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\286234.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\286640.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\286843.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\287000.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\287171.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\287765.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\288359.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\288515.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\288734.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\289125.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\289453.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\289937.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\290421.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\290625.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\290812.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\290984.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\291156.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\292109.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\293125.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\293468.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\293687.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\293859.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\294046.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\294265.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\294484.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\294703.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\294906.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\295328.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\295750.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\295937.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\296140.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\297109.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\302687.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\302953.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\303218.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\303656.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\304125.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\305109.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\306093.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\306843.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\307593.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\308734.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\314578.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\315421.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\316203.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\316359.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\316531.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\316921.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\317312.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\317968.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\318687.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\319156.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\319640.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\324171.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\331031.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\331234.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\373781.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\374171.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\374515.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\374734.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\374968.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\375203.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\375421.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\375593.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\375812.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\377281.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\378796.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\379015.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\379234.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\379437.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\379609.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\380218.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\380828.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\381015.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\381203.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\381718.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\382250.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\382453.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\382640.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\382968.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\383250.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\384187.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\385140.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\385296.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\385453.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\385718.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\385953.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\386156.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\386359.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\386593.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\386796.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\387000.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\387203.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\387359.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\387531.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\387687.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\387859.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\391281.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\395312.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\397328.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\398734.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\399187.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\399671.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\399953.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\400250.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\403078.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\406281.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\406484.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\406687.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\406906.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\407140.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\407578.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\408109.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\408625.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\409000.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\409593.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\410218.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\411218.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\411937.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\412421.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\412906.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\413328.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\418421.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\419078.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\419765.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\420093.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\425140.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\425296.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\425468.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\425671.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\425875.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\427406.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\427843.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\429687.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\431593.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\431781.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\431984.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\432468.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\432984.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\433421.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\433859.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\434218.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\434453.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\434656.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\434875.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\435343.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\435843.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld\436687.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\M

mimie17 · Answer

Alors mon pc vient de redémarrer
mais j'ai une drole de fenêtre qui vient de s'ouvrir
y a deux petits cadres avec dans l'un OîaxUa
et l'autre <éA< aeu

et plus bas il y a OK

qu'est ce que je dois faire

mimie17 · Answer

désolé j'ai apparemment poster deux fois le même message j'ai pas était fichu de retrouver le premier
mon PC s'est éteint tout seul à redémarrer tout seul et je n'ai plus la fenêtre bizarre qui s'affiche
mais par contre toujours les mêmes soucis, je ne peux lancer aucun logiciel de sécurité, et je ne peux pas démarrer en mode sans échec

crapoulou · Answer

Findykill n'a apparemment pas pu travailler : relance l'option 2 stp.

mimie17 · Answer

J'ai toujours le meme soucis, j'ai relancé l'option 2 mais dès que je veux avoir l'accès au rapport de Findykill j'ai tout qui se ferme

crapoulou · Answer

Arf ok.

*********

Vide la quarantaine de MBAM.
Refais un scan rapide avec MBAM.

mimie17 · Answer

d2solé mais je suis obligé de redémarrer mon pc pour pouvoir relancer MBAM, grrrrrrrrrrr il m'en veut celui-là

mimie17 · Answer

J'ai pu vider la quarantaine, mais dès que je veux faire un scan même rapide, tout se ferme tout seul

mimie17 · Answer

par contre je laisse tomber pour ce soir j'en peux plus laisse moi tes directives mais je verrais demain et encore merci pour ton aide

crapoulou · Answer

Ok, on va travailler d'une autre manière. Il est coriace le coquin. ***** Télécharge ZHPDiag sur ton bureau : = = = = =>>>En cliquant ici <<<= = = = = = Une fois le téléchargement achevé, double clique sur ZHPDiag.exe et suis les instructions. N'oublie pas de cocher la case qui permet de mettre un raccourci sur le Bureau. Double clique sur le raccourci ZHPDiag sur ton Bureau pour le lancer. /!\ L’outil a créé 2 icônes ZHPDiag et ZHPFix /!\ Clique sur la loupe pour lancer l'analyse. Laisse l’outil travailler, il peut être assez long. Ferme ZHPDiag en fin d’analyse. Pour transmettre le rapport clique sur ce lien : http://www.cijoint.fr/ Clique sur Parcourir et cherche le répertoire où est installé ZHPDiag (en général C:\Program Files\ZHPDiag). Sélectionne le fichier ZHPDiag.txt. Clique sur "Cliquez ici pour déposer le fichier". Un lien de cette forme : http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt est ajouté dans la page. Copie ce lien dans ta réponse.

mimie17 · Answer

bonjour,

si j'ai bien tout fait voilà le lien, par contre l'analyse s'est fait en 9 secondes, je sais pas si cela à de l'importance ou pas. merci

http://www.cijoint.fr/cjlink.php?file=cj201001/cijjka5PJH.txt

crapoulou · Answer

Déconnecte-toi d'Internet et ferme toutes les applications ouvertes.
* Relance ZHPDiag en cliquant sur la loupe.
* Une fois le scan fini, clique sur "OK".
* Coche ces cases (et pas d'autres !) :
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} () - file://C:\Documents and Settings\MYRIAM\Local Settings\Application Data\Oberon Media\Oberon Games Host\popcaploader_v10.cab
O44 - LFC:Last File Created 18/01/2010 - 08:36:43 ---A- C:\WINDOWS\System32\srosa2.sys
O44 - LFC:Last File Created 18/01/2010 - 08:37:34 ---A- C:\WINDOWS\ban_list.txt
O51 - MPSK:{6f035a43-aae2-11dc-a906-001d7d925331}\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
* Pour finir clique sur "Nettoyer".
* Copie-colle le rapport obtenu.

mimie17 · Answer

Bonjour,

J'ai relancé ZHPDiag, l'analyse finit je ne vois aucune case à cocher ni ok

est-ce que je dois sélectionner les lignes?

crapoulou · Answer

Clique sur l'icone représentant la lettre H (« coller les lignes Helper »)

mimie17 · Answer

Désolé je suis trop stupide je ne vois pas l'icone H
j'ai la loupe, la disquette, l'appareil photo, le + le -
et de l'autre cote j'ai
un tournevis, un ecusson , une feuille avec une loupe, un agenda un casque et le I

crapoulou · Answer

Tu n'es pas stupide, j'ai demandé la procédure à quelqu'un mais elle est erronée.

Il faut lancer ZHPFix et non pas ZHP Diag.
Clique sur le "H" et copie/colle les lignes suivantes et place les dans ZHPFix :

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} () - file://C:\Documents and Settings\MYRIAM\Local Settings\Application Data\Oberon Media\Oberon Games Host\popcaploader_v10.cab
O44 - LFC:Last File Created 18/01/2010 - 08:36:43 ---A- C:\WINDOWS\System32\srosa2.sys
O44 - LFC:Last File Created 18/01/2010 - 08:37:34 ---A- C:\WINDOWS\ban_list.txt
O51 - MPSK:{6f035a43-aae2-11dc-a906-001d7d925331}\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

(A partir de O51, tout le reste c'est une seule ligne).

Clique sur "OK" puis "Tous", puis sur "Nettoyer ".
Copie/colle la totalité du rapport dans ta prochaine réponse

mimie17 · Answer

ah merci je suis rassurée, allez je relance tout ça merci

crapoulou · Answer

Je vais devoir y aller, on reprendra en fin d'après-midi.
Bonne journée.

mimie17 · Answer

juste une derniere chose si t'es pas déjà parti

(a partir de 051 tout le reste c'est une seule ligne) ça veut dire que je dois tout sélectionner d'en bas jusqu'à cette ligne ou pas

mimie17 · Answer

J'ai fait  les 4 lignes que tu m'avais dis j'ai rien touché en dessous s'il faut que je recommence tu me le diras, en attendant je te met le rapport

Module mémoire :
(Néant)

Clé du Registre :
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} () - file://C:\Documents and Settings\MYRIAM\Local Settings\Application Data\Oberon Media\Oberon Games Host\popcaploader_v10.cab  => Clé supprimée avec succès
O51 - MPSK:{6f035a43-aae2-11dc-a906-001d7d925331}\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs  => Clé supprimée avec succès

Valeur du Registre :
(Néant)

Elément de données du Registre :
(Néant)

Dossier :
(Néant)

Fichier :
c:\windows\system32\srosa2.sys  => Supprimé et mis en quarantaine
c:\windows\ban_list.txt  => Supprimé et mis en quarantaine
c:\windows\system32\rundll32.exe shell32.dll  => Fichier absent

Logiciel :
(Néant)

Script Registre :
(Néant)

Autre :
(Néant)


Récapitulatif :
Processus mémoire : 0
Module mémoire : 0
Clé du Registre : 2
Valeur du Registre : 0
Elément de données du Registre : 0
Dossier : 0
Fichier : 3
Logiciel : 0
Autre : 0


End of the scan

crapoulou · Answer

On progresse ;-).
Tu devrais réussir à lancer l'option 2 de Fyndykill...?

mimie17 · Answer

re, re, et quelle patience que tu as............

j'arrive toujours pas à lancer l'option 2  de Fyndykill j'ai toujours le même message d'erreur qui me demande de tout sauvegarder, et puis tout se ferme et le PC redémarrer

crapoulou · Answer

ok, alors, ...
1) Essaye en retéléchargeant Findykill.
2) Essaye de refaire une analyse avec MBAM.
3) Refais un rapport ZHP Diag.

mimie17 · Answer

peux tu me redonner un lien y a rien à faire j'arrive pas à réinstaller findykill

mimie17 · Answer

J'ai réussit à le télécharger, j'ai tout recommencer à zéro, j'ai fait l'option 1 recherche puis l'option 2 et toujours pareil la fenêtre avec la croix rouge s'ouvre et tout se ferme

je te poste quand même le rapport que je viens de faire avec findykill et l'option 1


############################## | FindyKill V5.024 |

# User : MYRIAM (Administrateurs) # PCMIMI
# Update on 09/01/2010 by El Desaparecido
# Start at: 20:05:49 | 19/01/2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

# AMD Athlon(tm) 64 X2 Dual Core Processor 4400+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Enabled

# C:\ # Disque fixe local # 48,83 Go (32,78 Go free) [SYSTEM] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 184,06 Go (148,2 Go free) [DATA] # NTFS
# F:\ # Disque amovible

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\MYRIAM\Application Data\drivers\winupgro.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\MYRIAM\Application Data\m\flec006.exe
C:\WINDOWS\wintems.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
 
############################## | Processus infectieux stoppés  | 

"C:\Documents and Settings\MYRIAM\Application Data\drivers\winupgro.exe"  (312)
"C:\Documents and Settings\MYRIAM\Application Data\m\flec006.exe"  (2608)
"C:\WINDOWS\wintems.exe"  (2652)

################## | C: |


################## | C:\WINDOWS |

Présent ! C:\WINDOWS\ban_list.txt  
Présent ! C:\WINDOWS\mdelk.exe  
Présent ! C:\WINDOWS\wintems.exe  

################## | C:\WINDOWS\Prefetch |

Présent ! C:\WINDOWS\Prefetch\108953.EXE-0BC57B82.pf  
Présent ! C:\WINDOWS\Prefetch\111828.EXE-16D6F8CA.pf  
Présent ! C:\WINDOWS\Prefetch\96343.EXE-1EA0F5EF.pf  
Présent ! C:\WINDOWS\Prefetch\99906.EXE-074D1063.pf  
Présent ! C:\WINDOWS\Prefetch\FLEC006.EXE-07147BC0.pf  
Présent ! C:\WINDOWS\Prefetch\MDELK.EXE-087EF2B4.pf  
Présent ! C:\WINDOWS\Prefetch\WINTEMS.EXE-127B61D4.pf  

################## | C:\WINDOWS\system32 |

Présent ! C:\WINDOWS\system32\srosa2.sys  
Présent ! C:\WINDOWS\system32\wfsintwq.sys  

################## | C:\WINDOWS\system32\drivers |


################## | C:\Documents and Settings\MYRIAM\Application Data |

Présent ! C:\Documents and Settings\MYRIAM\Application Data\drivers  
Présent ! C:\Documents and Settings\MYRIAM\Application Data\drivers\downld  
Présent ! C:\Documents and Settings\MYRIAM\Application Data\drivers\winupgro.exe  
Présent ! C:\Documents and Settings\MYRIAM\Application Data\m  
Présent ! C:\Documents and Settings\MYRIAM\Application Data\m\data.oct  
Présent ! C:\Documents and Settings\MYRIAM\Application Data\m\flec006.exe  
Présent ! C:\Documents and Settings\MYRIAM\Application Data\m\list.oct  
Présent ! C:\Documents and Settings\MYRIAM\Application Data\m\srvlist.oct  
Présent ! C:\Documents and Settings\MYRIAM\Application Data\m\shared  

################## | Temporary Internet Files |


################## | Registre |

Présent ! [HKLM\SYSTEM\CurrentControlSet\Services\srosa]  
Présent ! [HKLM\SYSTEM\ControlSet001\Services\srosa]  
Présent ! [HKLM\SYSTEM\ControlSet002\Services\srosa]  
Présent ! [HKLM\SYSTEM\ControlSet003\Services\srosa]  
Présent ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]  
Présent ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]  
Présent ! [HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA]  
Présent ! [HKCU\Software\bisoft]  
Présent ! [HKCU\Software\DateTime4]  
Présent ! [HKCU\Software\MuleAppData]  
Présent ! [HKCU\Software\WS35]  
Présent ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"  
Présent ! [HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"  
Présent ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"  
Présent ! [HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"  
Présent ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "mule_st_key"  
Présent ! [HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run] "mule_st_key"  
Présent ! [HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\bisoft]  
Présent ! [HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\DateTime4]  
Présent ! [HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\MuleAppData]  
Présent ! [HKCU\Software\Local AppWizard-Generated Applications\keygen]  
Présent ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]  
Présent ! [HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\Local AppWizard-Generated Applications\keygen]  
Présent ! [HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\Local AppWizard-Generated Applications\winupgro]  

################## | Etat |

# Affichage des fichiers cachés : OK
 
Clé manquante : HKLM\...\SafeBoot | Mode sans echec non fonctionnel !  
 
# (!) Ndisuio -> Start = 4 ( Good = 3 | Bad = 4 )  
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 ) 
# (!) Ip6Fw -> Start = 4 ( Good = 2 | Bad = 4 )  
# (!) SharedAccess -> Start = 4 ( Good = 2 | Bad = 4 )  
# (!) wuauserv -> Start = 4 ( Good = 2 | Bad = 4 )  
# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )  


################## | Cracks > Keygens > Serials |


################## | ! Fin du rapport # FindyKill V5.024 ! |

mimie17 · Answer

voilà le rapport ZHPDiag

O64 - Services: CS003 - Java Quick Starter (JavaQuickStarterService) - LEGACY_JAVAQUICKSTARTERSERVICE
O64 - Services: CS003 - ksecdd (ksecdd) - LEGACY_KSECDD
O64 - Services: CS003 - Serveur (lanmanserver) - LEGACY_LANMANSERVER
O64 - Services: CS003 - Station de travail (LanmanWorkstation) - LEGACY_LANMANWORKSTATION
O64 - Services: CS003 - Assistance TCP/IP NetBIOS (LmHosts) - LEGACY_LMHOSTS
O64 - Services: CS003 - MarxDev1 (MarxDev1) - LEGACY_MARXDEV1
O64 - Services: CS003 - MarxDev2 (MarxDev2) - LEGACY_MARXDEV2
O64 - Services: CS003 - MarxDev3 (MarxDev3) - LEGACY_MARXDEV3
O64 - Services: CS003 - mchInjDrv (mchInjDrv) - LEGACY_MCHINJDRV
O64 - Services: CS003 - Affichage des messages (Messenger) - LEGACY_MESSENGER
O64 - Services: CS003 - mnmdd (mnmdd) - LEGACY_MNMDD
O64 - Services: CS003 - mountmgr (mountmgr) - LEGACY_MOUNTMGR
O64 - Services: CS003 - Redirecteur client WebDav (MRxDAV) - LEGACY_MRXDAV
O64 - Services: CS003 - MRXSMB (MRxSmb) - LEGACY_MRXSMB
O64 - Services: CS003 - Distributed Transaction Coordinator (MSDTC) - LEGACY_MSDTC
O64 - Services: CS003 - Msfs (Msfs) - LEGACY_MSFS
O64 - Services: CS003 - Windows Installer (MSIServer) - LEGACY_MSISERVER
O64 - Services: CS003 - Mup (Mup) - LEGACY_MUP
O64 - Services: CS003 - Pilote système NDIS (NDIS) - LEGACY_NDIS
O64 - Services: CS003 - Pilote TAPI NDIS d'accès distant (NdisTapi) - LEGACY_NDISTAPI
O64 - Services: CS003 - NDIS mode utilisateur E/S Protocole (Ndisuio) - LEGACY_NDISUIO
O64 - Services: CS003 - NDProxy (NDProxy) - LEGACY_NDPROXY
O64 - Services: CS003 - Interface NetBIOS (NetBIOS) - LEGACY_NETBIOS
O64 - Services: CS003 - NetBIOS sur TCP/IP (NetBT) - LEGACY_NETBT
O64 - Services: CS003 - Connexions réseau (Netman) - LEGACY_NETMAN
O64 - Services: CS003 - NLA (Network Location Awareness) (Nla) - LEGACY_NLA
O64 - Services: CS003 - NMSAccessU (NMSAccessU) - LEGACY_NMSACCESSU
O64 - Services: CS003 - Npfs (Npfs) - LEGACY_NPFS
O64 - Services: CS003 - ntfs (ntfs) - LEGACY_NTFS
O64 - Services: CS003 - Stockage amovible (NtmsSvc) - LEGACY_NTMSSVC
O64 - Services: CS003 - Null (Null) - LEGACY_NULL
O64 - Services: CS003 - NVIDIA Display Driver Service (NVSvc) - LEGACY_NVSVC
O64 - Services: CS003 - Office Source Engine (ose) - LEGACY_OSE
O64 - Services: CS003 - PartMgr (PartMgr) - LEGACY_PARTMGR
O64 - Services: CS003 - ParVdm (ParVdm) - LEGACY_PARVDM
O64 - Services: CS003 - pavboot (pavboot) - LEGACY_PAVBOOT
O64 - Services: CS003 - Pml Driver HPZ12 (Pml Driver HPZ12) - LEGACY_PML_DRIVER_HPZ12
O64 - Services: CS003 - Services IPSEC (PolicyAgent) - LEGACY_POLICYAGENT
O64 - Services: CS003 - PROCEXP90 (PROCEXP90) - LEGACY_PROCEXP90
O64 - Services: CS003 - Profos (Profos) - LEGACY_PROFOS
O64 - Services: CS003 - Emplacement protégé (ProtectedStorage) - LEGACY_PROTECTEDSTORAGE
O64 - Services: CS003 - Pilote de connexion automatique d'accès distant (RasAcd) - LEGACY_RASACD
O64 - Services: CS003 - Gestionnaire de connexion automatique d'accès distant (RasAuto) - LEGACY_RASAUTO
O64 - Services: CS003 - Gestionnaire de connexions d'accès distant (RasMan) - LEGACY_RASMAN
O64 - Services: CS003 - Rdbss (Rdbss) - LEGACY_RDBSS
O64 - Services: CS003 - RDPCDD (RDPCDD) - LEGACY_RDPCDD

crapoulou · Answer

Edit.
Ton rapport de ZHP Diag n'est pas complet !

mimie17 · Answer

Rapport de ZHPDiag v1.24.25 par Nicolas Coolman
Run by MYRIAM at 19/01/2010 20:15:20
Web site :  http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
MSIE: Internet Explorer v6.0.2900.5512
MFIE: Mozilla Firefox (3.0.17)

Boot mode: Normal (Normal boot)
Total RAM: 1023 MB (67% free)
System drive C: has 33 GB (67%) free of 49 GB

---\ Processus lancés
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\services.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\spoolsv.exe

---\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr

---\ Pages de recherche d'Internet Explorer (R1)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

---\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - %SystemRoot%\System32\shdocvw.dll

---\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

---\ Internet Explorer Toolbars (O3)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

---\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data=1
O4 - HKLM\..\policies\Explorer: [NoDriveAutoRun] Data=67108863
O4 - HKLM\..\policies\Explorer: [NoDriveTypeAutoRun] Data=323
O4 - HKLM\..\policies\Explorer: [NoDrives] Data=0
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

---\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

---\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll,201
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302

---\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: DirectAnimation Java Classes (DirectAnimation Java Classes) - file://C:\WINDOWS\Java\classes\dajava.cab
O16 - DPF: Microsoft XML Parser for Java (Microsoft XML Parser for Java) - file://C:\WINDOWS\Java\classes\xmldso.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5392B545-31A5-4724-BEF3-4FED1D56FDAC} (CPlayFirstDinerDash2_frControl Object) - file://C:\Documents and Settings\MYRIAM\Local Settings\Application Data\Oberon Media\Oberon Games Host\DinerDash2_fr.1.0.0.70.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} () - http://charon777.free.fr/plugins/hardwaredetection_2_0_4_10.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

---\ Protocole additionnel et piratage de protocole (O18)
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll
O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\FICHIE~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\System32\mshtml.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

---\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\System32\dimsntfy.dll

---\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %SystemRoot%\System32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - %systemroot%\system32\stobject.dll

---\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\System32\browseui.dll

---\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
O23 - Service: NMSAccessU (NMSAccessU) - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 (Pml Driver HPZ12) - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SeaPort (SeaPort) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
O23 - Service: Spouleur d'impression (Spooler) - C:\WINDOWS\system32\spoolsv.exe

---\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

---\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Lecteur Windows Media - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE
O40 - ASIC: Personnalisation du navigateur - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Outlook Express - >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
O40 - ASIC: Microsoft VM - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: Internet Explorer Classes for Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - (not file)
O40 - ASIC: Rendu VML (Vector Graphics Rendering) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file)
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Lecteur Windows Media Microsoft 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT
O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - C:\WINDOWS\System32\danim.dll
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32egsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32	hemeui.dll
O40 - ASIC: Liaison de données Dynamic HTML pour Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Logiciel de navigation hors connexion - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file)
O40 - ASIC: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) - {411EDCF7-755D-414E-A74B-3DCD6583F589} - (not file)
O40 - ASIC: Création avancée - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: Microsoft DirectX - {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: DirectX - {4594FDD1-557F-FA9C-7C2F-D9F814DCB9BE} - (not file)
O40 - ASIC: Aide sur Internet Explorer - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: KB918899 - {4d64f3ba-f112-4efe-a02e-96680859937c} - (not file)
O40 - ASIC: Classes Java DirectAnimation - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.7 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
O40 - ASIC: KB918439 - {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - (not file)
O40 - ASIC: Outils d'installation Internet Explorer - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Améliorations pour la navigation - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player 8 - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
O40 - ASIC: Accès au site MSN - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: .NET Framework - {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - (not file)
O40 - ASIC: Dossiers Web - {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - (not file)
O40 - ASIC: Carnet d'adresses 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
O40 - ASIC: Mise à jour du Bureau Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer 6 - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
O40 - ASIC: Microsoft .NET Framework 1.1 Hotfix (KB928366) - {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - (not file)
O40 - ASIC: Liaison de données Dynamic HTML - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: .NET Framework - {9A394342-4A68-4EBA-85A6-55B559F4E700} - (not file)
O40 - ASIC: .NET Framework - {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - (not file)
O40 - ASIC: Polices de base Internet Explorer - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: .NET Framework - {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - (not file)
O40 - ASIC: Planificateur de tâches - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx
O40 - ASIC: KB925486 - {dd772a76-bef3-44d7-8b39-502c8504c1f1} - (not file)
O40 - ASIC: Aide HTML - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)
O40 - ASIC: KB911567 - {f15ee071-deb7-4cbb-951f-431c98338d8e} - (not file)
O40 - ASIC: .NET Framework - {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - (not file)

---\ Pilotes lancés au démarrage (O41)
O41 - Driver: Environnement de prise en charge de réseau AFD (AFD) - C:\WINDOWS\System32\drivers\afd.sys
O41 - Driver: Pilote de CD-ROM (Cdrom) - C:\WINDOWS\System32\DRIVERS\cdrom.sys
O41 - Driver: ElbyCDIO Driver (ElbyCDIO) - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys
O41 - Driver: Pilote pour clavier i8042 et souris sur port PS/2 (i8042prt) - C:\WINDOWS\System32\DRIVERS\i8042prt.sys
O41 - Driver: Pilote de filtre de gravure CD (Imapi) - C:\WINDOWS\System32\DRIVERS\imapi.sys
O41 - Driver: Pilote IPSEC (IPSec) - C:\WINDOWS\System32\DRIVERS\ipsec.sys
O41 - Driver: Pilote de la classe Clavier (Kbdclass) - C:\WINDOWS\System32\DRIVERS\kbdclass.sys
O41 - Driver: Pilote de la classe Souris (Mouclass) - C:\WINDOWS\System32\DRIVERS\mouclass.sys
O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
O41 - Driver: Interface NetBIOS (NetBIOS) - C:\WINDOWS\System32\DRIVERS
etbios.sys
O41 - Driver: NetBIOS sur TCP/IP (NetBT) - C:\WINDOWS\System32\DRIVERS
etbt.sys
O41 - Driver: Pilote processeur (Processor) - C:\WINDOWS\System32\DRIVERS\processr.sys
O41 - Driver: Pilote de connexion automatique d'accès distant (RasAcd) - C:\WINDOWS\System32\DRIVERSasacd.sys
O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\System32\DRIVERSdbss.sys
O41 - Driver: (no object) (RDPCDD) - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
O41 - Driver: Pilote de filtre de lecture digitale de CD audio (redbook) - C:\WINDOWS\System32\DRIVERSedbook.sys
O41 - Driver: SASKUTIL (SASKUTIL) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
O41 - Driver: Pilote de port série (Serial) - C:\WINDOWS\System32\DRIVERS\serial.sys
O41 - Driver: Pilote du protocole TCP/IP (Tcpip) - C:\WINDOWS\System32\DRIVERS	cpip.sys
O41 - Driver: Pilote de périphérique terminal (TermDD) - C:\WINDOWS\System32\DRIVERS	ermdd.sys
O41 - Driver: Carte vidéo VGA. (VgaSave) - C:\WINDOWS\System32\drivers\vga.sys

---\ Logiciels installés (O42)
O42 - Logiciel: Ad-Aware
O42 - Logiciel: Adobe Flash Player 10 ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin
O42 - Logiciel: Adobe Reader 9.3 - Français
O42 - Logiciel: Archiveur WinRAR
O42 - Logiciel: Assistant de connexion Windows Live
O42 - Logiciel: BPM-Studio 4 Profi
O42 - Logiciel: Bubble Town
O42 - Logiciel: Bubble Town 1.1.0.1
O42 - Logiciel: CCleaner
O42 - Logiciel: CDBurnerXP
O42 - Logiciel: Digital Photo Navigator 1.5
O42 - Logiciel: Galerie de photos Windows Live
O42 - Logiciel: Google Toolbar for Internet Explorer
O42 - Logiciel: HP Customer Participation Program 7.0
O42 - Logiciel: HP Document Viewer 7.0
O42 - Logiciel: HP Imaging Device Functions 7.0
O42 - Logiciel: HP Photosmart Premier Software 6.5
O42 - Logiciel: HP Photosmart, Officejet and Deskjet 7.0.A
O42 - Logiciel: HP Precisionscan Pro 3.1
O42 - Logiciel: HP Product Assistant
O42 - Logiciel: HP Solution Center 7.0
O42 - Logiciel: HP Update
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5)
O42 - Logiciel: Installation Windows Live
O42 - Logiciel: Java(TM) 6 Update 12
O42 - Logiciel: Junk Mail filter update
O42 - Logiciel: K-Lite Codec Pack 3.5.7 Full
O42 - Logiciel: Les Indispensables Éducation pour Microsoft Office
O42 - Logiciel: MP Manager
O42 - Logiciel: MSVCRT
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: MSXML 6 Service Pack 2 (KB954459)
O42 - Logiciel: Malwarebytes' Anti-Malware
O42 - Logiciel: Messenger Plus! Live
O42 - Logiciel: Microsoft .NET Framework 1.1
O42 - Logiciel: Microsoft .NET Framework 1.1 French Language Pack
O42 - Logiciel: Microsoft .NET Framework 1.1 Hotfix (KB928366)
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft Choice Guard
O42 - Logiciel: Microsoft Office Live Add-in 1.3
O42 - Logiciel: Microsoft Office Professional Edition 2003
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU]
O42 - Logiciel: Microsoft Search Enhancement Pack
O42 - Logiciel: Microsoft Silverlight
O42 - Logiciel: Microsoft Sync Framework Runtime Native v1.0 (x86)
O42 - Logiciel: Microsoft Sync Framework Services Native v1.0 (x86)
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
O42 - Logiciel: Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
O42 - Logiciel: Mozilla Firefox (3.0.17)
O42 - Logiciel: NVIDIA Drivers
O42 - Logiciel: OCR Software by I.R.I.S 7.0
O42 - Logiciel: Outil de téléchargement Windows Live
O42 - Logiciel: Philips SPC220NC Webcam
O42 - Logiciel: Pochette Express 2
O42 - Logiciel: PowerDVD
O42 - Logiciel: PowerDirector Express
O42 - Logiciel: PowerProducer
O42 - Logiciel: Ranch Rush
O42 - Logiciel: Realtek High Definition Audio Driver
O42 - Logiciel: Segoe UI
O42 - Logiciel: Spybot - Search & Destroy
O42 - Logiciel: USB Flash Disk
O42 - Logiciel: VLC media player 1.0.3
O42 - Logiciel: Webcam Video Viewer
O42 - Logiciel: Windows Imaging Component
O42 - Logiciel: Windows Live Call
O42 - Logiciel: Windows Live Communications Platform
O42 - Logiciel: Windows Live Contrôle parental
O42 - Logiciel: Windows Live FolderShare
O42 - Logiciel: Windows Live Mail
O42 - Logiciel: Windows Live Messenger
O42 - Logiciel: Windows Live Toolbar
O42 - Logiciel: Windows Live Writer
O42 - Logiciel: Windows XP Service Pack 3
O42 - Logiciel: eMule

---\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory ----D- C:\Program Files\a-squared Free
O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Ahead
O43 - CFD:Common File Directory ----D- C:\Program Files\Aimersoft
O43 - CFD:Common File Directory ----D- C:\Program Files\ALCATech
O43 - CFD:Common File Directory ----D- C:\Program Files\AMD
O43 - CFD:Common File Directory ----D- C:\Program Files\ArcSoft
O43 - CFD:Common File Directory ----D- C:\Program Files\AVS4YOU
O43 - CFD:Common File Directory ----D- C:\Program Files\Bubble Town
O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner
O43 - CFD:Common File Directory ----D- C:\Program Files\CDBurnerXP
O43 - CFD:Common File Directory ----D- C:\Program Files\CyberLink
O43 - CFD:Common File Directory ----D- C:\Program Files\Dactylo
O43 - CFD:Common File Directory ----D- C:\Program Files\DigiCam Manual
O43 - CFD:Common File Directory ----D- C:\Program Files\Digital Photo Navigator 1.5
O43 - CFD:Common File Directory ----D- C:\Program Files\DivX
O43 - CFD:Common File Directory ----D- C:\Program Files\Easy MPEG AVI DIVX WMV RM to DVD
O43 - CFD:Common File Directory ----D- C:\Program Files\Elaborate Bytes
O43 - CFD:Common File Directory ----D- C:\Program Files\eMule
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers communs
O43 - CFD:Common File Directory ----D- C:\Program Files\Google
O43 - CFD:Common File Directory ----D- C:\Program Files\Hewlett-Packard
O43 - CFD:Common File Directory ----D- C:\Program Files\HP
O43 - CFD:Common File Directory ----D- C:\Program Files\Icone
O43 - CFD:Common File Directory ----D- C:\Program Files\Incomplete
O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer
O43 - CFD:Common File Directory ----D- C:\Program Files\Inventel
O43 - CFD:Common File Directory ----D- C:\Program Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\K-Lite Codec Pack
O43 - CFD:Common File Directory ----D- C:\Program Files\KC Softwares
O43 - CFD:Common File Directory ----D- C:\Program Files\Lavasoft
O43 - CFD:Common File Directory ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger
O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger Plus! Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Sync Framework
O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker
O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox
O43 - CFD:Common File Directory ----D- C:\Program Files\MPMAN
O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0
O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 6.0
O43 - CFD:Common File Directory ----D- C:\Program Files\NCH Software
O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting
O43 - CFD:Common File Directory ----D- C:\Program Files\Oberon Media
O43 - CFD:Common File Directory ----D- C:\Program Files\obj
O43 - CFD:Common File Directory ----D- C:\Program Files\orange
O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express
O43 - CFD:Common File Directory ----D- C:\Program Files\Philips
O43 - CFD:Common File Directory ----D- C:\Program Files\Pochette Express 2
O43 - CFD:Common File Directory ----D- C:\Program Files\Realtek
O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies
O43 - CFD:Common File Directory ----D- C:\Program Files\Samsung
O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne
O43 - CFD:Common File Directory ----D- C:\Program Files\SlySoft
O43 - CFD:Common File Directory ----D- C:\Program Files\Spybot - Search & Destroy
O43 - CFD:Common File Directory ----D- C:\Program Files\Super logiciels
O43 - CFD:Common File Directory ----D- C:\Program Files\Trend Micro
O43 - CFD:Common File Directory ----D- C:\Program Files\Ubisoft
O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information
O43 - CFD:Common File Directory ----D- C:\Program Files\USBDisk
O43 - CFD:Common File Directory ----D- C:\Program Files\VideoLAN
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT
O43 - CFD:Common File Directory --H-D- C:\Program Files\WindowsUpdate
O43 - CFD:Common File Directory ----D- C:\Program Files\WinRAR
O43 - CFD:Common File Directory ----D- C:\Program Files\xerox
O43 - CFD:Common File Directory ----D- C:\Program Files\Xilisoft
O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag
O43 - CFD:Common File Directory ----D- C:\Program Files\Zylom Games
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\ArcSoft
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\AVSMedia
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\DESIGNER
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Hewlett-Packard
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\HP
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Oberon Media
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\ODBC
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Services
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Softwin
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Sonic Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\System
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Windows Live

---\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:Last File Created 07/01/2010 - 16:07:04 ---A- C:\WINDOWS\System32\drivers\mbam.sys
O44 - LFC:Last File Created 07/01/2010 - 16:07:14 ---A- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
O44 - LFC:Last File Created 14/01/2010 - 08:47:41 ---A- C:\WINDOWS\System32\wpa.dbl
O44 - LFC:Last File Created 16/01/2010 - 12:34:30 ---A- C:\WINDOWS\System32\CONFIG.NT
O44 - LFC:Last File Created 19/01/2010 - 07:42:25 ---A- C:\WINDOWS\System32\pythondll.zip
O44 - LFC:Last File Created 19/01/2010 - 20:09:36 ---A- C:\WINDOWS\WindowsUpdate.log
O44 - LFC:Last File Created 19/01/2010 - 20:09:37 ---A- C:\WINDOWS\SchedLgU.Txt
O44 - LFC:Last File Created 19/01/2010 - 20:10:16 -S-A- C:\WINDOWS\bootstat.dat
O44 - LFC:Last File Created 19/01/2010 - 20:10:28 ---A- C:\WINDOWS\wiaservc.log
O44 - LFC:Last File Created 19/01/2010 - 20:10:29 ---A- C:\WINDOWS\wiadebug.log
O44 - LFC:Last File Created 19/01/2010 - 20:10:30 ---A- C:\WINDOWS\0.log
O44 - LFC:Last File Created 19/01/2010 - 20:10:59 ---A- C:\WINDOWS\System32
vapps.xml
O44 - LFC:Last File Created 19/01/2010 - 20:11:12 ---A- C:\WINDOWS\System32\srosa2.sys
O44 - LFC:Last File Created 19/01/2010 - 20:11:47 ---A- C:\WINDOWS\ban_list.txt
O44 - LFC:Last File Created 21/12/2009 - 17:03:57 ---A- C:\WINDOWS\System32\bdss.log
O44 - LFC:Last File Created 21/12/2009 - 17:13:16 ---A- C:\WINDOWS\System32\bdod.bin
O44 - LFC:Last File Created 21/12/2009 - 17:13:32 ---A- C:\WINDOWS\win.ini
O44 - LFC:Last File Created 23/12/2009 - 21:47:37 ---A- C:\WINDOWS\System32\TZLog.log
O44 - LFC:Last File Created 25/12/2009 - 23:21:14 ---A- C:\WINDOWS\System32\PerfStringBackup.INI
O44 - LFC:Last File Created 25/12/2009 - 23:21:14 ---A- C:\WINDOWS\System32\perfc009.dat
O44 - LFC:Last File Created 25/12/2009 - 23:21:14 ---A- C:\WINDOWS\System32\perfc00C.dat
O44 - LFC:Last File Created 25/12/2009 - 23:21:14 ---A- C:\WINDOWS\System32\perfh009.dat
O44 - LFC:Last File Created 25/12/2009 - 23:21:14 ---A- C:\WINDOWS\System32\perfh00C.dat
O44 - LFC:Last File Created 26/12/2009 - 09:55:21 ---A- C:\WINDOWS\System32\FNTCACHE.DAT

---\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll

---\ Export de clé d'application autorisée (ECAA)(O47)
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export SP - "C:\eMule0.48a\emule.exe"="C:\eMule0.48a\emule.exe:*:Enabled:eMule"
O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
O47 - AAKE:Key Export SP - "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export DP - "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

---\ Déni du service (Local Security Authority) (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - C:\WINDOWS\System32\scecli.dll

---\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d

---\ Trojan Driver Search Data (TDSD) (O52)
O52 - TDSD:HKLM\...\Drivers\"timer"="timer.drv"
O52 - TDSD:HKLM\...\Drivers32\"midimapper"="midimap.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.imaadpcm"="imaadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msadpcm"="msadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg711"="msg711.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msgsm610"="msgsm32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.trspch"="tssoft32.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.cvid"="iccvid.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.I420"="msh263.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv31"="ir32_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv32"="ir32_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv41"="ir41_32.ax"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.IYUV"="iyuv_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.mrle"="msrle32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.msvc"="msvidc32.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.UYVY"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YUY2"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVU9"="tsbyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVYU"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"wavemapper"="msacm32.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg723"="msg723.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.M263"="msh263.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.M261"="msh261.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msaudio1"="msaud32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.sl_anet"="sl_anet.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.iac2"="C:\WINDOWS\System32\iac25_32.ax"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv50"="ir50_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.l3acm"="C:\WINDOWS\System32\l3codeca.acm"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.XVID"="xvidvfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.ac3acm"="ac3acm.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.lameacm"="lameACM.acm"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.FFDS"="ff_vfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"MSVideo8"="VfWWDM32.dll"
O52 - TDSD:HKLM\...\Drivers32\"wave"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"midi"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"aux"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.LEAD"="LCODCCMP.DLL"
O52 - TDSD:HKLM\...\Drivers32\"msacm.siren"="sirenacm.dll"
O52 - TDSD:HKLM\...\drivers.desc\"msaud32.acm"="Windows Media Audio Codec"
O52 - TDSD:HKLM\...\drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec"
O52 - TDSD:HKLM\...\drivers.desc\"C:\WINDOWS\System32\iac25_32.ax"="Indeo® audio software"
O52 - TDSD:HKLM\...\drivers.desc\"ir50_32.dll"="Indeo® video 5.10"
O52 - TDSD:HKLM\...\drivers.desc\"C:\WINDOWS\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec"
O52 - TDSD:HKLM\...\drivers.desc\"xvidvfw.dll"="Xvid MPEG-4 Video Codec v1.2.0-dev"
O52 - TDSD:HKLM\...\drivers.desc\"lameACM.acm"="Lame ACM MP3 CODEC v3.97b2"
O52 - TDSD:HKLM\...\drivers.desc\"ac3acm.acm"="AC-3 ACM Codec"
O52 - TDSD:HKLM\...\drivers.desc\"ff_vfw.dll"="ffdshow video encoder"
O52 - TDSD:HKLM\...\drivers.desc\"vfwwdm32.dll"="Vidéo WDM pour le pilote de capture Windows (Win32)"
O52 - TDSD:HKLM\...\drivers.desc\"wdmaud.drv"="Realtek High Definition Audio"
O52 - TDSD:HKLM\...\drivers.desc\"midimap.dll"="midimap.dll"
O52 - TDSD:HKLM\...\drivers.desc\"imaadp32.acm"="imaadp32.acm"
O52 - TDSD:HKLM\...\drivers.desc\"msadp32.acm"="msadp32.acm"
O52 - TDSD:HKLM\...\drivers.desc\"msg711.acm"="msg711.acm"
O52 - TDSD:HKLM\...\drivers.desc\"msgsm32.acm"="msgsm32.acm"
O52 - TDSD:HKLM\...\drivers.desc\"tssoft32.acm"="tssoft32.acm"
O52 - TDSD:HKLM\...\drivers.desc\"iccvid.dll"="iccvid.dll"
O52 - TDSD:HKLM\...\drivers.desc\"msh263.drv"="msh263"
O52 - TDSD:HKLM\...\drivers.desc\"ir32_32.dll"="ir32_32.dll"
O52 - TDSD:HKLM\...\drivers.desc\"ir41_32.ax"="ir41_32.ax"
O52 - TDSD:HKLM\...\drivers.desc\"iyuv_32.dll"="iyuv_32.dll"
O52 - TDSD:HKLM\...\drivers.desc\"msrle32.dll"="msrle32.dll"
O52 - TDSD:HKLM\...\drivers.desc\"msvidc32.dll"="msvidc32.dll"
O52 - TDSD:HKLM\...\drivers.desc\"msyuv.dll"="msyuv.dll"
O52 - TDSD:HKLM\...\drivers.desc\"tsbyuv.dll"="tsbyuv.dll"
O52 - TDSD:HKLM\...\drivers.desc\"msacm32.drv"="msacm32"
O52 - TDSD:HKLM\...\drivers.desc\"msg723.acm"="msg723.acm"
O52 - TDSD:HKLM\...\drivers.desc\"msh261.drv"="msh261"
O52 - TDSD:HKLM\...\drivers.desc\"yv12vfw.dll"="yv12vfw.dll"
O52 - TDSD:HKLM\...\drivers.desc\"mciavi32.dll"="mciavi32.dll"
O52 - TDSD:HKLM\...\drivers.desc\"mcicda.dll"="mcicda.dll"
O52 - TDSD:HKLM\...\drivers.desc\"mciseq.dll"="mciseq.dll"
O52 - TDSD:HKLM\...\drivers.desc\"mciwave.dll"="mciwave.dll"
O52 - TDSD:HKLM\...\drivers.desc\"mciqtz32.dll"="mciqtz32.dll"
O52 - TDSD:HKLM\...\drivers.desc\"LCODCCMP.DLL"="LEAD MCMP/MJPEG Codec (VFW)"
O52 - TDSD:HKLM\...\drivers.desc\"sirenacm.dll"="Messenger Audio Codec"

---\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

---\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=2
O55 - MWPS:[HKLM\...\Policies\System] - "DisableRegistryTools"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0

---\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveTypeAutoRun"=323
O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveAutoRun"=67108863
O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDrives"=0
O56 - MWPE:[HKLM\...\Policies\Explorer] - "HonorAutoRunSetting"=1
O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoDriveAutoRun"=67108863
O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoDriveTypeAutoRun"=323
O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoDrives"=0

---\ Liste des Drivers Système (SDL) (O58)
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\acpi.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\acpiec.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\aec.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\afc.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\afd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\amdk6.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\amdk7.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\AmdTools.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\AnyDVD.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\arp1394.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ASPI32.SYS
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\asyncmac.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atapi.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atmarpc.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atmepvc.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atmlane.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atmuni.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\audstub.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\avgntflt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\bdasup.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\beep.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\bridge.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\cbidf2k.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\CBUSB.SYS
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ccdecode.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\cdaudio.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\cdfs.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\cdr4_xp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\cdralw2k.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\cdrom.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\changer.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\cinemst2.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\classpnp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\cpqdap01.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\crusoe.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\disk.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\diskdump.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\dmboot.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\dmio.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\dmload.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\dmusic.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\drmk.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\drmkaud.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\dxapi.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\dxg.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\dxgthk.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ElbyCDFL.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ElbyCDIO.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\fastfat.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\fdc.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\fips.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\flpydisk.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\fssfltr_tdi.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\fsvga.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\fs_rec.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ftdisk.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\hidclass.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\hidparse.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\hidusb.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\HPZid412.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\HPZipr12.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\HPZius12.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\i2omgmt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\i8042prt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\imapi.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ipfltdrv.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ipinip.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ipnat.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ipsec.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\irbus.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\irenum.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\isapnp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\kbdclass.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\kmixer.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ks.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ksecdd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\MARXDEV1.SYS
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\MARXDEV2.SYS
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\MARXDEV3.SYS
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mbam.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mbamswissarmy.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mcd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mf.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mmrtkrnl.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mnmdd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\modem.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mouclass.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mouhid.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mountmgr.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mpe.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mqac.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mrxdav.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mrxsmb.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\msdv.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\msfs.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\msgpc.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mskssrv.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mspclock.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mspqm.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mstee.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mup.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers
abtsfec.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers
dis.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers
disip.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers
distapi.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers
disuio.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers
diswan.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers
dproxy.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers
etbios.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers
etbt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers
ic1394.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers
ikedrv.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers
mnt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers
pfs.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers
tfs.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers
ull.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers
v4_mini.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers
vata.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\NVENETFD.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers
vnetbus.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers
vnrm.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers
vsnpu.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers
vtcp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers
wlnkflt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers
wlnkfwd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers
wlnkipx.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers
wlnknb.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers
wlnkspx.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers
wrdr.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\oprghdlr.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\p3.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\parport.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\partmgr.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\parvdm.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\pci.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\pciide.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\pciidex.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\pcmcia.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\portcls.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\processr.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\psched.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ptilink.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\driversasacd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\driversasl2tp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\driversaspppoe.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\driversaspptp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\driversaspti.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\driversawwan.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\driversdbss.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\driversdpcdd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\driversdpdr.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\driversdpwd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\driversedbook.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\RegKill.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\driversio8drv.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\driversiodrv.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\driversmcast.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\driversndismp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\driversootmdm.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\RtkHDAud.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\RTKVHDA.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\scsiport.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\SE26bus.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\SE26cm.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\SE26cmnt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\se26cr.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\SE26mdfl.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\SE26mdm.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\SE26mgmt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\se26nd5.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\SE26obex.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\se26unic.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\SE26wh.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\SE26whnt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\secdrv.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\serenum.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\serial.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sfloppy.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\slip.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\smbali.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\smclib.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sonydcam.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sonyhcb.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sonyhcc.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sonyhcs.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sonypvs1.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\SONYPVU1.SYS
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\SPC220NC.SYS
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\splitter.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sr.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\srv.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\StarOpen.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\stream.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\streamip.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\swenum.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\swmidi.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sysaudio.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers	ape.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\TCPIP.SYS
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers	cpip6.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers	di.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\TDLPT.SYS
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers	dpipe.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers	dtcp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers	ermdd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers	osdvd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers	sbvcap.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers	unmp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\udfs.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\update.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usb8023.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbaudio.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbcamd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbcamd2.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbccgp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbehci.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbhub.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbintel.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbohci.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbport.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbprint.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbscan.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbstor.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\vdmindvd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\vga.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\videoprt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\volsnap.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\wanarp.sys
O58

mimie17 · Answer

j'arrive pas à t'envoyer le rapport ZHP Diag
je vais essayer avec un autre PC

mimie17 · Answer

pour pouvoir t'envoyer le rapport j'ai du changer le pseudo j'ai pris mimie29 j'hallucine j'ai jamais été confronté à un truc aussi coriace, j'ai l'impression qu'il lit dans mes pensées ça craint

crapoulou · Answer

C'est bon, il est passé, il est là :
https://forums.commentcamarche.net/forum/affich-16170035-probleme-logiciel-de-securite?page=3#46

mimie17 · Answer

ouffffff je dois faire quoi maintenant? S'il te plaît, merci. J'ai pensé formater mais je sais pas comment réinstaller tout les programmes xp ? Quand j'ai acheté l'ordi on ne m'a donné aucun CD.

crapoulou · Answer

Sans CD cela va être difficile. On va s'en sortir sans formater ;-). Tu me sembles motivée ;-). ***** /!\ Procédure réservée à mimie17. Ne tentez pas de la reproduire si vous avez un problème similaire sous peine de planter votre machine /!\ Télécharge OTM (de Old_Timer) sur ton Bureau. = = = = >>> En cliquant ici <<< = = = = Une fois installé sur le bureau, clique droit sur OTM.exe puis ‘Exécuter en tant qu’administrateur‘pour le lancer. Assure toi que la case Unregister Dll’s and Ocx’s soit bien cochée Copie la liste qui se trouve en gras ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt : Paste Instructions for Items to be moved. :Procédure: :Files C:\WINDOWS\ban_list.txt C:\WINDOWS\System32\srosa2.sys C:\Documents and Settings\MYRIAM\Application Data\drivers\winupgro.exe C:\Documents and Settings\MYRIAM\Application Data\m\flec006.exe C:\WINDOWS\wintems.exe C:\WINDOWS\mdelk.exe C:\WINDOWS\wintems.exe C:\WINDOWS\Prefetch\108953.EXE-0BC57B82.pf C:\WINDOWS\Prefetch\111828.EXE-16D6F8CA.pf C:\WINDOWS\Prefetch\96343.EXE-1EA0F5EF.pf C:\WINDOWS\Prefetch\99906.EXE-074D1063.pf C:\WINDOWS\Prefetch\FLEC006.EXE-07147BC0.pf C:\WINDOWS\Prefetch\MDELK.EXE-087EF2B4.pf C:\WINDOWS\Prefetch\WINTEMS.EXE-127B61D4.pf C:\WINDOWS\system32\srosa2.sys C:\WINDOWS\system32\wfsintwq.sys C:\Documents and Settings\MYRIAM\Application Data\drivers C:\Documents and Settings\MYRIAM\Application Data\m :reg [-HKLM\SYSTEM\CurrentControlSet\Services\srosa] [-HKLM\SYSTEM\ControlSet001\Services\srosa] [-HKLM\SYSTEM\ControlSet002\Services\srosa] [-HKLM\SYSTEM\ControlSet003\Services\srosa] [-HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA] [-HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA] [-HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA] [-HKCU\Software\bisoft] [-HKCU\Software\DateTime4] [-HKCU\Software\MuleAppData] [-HKCU\Software\WS35] [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"=- "german.exe"=- "mule_st_key"=- [HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"=- "german.exe"=- "mule_st_key"=- [-HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\bisoft] [-HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\DateTime4] [-HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\MuleAppData] [-HKCU\Software\Local AppWizard-Generated Applications\keygen] [-HKCU\Software\Local AppWizard-Generated Applications\winupgro] [-HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\Local AppWizard-Generated Applications\keygen] [-HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\Local AppWizard-Generated Applications\winupgro] :Commands [purity] [emptytemp] [Reboot] Clique sur MoveIt! pour lancer la suppression. Après avoir fait Moveit!, une fenêtre s’affiche : "The system requires a reboot to finish removing files. Do you want to reboot now ?" Réponds Yes. Le résultat apparaîtra dans le cadre "Results". Clique sur Exit pour fermer. Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

mimie17 · Answer

Je suis motivée même si ça doit me prendre des semaines, j'ai confiance voilà le rapport All processes killed Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! ========== REGISTRY ========== Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa\ scheduled to be deleted on reboot. Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa\ scheduled to be deleted on reboot. Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa\ scheduled to be deleted on reboot. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa\ deleted successfully. Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA\ scheduled to be deleted on reboot. Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA\ scheduled to be deleted on reboot. Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA\ scheduled to be deleted on reboot. Registry key HKEY_CURRENT_USER\Software\bisoft\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\DateTime4\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\MuleAppData\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\WS35\ deleted successfully. Registry delete failed. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\drvsyskit scheduled to be deleted on reboot. Registry delete failed. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\german.exe scheduled to be deleted on reboot. Registry delete failed. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\mule_st_key scheduled to be deleted on reboot. Registry delete failed. HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\drvsyskit scheduled to be deleted on reboot. Registry delete failed. HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\german.exe scheduled to be deleted on reboot. Registry delete failed. HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\mule_st_key scheduled to be deleted on reboot. Registry key HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Software\bisoft\ not found. Registry key HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Software\DateTime4\ not found. Registry key HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Software\MuleAppData\ not found. Registry key HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\keygen\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Software\Local AppWizard-Generated Applications\keygen\ not found. Registry key HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Software\Local AppWizard-Generated Applications\winupgro\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 1639009 bytes User: Administrateur.PCMIMI ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->FireFox cache emptied: 26439773 bytes User: Administrateur.PCMIMI.000 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->FireFox cache emptied: 2857134 bytes User: ADMINI~1~PCM User: All Users User: connerie User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Java cache emptied: 25493658 bytes User: MYRIAM ->Temp folder emptied: 13882424 bytes ->Temporary Internet Files folder emptied: 46994 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 121730528 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1096538 bytes %systemroot%\System32 .tmp files removed: 70994240 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 42880 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12994576 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 338959 bytes RecycleBin emptied: 95888 bytes Total Files Cleaned = 265,00 mb OTM by OldTimer - Version 3.1.6.0 log created on 01192010_221516 Files moved on Reboot... Registry entries deleted on Reboot... Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa\ scheduled to be deleted on reboot. Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa\ scheduled to be deleted on reboot. Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa\ scheduled to be deleted on reboot. Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA\ scheduled to be deleted on reboot. Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA\ scheduled to be deleted on reboot. Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA\ scheduled to be deleted on reboot. Registry delete failed. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\drvsyskit scheduled to be deleted on reboot. Registry delete failed. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\german.exe scheduled to be deleted on reboot. Registry delete failed. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\mule_st_key scheduled to be deleted on reboot. Registry delete failed. HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\drvsyskit scheduled to be deleted on reboot. Registry delete failed. HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\drvsyskit scheduled to be deleted on reboot. Registry delete failed. HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\drvsyskit scheduled to be deleted on reboot.

crapoulou · Answer

As-tu copié l'intégralité ? 
(de :Files à la fin ???)
Les deux-points ont une importance !

mimie17 · Answer

en fait j'ai fait tout sélectionner copier coller mais au cas où je recommence All processes killed Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! ========== REGISTRY ========== Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa\ scheduled to be deleted on reboot. Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa\ scheduled to be deleted on reboot. Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa\ scheduled to be deleted on reboot. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa\ deleted successfully. Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA\ scheduled to be deleted on reboot. Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA\ scheduled to be deleted on reboot. Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA\ scheduled to be deleted on reboot. Registry key HKEY_CURRENT_USER\Software\bisoft\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\DateTime4\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\MuleAppData\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\WS35\ deleted successfully. Registry delete failed. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\drvsyskit scheduled to be deleted on reboot. Registry delete failed. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\german.exe scheduled to be deleted on reboot. Registry delete failed. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\mule_st_key scheduled to be deleted on reboot. Registry delete failed. HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\drvsyskit scheduled to be deleted on reboot. Registry delete failed. HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\german.exe scheduled to be deleted on reboot. Registry delete failed. HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\mule_st_key scheduled to be deleted on reboot. Registry key HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Software\bisoft\ not found. Registry key HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Software\DateTime4\ not found. Registry key HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Software\MuleAppData\ not found. Registry key HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\keygen\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Software\Local AppWizard-Generated Applications\keygen\ not found. Registry key HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Software\Local AppWizard-Generated Applications\winupgro\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 1639009 bytes User: Administrateur.PCMIMI ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->FireFox cache emptied: 26439773 bytes User: Administrateur.PCMIMI.000 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->FireFox cache emptied: 2857134 bytes User: ADMINI~1~PCM User: All Users User: connerie User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Java cache emptied: 25493658 bytes User: MYRIAM ->Temp folder emptied: 13882424 bytes ->Temporary Internet Files folder emptied: 46994 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 121730528 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1096538 bytes %systemroot%\System32 .tmp files removed: 70994240 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 42880 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12994576 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 338959 bytes RecycleBin emptied: 95888 bytes Total Files Cleaned = 265,00 mb OTM by OldTimer - Version 3.1.6.0 log created on 01192010_221516 Files moved on Reboot... Registry entries deleted on Reboot... Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa\ scheduled to be deleted on reboot. Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa\ scheduled to be deleted on reboot. Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa\ scheduled to be deleted on reboot. Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA\ scheduled to be deleted on reboot. Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA\ scheduled to be deleted on reboot. Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA\ scheduled to be deleted on reboot. Registry delete failed. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\drvsyskit scheduled to be deleted on reboot. Registry delete failed. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\german.exe scheduled to be deleted on reboot. Registry delete failed. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\mule_st_key scheduled to be deleted on reboot. Registry delete failed. HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\drvsyskit scheduled to be deleted on reboot. Registry delete failed. HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\drvsyskit scheduled to be deleted on reboot. Registry delete failed. HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\

crapoulou · Answer

Remet que 

:files
C:\WINDOWS\ban_list.txt
C:\WINDOWS\System32\srosa2.sys
C:\Documents and Settings\MYRIAM\Application Data\drivers\winupgro.exe
C:\Documents and Settings\MYRIAM\Application Data\m\flec006.exe
C:\WINDOWS\wintems.exe
C:\WINDOWS\mdelk.exe
C:\WINDOWS\wintems.exe
C:\WINDOWS\Prefetch\108953.EXE-0BC57B82.pf
C:\WINDOWS\Prefetch\111828.EXE-16D6F8CA.pf
C:\WINDOWS\Prefetch\96343.EXE-1EA0F5EF.pf
C:\WINDOWS\Prefetch\99906.EXE-074D1063.pf
C:\WINDOWS\Prefetch\FLEC006.EXE-07147BC0.pf
C:\WINDOWS\Prefetch\MDELK.EXE-087EF2B4.pf
C:\WINDOWS\Prefetch\WINTEMS.EXE-127B61D4.pf
C:\WINDOWS\system32\srosa2.sys
C:\WINDOWS\system32\wfsintwq.sys
C:\Documents and Settings\MYRIAM\Application Data\drivers
C:\Documents and Settings\MYRIAM\Application Data\m

mimie17 · Answer

j'ai pas files
le seul files qui est écrit dans le rapport est :

Files moved on Reboot...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\drvsyskit scheduled to be deleted on reboot.
Registry delete failed. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\german.exe scheduled to be deleted on reboot.
Registry delete failed. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\mule_st_key scheduled to be deleted on reboot.
Registry delete failed. HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\drvsyskit scheduled to be deleted on reboot.
Registry delete failed. HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\drvsyskit scheduled to be deleted on reboot.
Registry delete failed. HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\drvsyskit scheduled to be deleted on reboot.

crapoulou · Answer

Une fois installé sur le bureau, clique droit sur OTM.exe puis ‘Exécuter en tant qu’administrateur‘pour le lancer.
Assure toi que la case Unregister Dll’s and Ocx’s soit bien cochée
Copie la liste qui se trouve en gras ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :
Paste Instructions for Items to be moved.

:files
C:\WINDOWS\ban_list.txt
C:\WINDOWS\System32\srosa2.sys
C:\Documents and Settings\MYRIAM\Application Data\drivers\winupgro.exe
C:\Documents and Settings\MYRIAM\Application Data\m\flec006.exe
C:\WINDOWS\wintems.exe
C:\WINDOWS\mdelk.exe
C:\WINDOWS\wintems.exe
C:\WINDOWS\Prefetch\108953.EXE-0BC57B82.pf
C:\WINDOWS\Prefetch\111828.EXE-16D6F8CA.pf
C:\WINDOWS\Prefetch\96343.EXE-1EA0F5EF.pf
C:\WINDOWS\Prefetch\99906.EXE-074D1063.pf
C:\WINDOWS\Prefetch\FLEC006.EXE-07147BC0.pf
C:\WINDOWS\Prefetch\MDELK.EXE-087EF2B4.pf
C:\WINDOWS\Prefetch\WINTEMS.EXE-127B61D4.pf
C:\WINDOWS\system32\srosa2.sys
C:\WINDOWS\system32\wfsintwq.sys
C:\Documents and Settings\MYRIAM\Application Data\drivers
C:\Documents and Settings\MYRIAM\Application Data\m

mimie17 · Answer

alors désolé j'ai dû réinstaller OTM puisque mon PC s'est éteint et que j'avais plus  OTM sur mon bureau.
Cela fait je ne trouve pas la case à cocher : Unregister Dll’s and Ocx’s soit bien cochée .
je n'ai que trois icônes qui sont : Movelt puis CleanUp et la dernière Exit
ensuite deux colonnes une jaune avec Paste instruction form items to be moved et l'autre colonne verte avec results

crapoulou · Answer

Ne te préoccupe pas de cette case cette fois-ci, on ne touchera pas au registre.

mimie17 · Answer

voilà ce que j'ai obtenu en espérant que c'est le bon cette fois-ci

========== FILES ==========
C:\WINDOWS\ban_list.txt moved successfully.
C:\WINDOWS\System32\srosa2.sys moved successfully.
File move failed. C:\Documents and Settings\MYRIAM\Application Data\drivers\winupgro.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\MYRIAM\Application Data\m\flec006.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\wintems.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\mdelk.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\wintems.exe scheduled to be moved on reboot.
File/Folder C:\WINDOWS\Prefetch\108953.EXE-0BC57B82.pf not found.
File/Folder C:\WINDOWS\Prefetch\111828.EXE-16D6F8CA.pf not found.
File/Folder C:\WINDOWS\Prefetch\96343.EXE-1EA0F5EF.pf not found.
File/Folder C:\WINDOWS\Prefetch\99906.EXE-074D1063.pf not found.
C:\WINDOWS\Prefetch\FLEC006.EXE-07147BC0.pf moved successfully.
C:\WINDOWS\Prefetch\MDELK.EXE-087EF2B4.pf moved successfully.
C:\WINDOWS\Prefetch\WINTEMS.EXE-127B61D4.pf moved successfully.
File/Folder C:\WINDOWS\system32\srosa2.sys not found.
File move failed. C:\WINDOWS\system32\wfsintwq.sys scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\MYRIAM\Application Data\drivers scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\MYRIAM\Application Data\m scheduled to be moved on reboot.
 
OTM by OldTimer - Version 3.1.6.0 log created on 01192010_231039

Files moved on Reboot...
File move failed. C:\Documents and Settings\MYRIAM\Application Data\drivers\winupgro.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\MYRIAM\Application Data\m\flec006.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\wintems.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\mdelk.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\wfsintwq.sys scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\MYRIAM\Application Data\drivers scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\MYRIAM\Application Data\m scheduled to be moved on reboot.

Registry entries deleted on Reboot...

mimie17 · Answer

là je vais devoir y aller je me reconnecte demain et comme d'habitude tu me laisses les instructions à suivre, je te remercie pour ton aide à demain bye bye

crapoulou · Answer

Il dfaudra que tu retélécharge RSIT et réessaye de le lancer.
Le cas échéant, tu me feras un nouveau rapport ZHPDiag stp.

mimie17 · Answer

J'ai réussit à relancer Malwarebytes' Anti-Malware, je te poste le rapport aussi Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3601
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

20/01/2010 09:17:42
mbam-log-2010-01-20 (09-17-42).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 210640
Temps écoulé: 26 minute(s), 4 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 81

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\bisoft (Worm.Bagle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\srosa (Worm.Bagle) -> Delete on reboot.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drvsyskit (Worm.Bagle) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\german.exe (Worm.Bagle) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Worm.Bagle) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\m (Trojan.Agent) -> Delete on reboot.

Fichier(s) infecté(s):
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0063625.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0063742.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0063760.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0063761.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0063793.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0063794.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0063803.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0063850.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0063854.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0064451.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0064469.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0064476.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0064481.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0064863.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0064864.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0064865.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0064878.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0064883.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0064887.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0064992.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0064993.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0064994.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0065111.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0065120.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0065123.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0065422.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0065423.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0065424.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0065469.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0065470.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0065484.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0065496.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0065499.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0065505.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0065890.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0065895.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0066064.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0066072.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0066075.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0066652.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0067127.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0067128.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0067130.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0067171.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0067172.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0067178.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0067182.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0067243.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0067247.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0067185.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0067727.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0067731.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0067734.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0068169.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0068200.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0068201.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0068212.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0068215.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0068208.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0068535.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0068565.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0068566.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0068571.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0068574.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0068895.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0068934.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0069148.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0068930.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0069153.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0069149.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0069576.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0069583.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0069588.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\WINDOWS\wintems.exe (Worm.Bagle) -> Delete on reboot.
C:\WINDOWS\mdelk.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\m\flec006.exe (Worm.Bagle) -> Delete on reboot.
C:\Documents and Settings\MYRIAM\Application Data\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\MYRIAM\Application Data\drivers\winupgro.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wfsintwq.sys (Worm.Bagle) -> Quarantined and deleted successfully.

crapoulou · Answer

Parfait, on avance bien.
Vide la quarantaine de Malwarebytes' Anti malware à nouveau.
RSIT fonctionne-t-il ?
Si non, en le retéléchargeant non plus ?

mimie17 · Answer

J'ai vidé la quarantaine de Malwarebytes' Anti malware
Lorsque je lance RSIT que je clique sur continue j'ai une fenêtre d'erreur qui s'affiche qui dit :
C\Program Files	rendmicro\MYRIAM.exe n'est pas une application win32 valide 
et quand je clique sur OK j'ai le log.txt de RSIT qui m'affiche :

Logfile of random's system information tool 1.06 (written by random/random)
Run by MYRIAM at 2010-01-20 13:02:06
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 35 GB (70%) free of 50 GB
Total RAM: 1023 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:20:49, on 20/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\MYRIAM\Bureau\RSIT.exe
C:\Program Files	rend micro\MYRIAM.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5392B545-31A5-4724-BEF3-4FED1D56FDAC} (CPlayFirstDinerDash2_frControl Object) - file://C:\Documents and Settings\MYRIAM\Local Settings\Application Data\Oberon Media\Oberon Games Host\DinerDash2_fr.1.0.0.70.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://charon777.free.fr/plugins/hardwaredetection_2_0_4_10.cab
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

crapoulou · Answer

Affiche les fichiers et dossiers cachés ainsi que les fichiers du système : - Mes documents - Outils - Options des dossiers - Onglet « Affichage » - Coche Afficher les fichiers et dossiers cachés - Décoche « Masquer les fichiers protégés du système d’exploitation (recommandé) » ******* Supprime ceci manuellement si c'est présent sur le disque : C:\Documents and Settings\MYRIAM\Application Data\m C:\WINDOWS\ban_list.txt ******* * Télécharge Ccleaner Slim : = = = = >>> En cliquant ici <<< = = = = * Installe le. * Choisis l’onglet Nettoyeur Quitte ton navigateur Internet avant de le lancer, décoche la dernière case (Avancé si elle est cochée) puis clique sur "lancer le nettoyage" quand il aura terminé le scan cliques en bas à droite sur "lancer le nettoyage" et accepte par oui. Attention, il risque de vider ta corbeille : si tu veux récupérer des fichiers effacés par erreur, mieux vaut le faire maintenant. * Choisis l’onglet Registre - Clique sur Chercher des erreurs - Une fois la recherche terminée, clic sur Réparer les erreurs sélectionnées (par défaut, tout est sélectionné, laisse comme ça) - Au message Voulez-vous sauvegarder les changements faits dans le registre, réponds Oui et enregistre le fichier au format « .reg » en le nommant par la date par exemple en le mettant sur le bureau. Puis continue. - A la fenêtre qui s’ouvre ensuite, clique sur Corriger toutes les erreurs sélectionnées puis OK - Recommence jusqu’à ce qu’aucune erreur n’apparaisse (ou une seule récurrente). - Ferme Ccleaner. * Tutoriel en images ICI si besoin. Note : La sauvegarde utilisée permet de remettre tel que la base était avant la manipulation au cas où il y aurait des soucis mais cela ne m’est jamais arrivé ! Il vaut mieux prendre des précautions, c’est tout. ;-) ******** - Fais un scan en ligne avec Kaspersky = = = = >>> En cliquant ici <<< = = = = (avec Internet Explorer) - En bas à droite, clique sur Démarrer Online-scaner - Dans la nouvelle fenêtre qui s’affiche, clique sur J’accepte - Accepte les Contrôles ActiveX - Choisis Poste de travail pour le scan. - Celui-ci terminé, sauvegarde (Choisis fichier texte) et poste le rapport - Pour t’aider à utiliser le scan en ligne, tu as un tuto ICI Note : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.

mimie17 · Answer

la je crois que c'est fichu je ne peux plus rien ouvrir

crapoulou · Answer

C'est-à-dire plus rien ouvrir ?

mimie17 · Answer

je pouvais plus rien ouvrir meme pas le jeu spider rien de rien j'ai du arreter par le bouton reset et en faisant F8 et dernière bonne configuration j'ai réussit donc j'attends j'ai kaspersky qui tourne

mimie17 · Answer

a l'aide,

J'etais en pleine analyse de Kaspersky Online Scanning, j'ai une fenêtre avec un point d'exclamation qui vient de s'ouvrir et qui dit


Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and the program again from the web site of Kaspersky Lab.

Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR : Scanning could not be started. [0x80004005]]

puis il y a ok

comme je ne suis pas tres forte en anglais, je ne veux pas faire une mauvaise manipulation, est-ce que je dois faire ok ou pas.

crapoulou · Answer

Oui, fais OK.

mimie17 · Answer

j'ai fais ok j'ai rien qui se passe par rapport au tuto que tu m'as laisser rien ne s'est affiché comme écrit sur celui-ci, tu crois qu'il faut que je recommence parce que j'ouvre Kaspersky avec le lien que tu m'as donné j'ai pas en bas à droite démarrer Online-scanner

crapoulou · Answer

Laisse tomber Kaspersky. On va tenter une analyse BitDefender : Fais un scan en ligne avec Bitdefender et colle le rapport = = = = >>> En cliquant ici <<< = = = = Scan à faire sous Internet Explorer. * En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE * Dans la nouvelle fenêtre, clique sur I agree * La fenêtre change encore, clique sur Click here to scan * Les signatures se chargent, etc. Poste en réponse le rapport de scan qui se trouve ici C:\windows\bdoscan8\scanres.txt ou bien scanres.html

mimie17 · Answer

j'ai passé bitdefender le seul rapport que je trouve c'est bdoscan.log-bloc- notes que je t'affiche en espérant que c'est le bon puisqu'après toutes les fenêtres de bitdefender contiennent des cadres qui sont vides style RTVR et y a rien d'autre d'écrit et que je peux même pas fermer


[General]
App	= "BitDefender Online Scanner v8"
Date	= 20:01:2010
Time	= 21:01:23
Scan Path	= C:\;D:\;E:\;F:\;

[Engines Info]
Virus Definitions	= 4878405
Engine build	= "AVCORE v2.1 Windows/i386 11.0.0.33 (Nov 24 2009)"
Scan plugins	= 17
Archive plugins	= 44
Unpack plugins	= 8
E-mail plugins	= 6
System plugins	= 4

[Scan Statistics]
Folders	= 6305
Files	= 112591
Archives	= 1349
Packed files	= 6437
Identified viruses	= 5
Infected files	= 86
Warnings	= 0
Suspect files	= 0
Disinfected files	= 0
Deleted files	= 53
Copied files	= 0
Moved files	= 0
Renamed files	= 0
I/O Errors	= 55

[Scan Settings]
SecondAction	= Delete
FirstAction	= Disinfect
Heuristics	= 1
Enable Warnings	= 1
Exclude Ext	= 
Extensions	= exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Scan Emails	= 1
Scan Archives	= 1
Scan Packed	= 1
Scan Files	= 1
Scan Boot	= 1
Verify Memory	= 0

[Scan Results]
Line00000085	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP339\A0056698.exe  Trojan.Generic.2919485"
Line00000084	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP339\A0057079.exe  Trojan.Generic.2919485"
Line00000083	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP339\A0057474.sys  Rootkit.Bagle.Gen"
Line00000082	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP339\A0057884.exe  Trojan.Generic.2908633"
Line00000081	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP339\A0057886.sys  Rootkit.Bagle.Gen"
Line00000080	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP339\A0057904.exe  Trojan.Generic.2919485"
Line00000079	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP339\A0057919.sys  Rootkit.Bagle.Gen"
Line00000078	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP339\A0057952.sys  Rootkit.Bagle.Gen"
Line00000077	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP342\A0058130.exe  Trojan.Generic.2919485"
Line00000076	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP342\A0058132.sys  Rootkit.Bagle.Gen"
Line00000075	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP343\A0058218.exe  Trojan.Generic.2919485"
Line00000074	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP343\A0058225.sys  Rootkit.Bagle.Gen"
Line00000073	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP343\A0058333.sys  Rootkit.Bagle.Gen"
Line00000072	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP343\A0058460.exe  Trojan.Generic.2919485"
Line00000071	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP343\A0058465.sys  Rootkit.Bagle.Gen"
Line00000070	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP346\A0058555.sys  Rootkit.Bagle.Gen"
Line00000069	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP346\A0058865.exe  Trojan.Generic.2908633"
Line00000068	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP346\A0058888.exe  Trojan.Generic.2919485"
Line00000067	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP346\A0059090.sys  Rootkit.Bagle.Gen"
Line00000066	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0059654.exe  Trojan.Generic.2919485"
Line00000065	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0059697.sys  Rootkit.Bagle.Gen"
Line00000064	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0059712.sys  Rootkit.Bagle.Gen"
Line00000063	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0059939.exe  Trojan.Generic.2919485"
Line00000062	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0059986.sys  Rootkit.Bagle.Gen"
Line00000061	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0060389.exe  Trojan.Generic.2919485"
Line00000060	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0060410.sys  Rootkit.Bagle.Gen"
Line00000059	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0061641.exe  Trojan.Generic.2919485"
Line00000058	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0061652.sys  Rootkit.Bagle.Gen"
Line00000057	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0061698.exe  Trojan.Generic.2919485"
Line00000056	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0062094.sys  Rootkit.Bagle.Gen"
Line00000055	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0062145.exe  Trojan.Generic.2919485"
Line00000054	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0062519.sys  Rootkit.Bagle.Gen"
Line00000053	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0062534.exe  Trojan.Generic.2919485"
Line00000052	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0062914.sys  Rootkit.Bagle.Gen"
Line00000051	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0062949.exe  Trojan.Generic.2919485"
Line00000050	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0063417.exe  Trojan.Generic.2908633"
Line00000049	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP347\A0063464.sys  Rootkit.Bagle.Gen"
Line00000048	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0063617.exe  Trojan.Generic.2919485"
Line00000047	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0063754.sys  Rootkit.Bagle.Gen"
Line00000046	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0063846.exe  Win32.Bagle.SVI"
Line00000045	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0063847.exe  Trojan.Generic.2908633"
Line00000044	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0064449.exe  Trojan.Generic.2919485"
Line00000043	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0064470.exe  Trojan.Generic.2919485"
Line00000042	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0064861.sys  Rootkit.Bagle.Gen"
Line00000041	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0064879.exe  Trojan.Generic.2919485"
Line00000040	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0064991.sys  Rootkit.Bagle.Gen"
Line00000039	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0065113.exe  Trojan.Generic.2908633"
Line00000038	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP348\A0065421.sys  Rootkit.Bagle.Gen"
Line00000037	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0065493.exe  Trojan.Generic.2919485"
Line00000036	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0066643.exe  Win32.Bagle.SVI"
Line00000035	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0066644.exe  Trojan.Generic.2908633"
Line00000034	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0067126.sys  Rootkit.Bagle.Gen"
Line00000033	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0067244.exe  Trojan.Generic.2908633"
Line00000032	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP349\A0067728.exe  Trojan.Generic.2919485"
Line00000031	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0068194.sys  Rootkit.Bagle.Gen"
Line00000030	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0068209.exe  Trojan.Generic.2919485"
Line00000029	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0068893.exe  Trojan.Generic.2919485"
Line00000028	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0069120.exe  Win32.Bagle.SVI"
Line00000027	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0069122.exe  Trojan.Generic.2919485"
Line00000026	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0069142.sys  Rootkit.Bagle.Gen"
Line00000025	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0069580.exe  Trojan.Generic.2919485"
Line00000024	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0069785.exe  Win32.Bagle.SUQ@mm"
Line00000023	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0069787.sys  Rootkit.Bagle.Gen"
Line00000022	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0070276.exe  Win32.Bagle.SVI"
Line00000021	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0070278.exe  Trojan.Generic.2908633"
Line00000020	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0070283.exe  Win32.Bagle.SUQ@mm"
Line00000019	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0070286.exe  Win32.Bagle.SUQ@mm"
Line00000018	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0070369.sys  Rootkit.Bagle.Gen"
Line00000017	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0070370.exe  Win32.Bagle.SUQ@mm"
Line00000016	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0070371.exe  Win32.Bagle.SUQ@mm"
Line00000015	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0071015.exe  Win32.Bagle.SVI"
Line00000014	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0071016.exe  Trojan.Generic.2919485"
Line00000013	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0071023.exe  Win32.Bagle.SUQ@mm"
Line00000012	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0071026.exe  Win32.Bagle.SUQ@mm"
Line00000011	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0071082.sys  Rootkit.Bagle.Gen"
Line00000010	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0071926.sys  Rootkit.Bagle.Gen"
Line00000009	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0072926.sys  Rootkit.Bagle.Gen"
Line00000008	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0073926.sys  Rootkit.Bagle.Gen"
Line00000007	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0073927.exe  Win32.Bagle.SUQ@mm"
Line00000006	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0073928.exe  Win32.Bagle.SUQ@mm"
Line00000005	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0074305.exe  Trojan.Generic.2908633"
Line00000004	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0074311.exe  Win32.Bagle.SUQ@mm"
Line00000003	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0074365.sys  Rootkit.Bagle.Gen"
Line00000002	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0074366.exe  Win32.Bagle.SUQ@mm"
Line00000001	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0074367.exe  Win32.Bagle.SUQ@mm"
Line00000000	= "C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP350\A0074368.exe  Win32.Bagle.SUQ@mm"

crapoulou · Answer

Tout ce qui a été détecté est dans la restauration du système, tout va bien.

Comment va le PC globalement ?

mimie17 · Answer

euhhhh là je crois qu'y a un soucis

le pc marche très bien si tu considères qu'aucun logiciel de protection ne fonctionne

je ne peux toujours pas redémarrer en mode sans échec, je ne peux passer ni ccleaner, ni spybot, ni antivir, ni Malwarebytes' Anti malware 

en plus depuis dès qu'il redémarre je suis a chaque fois obligé d'appuyer sur la touche Verr. Num sans quoi j'ai plus les chiffres

y a pas grand chose qui a changer finalement

crapoulou · Answer

Si si pas mal de chose ont changé : Bagle n'est quasiment plus là...
Il y a toujours des clés de registre à rétablir.
Le souci c'est que je ne connais pas l'emplacement exact de ces clés de registre.
Réussis-tu à lancer Findykill option 2 ?

Pour les logiciels de sécurité :
Désinstalle ce qui ne fonctionne pas et réinstalle les.
Pour l'antivirus, je te conseille de laisser tomber Avast pour Antivir.

, Antivir d’Avira est meilleur qu’Avast ou autre antivirus gratuit.
Si ça t’intéresse, désinstalle bien le tien et installe Antivir.
Tout est expliqué sur ce lien, du téléchargement à la configuration.
Autres liens utiles : ICI
ET ICI

*****

Fais une analyse complète du système avec l'antivirus.

*****

Réinstalle Malwarebytes' Anti Malware.
Mets-le à jour.
Fais une analyse complète du système.

C'est cool, t'es patiente ;-).

mimie17 · Answer

ah oui j'ai oublié le fameux dossier C\Documents and Settings\MYRIAM\Application Data\m est toujours dans la corbeille et j'arrive pas à le supprimer

crapoulou · Answer

Erreur particulière lors de la tentative de suppression ?

Et "Vider la corbeille" ?

mimie17 · Answer

des que je passe ccleaner au niveau de recherche les erreurs déjà il ne va jamais à 100% et non y a rien à faire pour vider la corbeille

crapoulou · Answer

Ok.
Les analyses sont en cours ?
https://forums.commentcamarche.net/forum/affich-16170035-probleme-logiciel-de-securite?page=4#78

mimie17 · Answer

mais je suis patiente et j'ai confiance par contre j'ai des journées assez lourdes donc je reprends tout à tête reposée demain et encore merci de ton aide

crapoulou · Answer

Très bien !
Bonne nuit à toi et à demain alors.

mimie17 · Answer

Bonjour,
la journée va être longue pour mon PC

Quand je lance l'option 2 avec Findikyll lorsque le PC redémarre une fenêtre s'ouvre le scan ne va pas au delà de 20% et lorsque la fenêtre disparait, je ne peux plus ouvrir quoi que ce soit.

Je suis obligé de redémarrer en appuyant sur le bouton reset de la colonne, de faire F8 et de redémarrer en dernière bonne configuration connue. Y a t-il des touches avec lesquelles je pourrais redémarrer sans être obligé d'appuyer sur le bouton reset, je risque d'abîmer l'ordi, non?

impossible non plus d'installer antivir

A ce propos y a bien longtemps que j'ai désinstaller avast comment ce fait il qu'il apparait encore, j'avais bitdefender mais comme ma licence à expirer, en attendant d'aller acheter la clé d'enregistrement j'avais pris antivir

crapoulou · Answer

Ctrl + Alt + Suppr et arrête le processus de findykill si tu le trouve.
Non cela n'abime pas l'ordinateur mais faut éviter :o)

Vire BitDefender et garde Antivir non ?

Oublie Findykill et passe à la suite.

mimie17 · Answer

Sous quel nom ça pourrait être le processus de findykill, j'ai une liste impressionnante dans la liste 

Bitdefender je l'ai plus y a un moment, j'ai juste fait le scan hier avec le lien que tu m'as donné

Antivir impossible de l'installer, je ne peux toujours rien ouvrir en ce qui concerne les logiciels de sécurité

crapoulou · Answer

On va passer à la méthode plus forte. Fais un clic droit ici : = = = = >>> En cliquant ici <<< = = = = * Dans le menu qui se déroule, choisis "Enregistrer la cible du lien sous" (si tu utilises Firefox) et "Enregistrer la cible sous" (si tu utilises Internet Explorer) * Une fenêtre va s’ouvrir: dans le champ Nom du fichier (en bas), tape ceci > combo-fix --> le tiret est important. <-- * On va enregistrer ce fichier sur le Bureau : pour cela, sur le panneau de gauche, clique sur le Bureau. * Clique enfin sur le bouton Enregistrer en bas de page à droite. * Assure toi que tous les programmes sont fermés avant de lancer le fix ! Ne lance pas le fix tout de suite ! Il faut que t’installe la Console de Récupération Windows si ce n’est pas fait (pour pouvoir démarrer en mode sans échec, … et avoir un démarrage sélectif). Si tu es sûr de l’avoir, continue à l’étape suivante, si non, suis cette procédure pour l’installer avec le CD d’installation Windows en cliquant ICI. Si tu n’as pas le CD, ComboFix contient une procédure d’installation de la Console de Récupération Windows en téléchargeant un fichier depuis Microsoft. Pour l’installer sans CD, suis ces instructions : - Clique ICI pour aller sur le site Web de Microsoft. - Sur cette page, descendez jusqu’à "Téléchargement du fichier programme des disquettes d’installation" et cliquez sur le téléchargement correspondant à votre version de Windows XP (Édition familiale ou Professionnel) et au Service Pack que vous avez installé. Lorsque vous avez cliqué sur le lien de téléchargement du fichier, vérifiez que ce dernier sera enregistré directement sur votre Bureau. Si vous utilisez Windows XP Service Pack 3 (SP3), sélectionnez le téléchargement Service Pack 2. Si vous utilisez Windows XP Media Center, sélectionnez le téléchargement Windows XP Pro Service Pack 2. * Fait un double clique sur combofix.exe. * Clique sur Oui au message de Limitation de Garantie qui s’affiche. * Il est possible que ton parefeu te demande si tu acceptes ou non l’accès de nircmd.cfexe à la zone sure: accepte! * Note: Ne ferme pas la fenêtre qui vient de s’ouvrir , tu te retrouverais avec un bureau vide ! * Lorsque le scan est terminé, un rapport sera généré : poste en le contenu dans ton prochain message. * Note : Le rapport se trouve également là : C:\ComboFix.txt

mimie17 · Answer

Comme je sais pas si j'ai la console de recuperation Windows et que je n'ai pas le cd, j'ai suivi l'instruction

quand je lance le pack j'ai une fenêtre Sous-sytème MS-DOS 16 bits

C:\DOCUME~1\MYRIAM\LOCAL~1\Temp\IXP000.TMP\makeboot.exe
SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers.VDD. Le format du pilote de périphérique virtuel dans le Registre n'est pas valide. Choisissez 'Fermer' pour mettre fin à l'application

donc ???? pour la boss que je suis, lol

mimie17 · Answer

si j'ignore la fenêtre on me dit que je vais devoir fournir 6 disquettes sauf que j'ai pas de lecteur disquette

crapoulou · Answer

Tu pourrais me faire une capture d'écran de ces messages stp ?

mimie17 · Answer

j'espere que c'est ce que tu voulais et que ça va marcher

[URL=https://imageshack.com/][IMG=http://img686.imageshack.us/img686/6807/image1cm.th.png][/IMG][/URL]

crapoulou · Answer

1) Remercie emule pour les infections !
2) Sauvegarde tes données au cas où il y ait un souci car je sens ton Windows très instanble !
Est-ce une version légale de Windows ?
3) Comment cela se fait que tu n'as pas de CD ?

mimie17 · Answer

mes mômes surtout 

au sujet de la version légale, j'ai acheté mon ordi y a deux ans chez l'enseigne plein ciel, donc j'espère que c'est légal, et c'est vrai que je n'ai aucun cd mais aucun aucun mise à part le matériel que j'ai acheté après;

Et si je plante l'ordi c'est clair que je vais retourner chez le vendeur, et j'espère pour lui qu'il n'y a pas anguille sous roche où il sera pas sourd

Je peux fermer ces fenêtres ?

et une fois que j'aurai sauvegarder mes données je passe combo-fix

crapoulou · Answer

Ok. Concernant tes données, elles sont sauvegardées ? **** Ce n'est pas normal tu devrais avoir un CD ou des CD à graver. Ce n'est pas sérieux de la part des vendeurs. Non il n'y aura probablement pas anguille sous roche je ne pense pas. Ferme les fenêtres oui. ******* On va repartir sur des bases saines et tout virer les outils utilisés : Télécharge Toolscleaner sur ton Bureau = = = =>>> En cliquant ici <<<= = = = * Double-clique sur ToolsCleaner2.exe et laisse le travailler * Clique sur Recherche et laisse le scan se terminer. * Clique sur Suppression pour finaliser. * Tu peux, si tu le souhaites, te servir des Options facultatives. * Clique sur Quitter, pour que le rapport puisse se créer. * Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse. ***** Télécharge FindyKill (de El desaparecido) sur ton bureau et installe-le : = = = = =>>> En cliquant ici <<<= = = = = ! Déconnecte toi et ferme toutes tes applications en cours ! * Double clique sur "FindyKill.exe" pour lancer l’installation et laisse les paramètres d’installation par défaut. * Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) * Double-clique sur le raccourci FindyKill qui est sur ton bureau pour lancer l’outil. * Au menu principal choisis l’option "F" pour français et tape sur [Entrée]. * Au second menu Choisis l’option "1" (recherche) et tape sur [Entrée]. Laisse travailler l’outil et ne touche à rien ... => Poste le rapport qui apparaît à la fin, sur le forum ... (Le rapport est sauvegardé aussi sous C:\FindyKill.txt) (CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller) Note : "Process.exe", une composante de l’outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s’agit pas d’un virus, mais d’un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d’où l’alerte émise par ces antivirus. Fais bien l'option 1 !

mimie17 · Answer

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche: 

C:\Lop SD: trouvé !
C:\_OTM: trouvé !
C:\FindyKill: trouvé !
C:\Rsit: trouvé !
C:\Ad-remover: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\MYRIAM\Bureau\OTM.exe: trouvé !
C:\Lop SD\catchme.exe: trouvé !
C:\Program Files\ZHPDiag: trouvé !
C:\Program Files\Trend Micro\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\hijackthis.log: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\ZHPDiag\ZHPdiag.exe: trouvé !

---------------------------------
--> Suppression: 
voilà pour toolscleaner2.exe


C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\MYRIAM\Bureau\OTM.exe: supprimé !
C:\Lop SD\catchme.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Program Files\ZHPDiag\ZHPdiag.exe: supprimé !
C:\Program Files\Trend Micro\hijackthis.log: supprimé !
C:\Lop SD: supprimé !
C:\_OTM: supprimé !
C:\FindyKill: ERREUR DE SUPPRESSION !!
C:\Rsit: supprimé !
C:\Ad-remover: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\ZHPDiag: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Corbeille vidée!
Fichiers temporaires nettoyés !

mimie17 · Answer

voilà le rapport FindyKill


############################## | FindyKill V5.027 |

# User : MYRIAM (Administrateurs) # PCMIMI
# Update on 21/01/2010 by El Desaparecido
# Start at: 14:59:27 | 21/01/2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

# AMD Athlon(tm) 64 X2 Dual Core Processor 4400+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Enabled

# C:\ # Disque fixe local # 48,83 Go (30,95 Go free) [SYSTEM] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 184,06 Go (156,28 Go free) [DATA] # NTFS
# F:\ # Disque amovible

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\MYRIAM\Application Data\drivers\winupgro.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\MYRIAM\Application Data\m\flec006.exe
C:\WINDOWS\wintems.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
 
############################## | Processus infectieux stoppés  | 

"C:\Documents and Settings\MYRIAM\Application Data\drivers\winupgro.exe"  (652)
"C:\Documents and Settings\MYRIAM\Application Data\m\flec006.exe"  (1208)
"C:\WINDOWS\wintems.exe"  (4048)

################## | C: |


################## | C:\WINDOWS |

C:\WINDOWS\ban_list.txt  
C:\WINDOWS\mdelk.exe  
C:\WINDOWS\wintems.exe  

################## | C:\WINDOWS\Prefetch |

C:\WINDOWS\Prefetch\1252968.EXE-29F375B7.pf  
C:\WINDOWS\Prefetch\1262578.EXE-2038D8FD.pf  
C:\WINDOWS\Prefetch\1268281.EXE-1412DCAF.pf  
C:\WINDOWS\Prefetch\43781.EXE-10604BAC.pf  
C:\WINDOWS\Prefetch\55625.EXE-2A0FD064.pf  
C:\WINDOWS\Prefetch\56656.EXE-17B06282.pf  
C:\WINDOWS\Prefetch\56828.EXE-09A5CEA6.pf  
C:\WINDOWS\Prefetch\60703.EXE-06B8CAF7.pf  
C:\WINDOWS\Prefetch\62453.EXE-0854E5A1.pf  
C:\WINDOWS\Prefetch\64609.EXE-0223072F.pf  
C:\WINDOWS\Prefetch\65859.EXE-1790BC9B.pf  
C:\WINDOWS\Prefetch\67984.EXE-211F0B58.pf  
C:\WINDOWS\Prefetch\68125.EXE-0B579BCE.pf  
C:\WINDOWS\Prefetch\70140.EXE-0AF04BBA.pf  
C:\WINDOWS\Prefetch\70453.EXE-05D966B1.pf  
C:\WINDOWS\Prefetch\72593.EXE-29F44059.pf  
C:\WINDOWS\Prefetch\75703.EXE-3523D1DC.pf  
C:\WINDOWS\Prefetch\FLEC006.EXE-07147BC0.pf  
C:\WINDOWS\Prefetch\MDELK.EXE-087EF2B4.pf  
C:\WINDOWS\Prefetch\WINTEMS.EXE-127B61D4.pf  

################## | C:\WINDOWS\system32 |

C:\WINDOWS\system32\srosa2.sys  
C:\WINDOWS\system32\wfsintwq.sys  

################## | C:\WINDOWS\system32\drivers |


################## | C:\Documents and Settings\MYRIAM\Application Data |

C:\Documents and Settings\MYRIAM\Application Data\drivers  
C:\Documents and Settings\MYRIAM\Application Data\drivers\downld  
C:\Documents and Settings\MYRIAM\Application Data\drivers\winupgro.exe  
C:\Documents and Settings\MYRIAM\Application Data\m  
C:\Documents and Settings\MYRIAM\Application Data\m\data.oct  
C:\Documents and Settings\MYRIAM\Application Data\m\flec006.exe  
C:\Documents and Settings\MYRIAM\Application Data\m\list.oct  
C:\Documents and Settings\MYRIAM\Application Data\m\srvlist.oct  
C:\Documents and Settings\MYRIAM\Application Data\m\shared  

################## | Temporary Internet Files |


################## | Crack > Keygen > Serial |


################## | Registre |

[HKLM\SYSTEM\CurrentControlSet\Services\srosa]  
[HKLM\SYSTEM\ControlSet001\Services\srosa]  
[HKLM\SYSTEM\ControlSet004\Services\srosa]  
[HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]  
[HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]  
[HKCU\Software\bisoft]  
[HKCU\Software\DateTime4]  
[HKCU\Software\MuleAppData]  
[HKCU\Software\WS35]  
[HKCU\Software\WS4001]  
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"  
[HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"  
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"  
[HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"  
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "mule_st_key"  
[HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run] "mule_st_key"  
[HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\bisoft]  
[HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\DateTime4]  
[HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\MuleAppData]  
[HKCU\Software\Local AppWizard-Generated Applications\winupgro]  
[HKU\S-1-5-21-57989841-630328440-725345543-1003\Software\Local AppWizard-Generated Applications\winupgro]  

################## | Etat |

# Affichage des fichiers cachés : OK
 
Clé manquante : HKLM\...\SafeBoot | Mode sans echec non fonctionnel !  
 
# (!) Ndisuio -> Start = 4 ( Good = 3 | Bad = 4 )  
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 ) 
# (!) Ip6Fw -> Start = 4 ( Good = 2 | Bad = 4 )  
# (!) SharedAccess -> Start = 4 ( Good = 2 | Bad = 4 )  
# (!) wuauserv -> Start = 4 ( Good = 2 | Bad = 4 )  
# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )  

################## | ! Fin du rapport # FindyKill V5.027 ! |

mimie17 · Answer

Findikyll option 2 c'est fait mais toujours le même résultat
il redémarre l'ordi à 60% du scan
et quand il redémarre la barre monte à 20% puis là ça me bloque tout je peux plus rien ouvrir

crapoulou · Answer

Tes données sont bien sauvegardées ?! Passe à la suite quand c'est bien le cas. ***** Enregistre ceci (Combofix renommé en KillB.exe) sur ton bureau : = = = = >>> En cliquant ici <<< = = = = * Assure toi que tous les programmes sont fermés avant de lancer le fix ! * Fait un double clique sur KillB.exe * Clique sur Oui au message de Limitation de Garantie qui s’affiche. * Il est possible que ton parefeu te demande si tu acceptes ou non l’accès de nircmd.cfexe à la zone sure: accepte! * Note: Ne ferme pas la fenêtre qui vient de s’ouvrir , tu te retrouverais avec un bureau vide ! * Lorsque le scan est terminé, un rapport sera généré : poste en le contenu dans ton prochain message. * Note : Le rapport se trouve également là : C:\ComboFix.txt

mimie17 · Answer

impossible de passer combofix non plus

j'ai dit oui pour la mise à jour, ça m'a marqué qu'il allait redémarrer et puis la fenêtre d'erreur comme quoi
ComboFix n'est pas une application win32 valide

crapoulou · Answer

Essaye de recommencer sans accepter la mise à jour.
Je reviens ce soir.
A plus tard.

mimie17 · Answer

J'ai l'impression qu'on a progressé, pour moi c'est qu'une impression tu me diras........
voilà le rapport combofix

ComboFix 10-01-20.05 - MYRIAM 21/01/2010  19:08:30.2.2 - x86
Microsoft Windows XP Professionnel  5.1.2600.3.1252.33.1036.18.1023.750 [GMT 1:00]
Lancé depuis: c:\documents and settings\MYRIAM\Bureau\KillB.exe
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\MYRIAM\Application Data\drivers\downld
c:\documents and settings\MYRIAM\Application Data\drivers\downld\122859.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\123078.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\123281.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\123921.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\124312.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\124906.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\125546.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\126468.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\127390.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\128078.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\128484.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\128703.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\129093.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\129468.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\130953.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\131500.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\131765.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\131953.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\135187.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\135593.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\135968.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\136218.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\136406.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\136593.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\137203.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\137828.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\138062.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\138281.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\138562.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\138843.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\139734.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\140218.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\141390.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\142031.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\142406.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\142640.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\143359.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\143984.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\144156.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\144343.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\144750.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\145125.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\145375.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\145578.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\145812.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\146062.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\146218.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\146390.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\147984.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\148578.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\149500.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\150203.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\150562.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\150765.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\150984.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\151187.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\152656.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\153609.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\153843.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\156203.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\157453.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\164234.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\164531.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\164750.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\165406.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\165812.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\166078.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\166250.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\167484.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\167718.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\168062.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\168281.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\169156.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\169781.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\170156.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\170390.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\170578.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\175390.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\175968.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\176406.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\176656.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\177796.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\178562.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\179078.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\179671.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\180093.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\180687.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\181078.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\181718.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\182109.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\182468.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\182671.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\182937.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\225265.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\226390.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\227062.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\227640.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\227921.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\228875.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\229625.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\230328.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\230750.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\231968.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\233156.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\235125.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\236109.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\236578.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\236843.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\237046.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\247531.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\248281.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\248750.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\251953.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\254281.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\254609.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\275359.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\275953.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\280015.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\280296.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\280593.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\280921.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\281140.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\281796.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\282187.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\283484.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\284343.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\284921.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\285328.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\285859.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\286156.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\286734.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\287000.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\287781.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\288187.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\289093.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\289781.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\290015.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\311281.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\320640.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\320906.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\321140.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\322281.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\322921.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\323203.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\323406.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\323687.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\324000.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\324968.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\325375.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\328359.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\329765.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\330000.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\330203.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\330546.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\330781.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\331234.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\331546.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\331796.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\331968.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\332203.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\332437.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\332687.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\332875.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\334515.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\335171.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\335859.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\336234.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\336578.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\336796.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\337734.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\338390.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\339093.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\369750.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\371171.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\374390.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\374937.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\375375.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\376265.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\376500.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\376921.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\377265.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\377953.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\420609.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\420796.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\420984.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\421937.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\422890.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\423140.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\423343.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\423687.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\423843.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\424078.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\424328.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\424703.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\424906.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\425484.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\425875.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\426109.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\426296.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\427328.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\428203.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\429375.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\430312.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\432593.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\434546.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\435140.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\435656.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\436843.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\437812.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\438968.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\439718.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\441937.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\443031.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\443593.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\449140.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\450187.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\450953.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\451312.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\451484.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\452015.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\452406.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\453078.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\453781.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\454421.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\454890.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\455984.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\456656.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\456875.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\499140.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\499640.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\500000.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\500281.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\500515.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\500812.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\501062.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\501562.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\501781.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\503734.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\505437.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\505765.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\506015.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\506203.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\506375.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\507265.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\507921.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\508156.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\508343.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\508875.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\509421.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\509656.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\509875.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\510234.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\510703.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\511921.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\512859.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\519687.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\524187.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\524484.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\524718.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\525125.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\525328.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\525968.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\526218.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\526578.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\526781.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\526984.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\527156.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\527343.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\527531.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\528015.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\528406.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\531140.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\532562.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\533218.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\533718.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\535390.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\535906.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\539656.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\543593.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\543843.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\547109.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\547375.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\547578.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\548250.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\548765.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\549265.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\549656.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\550562.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\551203.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\553500.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\554234.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\555281.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\555984.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\556500.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\561703.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\562625.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\563312.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\563640.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\568968.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\569140.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\569328.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\570015.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\570453.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\570953.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\571328.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\573968.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\577000.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\577234.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\577437.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\578109.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\578625.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\579250.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\579718.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\581078.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\586000.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\586718.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\587218.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\587828.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\81609.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\81812.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\82015.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\82187.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\82390.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\90515.exe
c:\documents and settings\MYRIAM\Application Data\drivers\winupgro.exe
c:\documents and settings\MYRIAM\Application Data\m
c:\documents and settings\MYRIAM\Application Data\m\data.oct
c:\documents and settings\MYRIAM\Application Data\m\flec006.exe
c:\documents and settings\MYRIAM\Application Data\m\list.oct
c:\documents and settings\MYRIAM\Application Data\m\shared\1-2-3 PieCharts 1.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\1Click DVD Copy v4.1.1.8 WinALL Incl Keygen Repack by BLiZZARD.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\1st DVD Ripper v5.0.1.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\3D Matrix ScreenSaver- The Endless Corridors (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\3DField 1.77.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\A1 DVD Ripper Professional 1.0.xx 1.0.xx (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\A1 Website Download v1.2.8 by AHCU.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Access Animation v1.90 by TMG.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Acoustica MP3 CD Burner v4.0.95 by EMBRACE.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Ad Muncher 4.06.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Adobe PageMaker Plug-in Pack for InDesign CS 1.0 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Advanced Replacer v1.1 by LasH.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Aglare All to 3GP MP4 iPod Zune iPhone Converter 7.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Aha Password and Info Manager 7.61.00.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Album Player v2.12 by DiGERATi.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Alcohol 120 Percent v1.3.4 build 1106 by LasH.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Alive CD Ripper 1.1.0.2.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Allok Audio Converter 1.1.0 CrAcKed.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Alltags Planer 99.09 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Andromeda Screen Shot Saver 2.38.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Aone Ultra Video Splitter v3.7.0 by BRD.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Archon Weld Calculator 6.0 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Aresuki 3.0 for Mac.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\ASE ChartDirector for Python v4.0 Solaris Incl Keymaker by ZWT.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Ashampoo Burning Studio v5.0.1 by EMBRACE.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Audio Developer SDK 1.0 (crack).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Available Domains 1.02 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\AVS DV to DVD 1.2.1.102-key.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\BackupXpress Pro 2.72.35.176 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Bali PLANNING v5.48.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Benutec RamCleaner v3.55 build 1726.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Bibliotheque 3.0 for Mac.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Binary Vortex 2.7.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\BluePrint Personal Edition 1.2.7 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\BoXiKoN v1.5.2 WinALL CRACKED by iNDUCT.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Bram Stokers Dracula (1993) (Psygnosis) FULL!.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\BT Printer List ActiveX v2.0.2.2 by DSi.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Bubble Frenzy Remix v2.1.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Bubble Trouble 1.0.0 for Mac.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Bulker v3.24 WinALL Incl Keygen by BLiZZARD.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Bytegeist Ghost Trails v3.0 for 3DSMAX v6.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\CalendarMirror for Outlook 2.1 keygen.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Call of Duty Modern Warfare 2 NO INTRO FIX.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Call of Duty World at War v1.5 MULTIHACK.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Capturix VideoSpy 2007 Enterprise Edition v4.10.2096 by TE.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Cartesia Map Art Clip Art Pack vAll for Mac.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Catalogue Pro v4.2.21 by diGERATi.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\CFi ShellToys XP 2.0.1.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Chaser Keygen.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\CHN Calculator 4 for Mac.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Classical Spanish Solitaires 1.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\CodeTangler Professional 2.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\ColorImpact v2.3.0.308 Winall Cracked by iNFECTED.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Command Mail v2.21 by TMG.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Connectpc v1.1 WinALL Incl Keygen by ECLiPSE.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\CopyToCD v1.06b.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Crossword Construction Kit v4.0.3.1 by Core.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\CUSeeMe Windows PC for Mac.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\CyberLink StreamAuthor 1.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\DacEasy Order Entry Network 9.10.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Dark Sector v1.0 [MULTI2] +4 TRAINER #1.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Deneba Canvas all versions for Mac.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\DialogBlocks v4.10 Unicode by ACME.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Digital Physiognomy v1.x Generic by FFF.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\DigitByte Studio Traffic Counter v2.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Directory Toolkit v3.2.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Doppelganger 3.1.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\dotConnect for SQL Server 2.05.49.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\DropFolder 1.01.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\DVD Rebuilder Pro v1.09 by DVT.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\dvdXSoft DVD to iPhone Converter v1.42 by AT4RE.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\DzWords 1.29 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\EasyText 3.5 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\eAuction Watcher 2.3.5 beta 10.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\EAUpload 1.3.1 patch.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\EBP Compta Facturation 2005 v9.1 R2BIS 877 French RETAIL by RESET.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Elite Software Ecoord v3.0.11 Incl Keyfilemaker by AGAiN.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Email Man 3.0.1.12011.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Embird Alphabet 10 1.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Enable Toolbox 2.3d build 9.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\English-Spanish Interpreter (ESI) Standard 1.31.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\ESP Mail Check 2.0 Beta 3.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Fancy DVD Copy v2.0 WinALL Incl Keygen by BRD.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Fast Exit Pro 1.06 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Feeding Frenzy 2.9.16.1 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Financial Advisor for Excel Full Access 4.1.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Finanzrechner 1.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Fire Frenzy Retail JAVA SE K810 by RLYEH.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Folder Encryption Fairy v3.5.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\GameHouse Super Jigsaw Flowers by BalCrNepal.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Gene Troopers v1.0 +5 TRAINER.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Goetz's Graphics Kit 1.02.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\goUpdater 1.0.4.51.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\GretagMacbeth ProfileMaker Pro v4.1.5.108 (CD) and 4.1.5.110 (WEB).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\GTA San Andreas v1.0 +10 TRAINER 2.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Heinecke Airomate v1.02 by HAZE.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Hello Engines 3.0 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\HGSBuchArchiv 4.01 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\His Grepship v4.2.1.6 Keymaker Only REPACK by ACME.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\History sweeper XXL 3.7.40.078.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Hoolicon 2.01 Updated.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\HTMLPad 2000.3 x Beta.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Hucks Rocket Boot Hero v1.2 by AERiS.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\IAS Log Viewer 2.28.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Icon Processor v3.0 by SND.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\IdentaFone 4.3.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Image Editor 3.1.02.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Import-Export Studio v2.2.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Installed Programs Finder 1.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Investintech Sonic PDF Creator v2.0 WinALL Cracked by iNViSiBLE.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Invoy 2.00.2.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\ISpQ VideoChat 5.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\ItsTime 2.8e-key.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\J. River Media JukeBox v8.0.265.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\JetBoat SuperChamps (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\jigpix 2.5 serial by TSRh.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\JProbe Profiler Professional Edition 2.0 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\KeyView Pro 6.5.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\KoolMoves 1.95.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Lavalys EVEREST Corporate Edition v5.00.1650 by CRD.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Little Hopper's Math Tac Toe 1.1.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Magic SWF2AVI v1.10 by FFF.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Mailcoach 2 x (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\MakeMS v2.7.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\McFunSoft DVD Creator v7.8 WinALL Regged by iNDUCT.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\MEDIAKG FotoWorks v9.1.4 German WinALL Incl Keygen by ViRiLiTY.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Microsoft VirtualEarth Satellite Downloader v3.203 by AHCU.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Millennium 2000 World Book International Standard English Edition (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Mini Video Converter Video to iPhone Converter by AT4RE.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Mocha Telnet for Vista 1.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Motherload Goldium Edition v1.006 by DELiGHT.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\MP3 Disc Burner v1.60 by LasH.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\MySuperSoft Flash2Video v3.68.950 by DVT.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\MySuperSoft SuperAVConverter v7.6.3500 by DVT.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Mytoolsoft Batch WaterMark v1.5 by FFF.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Nero Burning ROM Enterprise Edition v6.6.0.1.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\NetCetera Rida Rida Ranka v2.5.1.8 SWEDISH by TFT.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\NetInfo v3.0 build 1116.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\NetSpy 3.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\NextUp Talker v1.011 by TBE.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\NFS Underground 2 [US] EURO CARS UNLOCKED.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\NFS Underground v1.3.4 +6 TRAINER.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Norbyte Petal Palace v1.0.6 CRACKED by RHE.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Norton Antivirus for Macintosh Subscription Renewal 9.x for Mac (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Noughts and Crosses 1.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\OandO Defrag Server Edition 8.0.1398 (2005-06-08) (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Olympic Organizer Deluxe v2.7 WinALL by CHiCNCREAM.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Omaitek OmaiProtect v1.00 for SymbianOS7 S60.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\OrgScheduler 5.7.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\OTTER 1.3.26.129-key.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Palm Heroes v1.03 Retail Russian by RLYEH.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Pariah v1.02 [ENGLISH] Fixed EXE.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\PC Door Guard v2.8.0.0 Serial.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Pdf File Splitter 1 CrAcKed.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Phelios Super Sprites 1.6 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Pile Volume 2.1.6.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Platinum FTP Server 1.0.18 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Poker Break 1.0 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Polar Studio 6.35 (crack).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Pop3check XP 1.0.1009.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Predator 1.4 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\PS to Tiff 2.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Psiloc irRemote Control for Series60.1.65 for Symbian.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Quick ePics 3.2.3.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\RA Dicey 1.0.117.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\RegistryFix v6.0 Keymaker Only by EMBRACE.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Remove 4.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Romi v3.3 by LasH.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Sage 100 Comptabilite SQL v13.01 French RETAIL by RESET.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Sage Moyens de Paiement 100 v13.00 French RETAIL by RESET.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\SaveForm 2.31.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Security Administrator 7.1.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Setup Specialist 2001.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\SFR visCrypt v1.2.0 Retail for PocketPC by RLYEH.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Shadow Remote Administartor 1.04a.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Smart report maker 1.2 keygen.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Snooper 3.43.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\SobolSoft Find and Replace Multiple Items At Once Software by AT4RE.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Source Guard Professional 2.0 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\SpeedAddress v2006.04 German by BLiZZARD.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\speedlaunch 1.0 cracked prc by TSRh.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\SPX Instant Screen Capture 4.41.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Spy Bouncer v1.32 by CSS.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\SpyRemover v1.64 by Lucid.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\SQL Dictionary Swedish Portuguese 1.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\SQLMerger 2.1.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\StartPro 2.0 B2.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Steinberg My MP3 Pro 5 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Stomp RecordNow MAX v4.50.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Studo 10.0 Plus ( Serial ) 10.0 Plus (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Super Disk Reder 98.1.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Supersoft PROPHET 2008 by TSRh.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\SwitchSniffer v1.2.0 WinNT Cracked by GRACO.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Text tree 1.2.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\TGS Open Inventor v6.0 for VC6 Incl Licgen by TBE.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\The Cleaner Professional v4.1.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\ThumbsUp 3.5.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\TinyIRC Pro v2.0.1.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Trash It 1.71.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\TrendMedium 2.75.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\TVTool 6.5a.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\ultra mp3 1.33 for Symbian OS (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Understand for Ada 1.4.242.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Unios 1.9.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\URL Archiv 1.04 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\USB-ToolBox 2.1.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\USB over Ethernet 2.4.1.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\VB Builder 1.3.2.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Vern 2.1 Beta 9 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\VideoToolbox 0.7.0.30 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\VOVO Zune video converter 1.24.005 keygen.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\WebCheck 4.00.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\WebTabs 1.0a.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\WinASO Registry Optimizer v2.8 WinALL Keygen Only by ViRiLiTY.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Windows 2003 Server VLK.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\WinDVD 4 4 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\WITHMP3 1.52 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Wizard Brush 5.83.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Wondershare 3GP Video Converter build 3.2.47 Fixed by Bidjan.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\WordDecryptor 1.3 (crack).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\WordQuiz 5.0.0.42.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\WordToPDF Pro v1.10.95 WinAll by LAXiTY.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Writers Cafe v1.21 Unicode by ViRiLiTY.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Xtreme Air Racing v1.031 [ENGLISH] No-CD Fixed EXE.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Yaldex JSFactory Pro v2.0 Full.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Zend Studio 5.1.0 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\srvlist.oct
C:\LOG.TXT
c:\program files\Java\jre6\bin\jucheck.exe
c:\program files\Java\jre6\bin\jusched.exe
c:\program files\Mozilla Firefox\extensions\{AE6173F2-35A9-46B3-9796-3D0AA500CEA9}
c:\program files\Mozilla Firefox\extensions\{AE6173F2-35A9-46B3-9796-3D0AA500CEA9}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{AE6173F2-35A9-46B3-9796-3D0AA500CEA9}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{AE6173F2-35A9-46B3-9796-3D0AA500CEA9}\install.rdf
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\mdelk.exe
c:\windows\system32\srosa2.sys
c:\windows\system32\wfsintwq.sys
c:\windows\wintems.exe

----- BITS: Il y a peut-être des sites infectés -----

hxxp://armmf.adobe.com
.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA


(((((((((((((((((((((((((((((   Fichiers créés du 2009-12-21 au 2010-01-21  ))))))))))))))))))))))))))))))))))))
.

2010-01-21 16:42 . 2010-01-21 16:42	--------	d-----w-	c:\program files\ZHPDiag
2010-01-21 14:09 . 2010-01-21 18:13	--------	d--h--w-	c:\documents and settings\MYRIAM\Application Data\drivers
2010-01-20 13:05 . 2010-01-20 13:05	--------	d-----w-	c:\program files\CCleaner
2010-01-20 08:33 . 2010-01-20 08:33	2128660	----a-w-	c:\windows\system32\pythondll.zip
2010-01-17 10:37 . 2010-01-20 12:47	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-01-16 12:50 . 2010-01-17 11:06	--------	d--h--w-	c:\documents and settings\LocalService\Application Data\drivers
2010-01-16 08:41 . 2010-01-21 14:08	--------	d-----w-	C:\FindyKill
2010-01-12 19:09 . 2009-11-21 15:58	471552	-c----w-	c:\windows\system32\dllcache\aclayers.dll
2010-01-09 20:00 . 2010-01-09 20:03	--------	d-----w-	c:\program files\Dactylo
2009-12-25 22:18 . 2009-12-25 22:18	--------	d-----w-	c:\windows\system32\XPSViewer
2009-12-25 22:18 . 2009-12-25 22:18	--------	d-----w-	c:\program files\MSBuild
2009-12-25 22:18 . 2009-12-25 22:18	--------	d-----w-	c:\program files\Reference Assemblies
2009-12-25 22:18 . 2008-07-06 12:06	89088	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-25 22:17 . 2008-07-06 12:06	89088	-c----w-	c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-25 22:17 . 2008-07-06 12:06	117760	------w-	c:\windows\system32\prntvpt.dll
2009-12-25 22:17 . 2008-07-06 10:50	597504	-c----w-	c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-25 22:17 . 2008-07-06 10:50	597504	------w-	c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-12-25 22:17 . 2008-07-06 12:06	575488	-c----w-	c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-25 22:17 . 2008-07-06 12:06	575488	------w-	c:\windows\system32\xpsshhdr.dll
2009-12-25 22:17 . 2008-07-06 12:06	1676288	-c----w-	c:\windows\system32\dllcache\xpssvcs.dll
2009-12-25 22:17 . 2008-07-06 12:06	1676288	------w-	c:\windows\system32\xpssvcs.dll
2009-12-23 07:56 . 2009-12-23 07:56	52224	------w-	c:\documents and settings\MYRIAM\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 16:21 . 2008-03-26 14:15	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2010-01-21 13:56 . 2008-09-26 16:29	--------	d-----w-	c:\program files\Trend Micro
2010-01-21 09:23 . 2009-11-21 19:27	--------	d-----w-	c:\documents and settings\MYRIAM\Application Data\vlc
2010-01-21 06:47 . 2009-03-22 17:26	--------	d-----w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-01-21 06:22 . 2010-01-21 06:22	933941	----a-w-	c:\windows\java\Packages\YCJ1NVRF.ZIP
2010-01-21 06:22 . 2010-01-21 06:22	807416	----a-w-	c:\windows\java\Packages\VPZ735RX.ZIP
2010-01-21 06:22 . 2010-01-21 06:22	6548308	----a-w-	c:\windows\java\Packages\RDZHBD3F.ZIP
2010-01-21 06:22 . 2010-01-21 06:22	1120159	----a-w-	c:\windows\java\Packages\O09797PJ.ZIP
2010-01-21 06:22 . 2010-01-21 06:22	1354601	----a-w-	c:\windows\java\Packages\mtz93lbx.zip
2010-01-21 06:22 . 2010-01-21 06:21	5110617	----a-w-	c:\windows\java\Packages\GF93T3J7.ZIP
2010-01-21 06:21 . 2010-01-21 06:21	988305	----a-w-	c:\windows\java\Packages\43VVLNH3.ZIP
2010-01-21 06:21 . 2010-01-21 06:21	952456	----a-w-	c:\windows\java\Packages\4ylfvxjb.zip
2010-01-20 14:08 . 2008-04-19 09:33	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-01-20 14:08 . 2008-01-10 20:28	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-19 21:50 . 2007-11-25 13:53	55104	------w-	c:\documents and settings\MYRIAM\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-16 21:04 . 2007-12-11 08:24	--------	d-----w-	c:\documents and settings\All Users\Application Data\BitDefender
2010-01-15 20:21 . 2009-10-15 12:07	--------	d-----w-	c:\program files\Oberon Media
2010-01-13 16:41 . 2007-11-24 17:36	--------	d-----w-	c:\program files\Fichiers communs\Adobe
2010-01-02 11:13 . 2009-04-23 12:47	--------	d-----w-	c:\documents and settings\MYRIAM\Application Data\dvdcss
2009-12-27 08:25 . 2008-04-05 15:05	--------	d-----w-	c:\documents and settings\All Users\Application Data\HP
2009-12-26 09:59 . 2009-07-01 19:44	55104	----a-w-	c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-25 22:21 . 2001-08-28 12:00	87560	----a-w-	c:\windows\system32\perfc00C.dat
2009-12-25 22:21 . 2001-08-28 12:00	523788	----a-w-	c:\windows\system32\perfh00C.dat
2009-12-24 22:18 . 2009-03-24 12:55	--------	d-----w-	c:\program files\Microsoft Silverlight
2009-12-23 07:55 . 2009-12-04 09:04	117760	------w-	c:\documents and settings\MYRIAM\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-22 09:51 . 2009-11-15 18:55	--------	d-----w-	c:\program files\Bubble Town
2009-12-21 16:13 . 2007-12-11 08:27	81984	----a-w-	c:\windows\system32\bdod.bin
2009-12-05 18:20 . 2009-12-05 18:20	--------	d-----w-	c:\documents and settings\All Users\Application Data\Canneverbe Limited
2009-12-04 09:03 . 2009-03-21 18:24	--------	d-----w-	c:\documents and settings\MYRIAM\Application Data\SUPERAntiSpyware.com
2009-12-04 09:02 . 2009-04-25 18:14	--------	d-----w-	c:\program files\CDBurnerXP
2009-11-30 13:48 . 2009-09-06 13:11	--------	d-----w-	c:\documents and settings\MYRIAM\Application Data\HpUpdate
2009-11-25 15:25 . 2009-11-23 17:49	--------	d-----w-	c:\documents and settings\All Users\Application Data\NOS
2009-11-25 10:55 . 2009-11-25 10:54	1925024	----a-w-	c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-11-25 10:19 . 2009-12-21 16:25	56816	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2009-11-21 15:58 . 2002-08-29 09:44	471552	----a-w-	c:\windows\AppPatch\aclayers.dll
2009-11-15 15:18 . 2009-03-13 18:26	230432	----a-w-	C:\SPC220NC.DAT
2009-11-14 13:24 . 2009-11-14 13:24	64072	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\French\setup.exe
2008-03-26 14:14 . 2008-03-26 14:14	17681640	-c----w-	c:\program files\Cake_Mania-setup.exe
.

------- Sigcheck -------

[-] 2009-04-22 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[-] 2009-04-22 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE	cpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR	cpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$	cpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE	cpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49	cpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$	cpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE	cpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2GDR	cpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1	cpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$	cpip.sys
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2010-01-20 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-06-09 7700480]
"nwiz"="nwiz.exe" [2007-06-09 1626112]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-06-09 86016]
"SchedulingAgent"="mstinit.exe" [2008-04-13 12288]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EPSON Status Monitor 3 Environment Check.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\EPSON Status Monitor 3 Environment Check.lnk
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin220.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\TrayMin220.lnk
backup=c:\windows\pss\TrayMin220.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Readereader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2009-01-29 22:20	57344	----a-w-	c:\program files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 18:34	1695232	----a-w-	c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-06-09 10:30	7700480	----a-w-	c:\windows\system32
vcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-06-09 10:30	86016	----a-w-	c:\windows\system32
vmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
wiz]
2007-06-09 10:30	1626112	----a-w-	c:\windows\system32
wiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\st

mimie17 · Answer

Tu m'as bien progressé même tres bien je dirai

mimie17 · Answer

je confirme ça a bien évolué j'arrive a redémarré en mode sans échec, j'ai passé Avira Antivir le seul souci c'est pour faire les mises à jour d'avira antivir

au niveau des anti-virus tu me conseilles lequel, même en payant ?

je vais essayer de passer d'autres logiciels comme Spybot, Ccleaner, je te tiens au courant, merci pour tout

mimie17 · Answer

regardes fabuleux j'ai même réussit à passer HijackThis je te poste le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:45:51, on 21/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.mozilla.org/fr/firefox/new/?utm_source=mozilla-fr&utm_medium=referral
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5392B545-31A5-4724-BEF3-4FED1D56FDAC} (CPlayFirstDinerDash2_frControl Object) - file://C:\Documents and Settings\MYRIAM\Local Settings\Application Data\Oberon Media\Oberon Games Host\DinerDash2_fr.1.0.0.70.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://charon777.free.fr/plugins/hardwaredetection_2_0_4_10.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

crapoulou · Answer

Les mises à jour : c'est normal si ça bloque, les serveurs sont chargés.
Mets-le à jour ainsi :
https://www.commentcamarche.net/faq/21023-mise-a-jour-manuelle-d-avira-antivir

*******

Pour les antivirus : en gratuit => Antivir
En payant => Kaspersky.

*******

Tu diras bien aux enfants que les cracks, c'est terminé !!! (ça aurait pu être pire l'infection alors imagine ...!)

*******

Poste la fin du rapport Combofix stp.

*******

Affiche les fichiers et dossiers cachés ainsi que les fichiers du système :
- Mes documents
- Outils
- Options des dossiers
- Onglet « Affichage »
- Coche Afficher les fichiers et dossiers cachés
- Décoche « Masquer les fichiers protégés du système d’exploitation (recommandé) »

********

Analyse ces fichiers :
c:\program files\Cake_Mania-setup.exe
c:\windows\java\Packages\mtz93lbx.zip
c:\windows\java\Packages\4ylfvxjb.zip
Sur le site de virustotal :
https://www.virustotal.com/gui/

Parcourir > Sélectionne ton fichier > Analyser, patiente que l’analyse soit terminée.

Poste bien les rapports en m’indiquant à chaque rapport envoyé le nom du fichier concerné !

(Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant).

********

Désinstalle Super Anti Spyware.

********

Refais une analyse en ligne avec BitDefender.

mimie17 · Answer

t'inquiètes pour les enfants ils ont eu une morale d'enfer, une bonne punition puisque depuis que le début que tu m'aides ils ont plus eu droit à toucher le PC j'espère bien que ça leur servira de leçon sous peine de ne plus avoir de connexion internet du tout

je te poste à nouveau le rapport ComboFix en espérant qu'il est complet

Entre temps j'ai pu passer Ccleaner super contente du boss, lol, non vraiment chapeau à toi

ComboFix 10-01-20.05 - MYRIAM 21/01/2010  19:08:30.2.2 - x86
Microsoft Windows XP Professionnel  5.1.2600.3.1252.33.1036.18.1023.750 [GMT 1:00]
Lancé depuis: c:\documents and settings\MYRIAM\Bureau\KillB.exe
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\MYRIAM\Application Data\drivers\downld
c:\documents and settings\MYRIAM\Application Data\drivers\downld\122859.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\123078.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\123281.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\123921.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\124312.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\124906.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\125546.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\126468.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\127390.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\128078.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\128484.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\128703.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\129093.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\129468.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\130953.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\131500.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\131765.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\131953.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\135187.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\135593.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\135968.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\136218.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\136406.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\136593.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\137203.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\137828.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\138062.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\138281.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\138562.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\138843.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\139734.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\140218.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\141390.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\142031.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\142406.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\142640.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\143359.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\143984.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\144156.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\144343.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\144750.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\145125.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\145375.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\145578.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\145812.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\146062.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\146218.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\146390.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\147984.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\148578.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\149500.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\150203.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\150562.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\150765.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\150984.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\151187.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\152656.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\153609.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\153843.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\156203.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\157453.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\164234.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\164531.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\164750.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\165406.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\165812.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\166078.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\166250.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\167484.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\167718.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\168062.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\168281.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\169156.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\169781.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\170156.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\170390.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\170578.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\175390.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\175968.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\176406.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\176656.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\177796.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\178562.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\179078.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\179671.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\180093.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\180687.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\181078.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\181718.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\182109.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\182468.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\182671.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\182937.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\225265.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\226390.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\227062.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\227640.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\227921.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\228875.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\229625.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\230328.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\230750.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\231968.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\233156.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\235125.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\236109.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\236578.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\236843.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\237046.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\247531.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\248281.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\248750.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\251953.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\254281.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\254609.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\275359.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\275953.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\280015.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\280296.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\280593.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\280921.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\281140.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\281796.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\282187.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\283484.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\284343.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\284921.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\285328.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\285859.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\286156.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\286734.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\287000.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\287781.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\288187.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\289093.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\289781.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\290015.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\311281.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\320640.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\320906.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\321140.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\322281.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\322921.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\323203.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\323406.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\323687.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\324000.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\324968.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\325375.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\328359.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\329765.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\330000.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\330203.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\330546.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\330781.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\331234.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\331546.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\331796.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\331968.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\332203.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\332437.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\332687.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\332875.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\334515.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\335171.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\335859.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\336234.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\336578.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\336796.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\337734.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\338390.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\339093.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\369750.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\371171.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\374390.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\374937.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\375375.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\376265.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\376500.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\376921.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\377265.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\377953.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\420609.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\420796.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\420984.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\421937.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\422890.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\423140.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\423343.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\423687.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\423843.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\424078.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\424328.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\424703.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\424906.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\425484.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\425875.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\426109.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\426296.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\427328.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\428203.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\429375.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\430312.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\432593.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\434546.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\435140.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\435656.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\436843.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\437812.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\438968.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\439718.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\441937.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\443031.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\443593.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\449140.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\450187.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\450953.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\451312.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\451484.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\452015.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\452406.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\453078.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\453781.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\454421.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\454890.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\455984.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\456656.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\456875.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\499140.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\499640.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\500000.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\500281.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\500515.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\500812.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\501062.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\501562.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\501781.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\503734.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\505437.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\505765.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\506015.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\506203.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\506375.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\507265.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\507921.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\508156.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\508343.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\508875.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\509421.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\509656.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\509875.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\510234.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\510703.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\511921.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\512859.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\519687.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\524187.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\524484.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\524718.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\525125.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\525328.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\525968.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\526218.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\526578.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\526781.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\526984.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\527156.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\527343.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\527531.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\528015.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\528406.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\531140.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\532562.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\533218.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\533718.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\535390.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\535906.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\539656.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\543593.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\543843.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\547109.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\547375.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\547578.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\548250.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\548765.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\549265.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\549656.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\550562.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\551203.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\553500.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\554234.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\555281.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\555984.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\556500.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\561703.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\562625.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\563312.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\563640.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\568968.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\569140.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\569328.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\570015.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\570453.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\570953.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\571328.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\573968.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\577000.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\577234.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\577437.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\578109.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\578625.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\579250.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\579718.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\581078.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\586000.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\586718.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\587218.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\587828.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\81609.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\81812.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\82015.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\82187.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\82390.exe
c:\documents and settings\MYRIAM\Application Data\drivers\downld\90515.exe
c:\documents and settings\MYRIAM\Application Data\drivers\winupgro.exe
c:\documents and settings\MYRIAM\Application Data\m
c:\documents and settings\MYRIAM\Application Data\m\data.oct
c:\documents and settings\MYRIAM\Application Data\m\flec006.exe
c:\documents and settings\MYRIAM\Application Data\m\list.oct
c:\documents and settings\MYRIAM\Application Data\m\shared\1-2-3 PieCharts 1.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\1Click DVD Copy v4.1.1.8 WinALL Incl Keygen Repack by BLiZZARD.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\1st DVD Ripper v5.0.1.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\3D Matrix ScreenSaver- The Endless Corridors (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\3DField 1.77.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\A1 DVD Ripper Professional 1.0.xx 1.0.xx (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\A1 Website Download v1.2.8 by AHCU.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Access Animation v1.90 by TMG.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Acoustica MP3 CD Burner v4.0.95 by EMBRACE.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Ad Muncher 4.06.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Adobe PageMaker Plug-in Pack for InDesign CS 1.0 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Advanced Replacer v1.1 by LasH.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Aglare All to 3GP MP4 iPod Zune iPhone Converter 7.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Aha Password and Info Manager 7.61.00.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Album Player v2.12 by DiGERATi.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Alcohol 120 Percent v1.3.4 build 1106 by LasH.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Alive CD Ripper 1.1.0.2.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Allok Audio Converter 1.1.0 CrAcKed.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Alltags Planer 99.09 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Andromeda Screen Shot Saver 2.38.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Aone Ultra Video Splitter v3.7.0 by BRD.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Archon Weld Calculator 6.0 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Aresuki 3.0 for Mac.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\ASE ChartDirector for Python v4.0 Solaris Incl Keymaker by ZWT.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Ashampoo Burning Studio v5.0.1 by EMBRACE.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Audio Developer SDK 1.0 (crack).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Available Domains 1.02 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\AVS DV to DVD 1.2.1.102-key.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\BackupXpress Pro 2.72.35.176 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Bali PLANNING v5.48.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Benutec RamCleaner v3.55 build 1726.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Bibliotheque 3.0 for Mac.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Binary Vortex 2.7.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\BluePrint Personal Edition 1.2.7 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\BoXiKoN v1.5.2 WinALL CRACKED by iNDUCT.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Bram Stokers Dracula (1993) (Psygnosis) FULL!.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\BT Printer List ActiveX v2.0.2.2 by DSi.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Bubble Frenzy Remix v2.1.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Bubble Trouble 1.0.0 for Mac.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Bulker v3.24 WinALL Incl Keygen by BLiZZARD.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Bytegeist Ghost Trails v3.0 for 3DSMAX v6.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\CalendarMirror for Outlook 2.1 keygen.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Call of Duty Modern Warfare 2 NO INTRO FIX.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Call of Duty World at War v1.5 MULTIHACK.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Capturix VideoSpy 2007 Enterprise Edition v4.10.2096 by TE.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Cartesia Map Art Clip Art Pack vAll for Mac.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Catalogue Pro v4.2.21 by diGERATi.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\CFi ShellToys XP 2.0.1.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Chaser Keygen.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\CHN Calculator 4 for Mac.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Classical Spanish Solitaires 1.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\CodeTangler Professional 2.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\ColorImpact v2.3.0.308 Winall Cracked by iNFECTED.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Command Mail v2.21 by TMG.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Connectpc v1.1 WinALL Incl Keygen by ECLiPSE.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\CopyToCD v1.06b.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Crossword Construction Kit v4.0.3.1 by Core.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\CUSeeMe Windows PC for Mac.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\CyberLink StreamAuthor 1.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\DacEasy Order Entry Network 9.10.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Dark Sector v1.0 [MULTI2] +4 TRAINER #1.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Deneba Canvas all versions for Mac.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\DialogBlocks v4.10 Unicode by ACME.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Digital Physiognomy v1.x Generic by FFF.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\DigitByte Studio Traffic Counter v2.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Directory Toolkit v3.2.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Doppelganger 3.1.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\dotConnect for SQL Server 2.05.49.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\DropFolder 1.01.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\DVD Rebuilder Pro v1.09 by DVT.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\dvdXSoft DVD to iPhone Converter v1.42 by AT4RE.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\DzWords 1.29 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\EasyText 3.5 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\eAuction Watcher 2.3.5 beta 10.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\EAUpload 1.3.1 patch.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\EBP Compta Facturation 2005 v9.1 R2BIS 877 French RETAIL by RESET.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Elite Software Ecoord v3.0.11 Incl Keyfilemaker by AGAiN.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Email Man 3.0.1.12011.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Embird Alphabet 10 1.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Enable Toolbox 2.3d build 9.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\English-Spanish Interpreter (ESI) Standard 1.31.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\ESP Mail Check 2.0 Beta 3.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Fancy DVD Copy v2.0 WinALL Incl Keygen by BRD.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Fast Exit Pro 1.06 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Feeding Frenzy 2.9.16.1 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Financial Advisor for Excel Full Access 4.1.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Finanzrechner 1.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Fire Frenzy Retail JAVA SE K810 by RLYEH.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Folder Encryption Fairy v3.5.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\GameHouse Super Jigsaw Flowers by BalCrNepal.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Gene Troopers v1.0 +5 TRAINER.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Goetz's Graphics Kit 1.02.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\goUpdater 1.0.4.51.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\GretagMacbeth ProfileMaker Pro v4.1.5.108 (CD) and 4.1.5.110 (WEB).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\GTA San Andreas v1.0 +10 TRAINER 2.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Heinecke Airomate v1.02 by HAZE.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Hello Engines 3.0 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\HGSBuchArchiv 4.01 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\His Grepship v4.2.1.6 Keymaker Only REPACK by ACME.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\History sweeper XXL 3.7.40.078.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Hoolicon 2.01 Updated.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\HTMLPad 2000.3 x Beta.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Hucks Rocket Boot Hero v1.2 by AERiS.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\IAS Log Viewer 2.28.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Icon Processor v3.0 by SND.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\IdentaFone 4.3.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Image Editor 3.1.02.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Import-Export Studio v2.2.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Installed Programs Finder 1.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Investintech Sonic PDF Creator v2.0 WinALL Cracked by iNViSiBLE.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Invoy 2.00.2.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\ISpQ VideoChat 5.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\ItsTime 2.8e-key.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\J. River Media JukeBox v8.0.265.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\JetBoat SuperChamps (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\jigpix 2.5 serial by TSRh.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\JProbe Profiler Professional Edition 2.0 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\KeyView Pro 6.5.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\KoolMoves 1.95.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Lavalys EVEREST Corporate Edition v5.00.1650 by CRD.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Little Hopper's Math Tac Toe 1.1.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Magic SWF2AVI v1.10 by FFF.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Mailcoach 2 x (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\MakeMS v2.7.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\McFunSoft DVD Creator v7.8 WinALL Regged by iNDUCT.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\MEDIAKG FotoWorks v9.1.4 German WinALL Incl Keygen by ViRiLiTY.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Microsoft VirtualEarth Satellite Downloader v3.203 by AHCU.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Millennium 2000 World Book International Standard English Edition (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Mini Video Converter Video to iPhone Converter by AT4RE.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Mocha Telnet for Vista 1.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Motherload Goldium Edition v1.006 by DELiGHT.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\MP3 Disc Burner v1.60 by LasH.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\MySuperSoft Flash2Video v3.68.950 by DVT.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\MySuperSoft SuperAVConverter v7.6.3500 by DVT.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Mytoolsoft Batch WaterMark v1.5 by FFF.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Nero Burning ROM Enterprise Edition v6.6.0.1.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\NetCetera Rida Rida Ranka v2.5.1.8 SWEDISH by TFT.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\NetInfo v3.0 build 1116.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\NetSpy 3.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\NextUp Talker v1.011 by TBE.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\NFS Underground 2 [US] EURO CARS UNLOCKED.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\NFS Underground v1.3.4 +6 TRAINER.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Norbyte Petal Palace v1.0.6 CRACKED by RHE.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Norton Antivirus for Macintosh Subscription Renewal 9.x for Mac (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Noughts and Crosses 1.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\OandO Defrag Server Edition 8.0.1398 (2005-06-08) (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Olympic Organizer Deluxe v2.7 WinALL by CHiCNCREAM.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Omaitek OmaiProtect v1.00 for SymbianOS7 S60.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\OrgScheduler 5.7.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\OTTER 1.3.26.129-key.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Palm Heroes v1.03 Retail Russian by RLYEH.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Pariah v1.02 [ENGLISH] Fixed EXE.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\PC Door Guard v2.8.0.0 Serial.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Pdf File Splitter 1 CrAcKed.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Phelios Super Sprites 1.6 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Pile Volume 2.1.6.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Platinum FTP Server 1.0.18 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Poker Break 1.0 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Polar Studio 6.35 (crack).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Pop3check XP 1.0.1009.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Predator 1.4 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\PS to Tiff 2.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Psiloc irRemote Control for Series60.1.65 for Symbian.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Quick ePics 3.2.3.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\RA Dicey 1.0.117.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\RegistryFix v6.0 Keymaker Only by EMBRACE.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Remove 4.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Romi v3.3 by LasH.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Sage 100 Comptabilite SQL v13.01 French RETAIL by RESET.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Sage Moyens de Paiement 100 v13.00 French RETAIL by RESET.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\SaveForm 2.31.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Security Administrator 7.1.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Setup Specialist 2001.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\SFR visCrypt v1.2.0 Retail for PocketPC by RLYEH.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Shadow Remote Administartor 1.04a.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Smart report maker 1.2 keygen.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Snooper 3.43.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\SobolSoft Find and Replace Multiple Items At Once Software by AT4RE.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Source Guard Professional 2.0 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\SpeedAddress v2006.04 German by BLiZZARD.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\speedlaunch 1.0 cracked prc by TSRh.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\SPX Instant Screen Capture 4.41.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Spy Bouncer v1.32 by CSS.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\SpyRemover v1.64 by Lucid.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\SQL Dictionary Swedish Portuguese 1.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\SQLMerger 2.1.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\StartPro 2.0 B2.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Steinberg My MP3 Pro 5 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Stomp RecordNow MAX v4.50.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Studo 10.0 Plus ( Serial ) 10.0 Plus (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Super Disk Reder 98.1.0.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Supersoft PROPHET 2008 by TSRh.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\SwitchSniffer v1.2.0 WinNT Cracked by GRACO.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Text tree 1.2.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\TGS Open Inventor v6.0 for VC6 Incl Licgen by TBE.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\The Cleaner Professional v4.1.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\ThumbsUp 3.5.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\TinyIRC Pro v2.0.1.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Trash It 1.71.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\TrendMedium 2.75.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\TVTool 6.5a.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\ultra mp3 1.33 for Symbian OS (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Understand for Ada 1.4.242.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Unios 1.9.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\URL Archiv 1.04 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\USB-ToolBox 2.1.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\USB over Ethernet 2.4.1.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\VB Builder 1.3.2.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Vern 2.1 Beta 9 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\VideoToolbox 0.7.0.30 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\VOVO Zune video converter 1.24.005 keygen.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\WebCheck 4.00.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\WebTabs 1.0a.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\WinASO Registry Optimizer v2.8 WinALL Keygen Only by ViRiLiTY.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Windows 2003 Server VLK.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\WinDVD 4 4 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\WITHMP3 1.52 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Wizard Brush 5.83.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Wondershare 3GP Video Converter build 3.2.47 Fixed by Bidjan.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\WordDecryptor 1.3 (crack).zip
c:\documents and settings\MYRIAM\Application Data\m\shared\WordQuiz 5.0.0.42.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\WordToPDF Pro v1.10.95 WinAll by LAXiTY.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Writers Cafe v1.21 Unicode by ViRiLiTY.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Xtreme Air Racing v1.031 [ENGLISH] No-CD Fixed EXE.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Yaldex JSFactory Pro v2.0 Full.zip
c:\documents and settings\MYRIAM\Application Data\m\shared\Zend Studio 5.1.0 (Serial).zip
c:\documents and settings\MYRIAM\Application Data\m\srvlist.oct
C:\LOG.TXT
c:\program files\Java\jre6\bin\jucheck.exe
c:\program files\Java\jre6\bin\jusched.exe
c:\program files\Mozilla Firefox\extensions\{AE6173F2-35A9-46B3-9796-3D0AA500CEA9}
c:\program files\Mozilla Firefox\extensions\{AE6173F2-35A9-46B3-9796-3D0AA500CEA9}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{AE6173F2-35A9-46B3-9796-3D0AA500CEA9}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{AE6173F2-35A9-46B3-9796-3D0AA500CEA9}\install.rdf
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\mdelk.exe
c:\windows\system32\srosa2.sys
c:\windows\system32\wfsintwq.sys
c:\windows\wintems.exe

----- BITS: Il y a peut-être des sites infectés -----

hxxp://armmf.adobe.com
.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA


(((((((((((((((((((((((((((((   Fichiers créés du 2009-12-21 au 2010-01-21  ))))))))))))))))))))))))))))))))))))
.

2010-01-21 16:42 . 2010-01-21 16:42	--------	d-----w-	c:\program files\ZHPDiag
2010-01-21 14:09 . 2010-01-21 18:13	--------	d--h--w-	c:\documents and settings\MYRIAM\Application Data\drivers
2010-01-20 13:05 . 2010-01-20 13:05	--------	d-----w-	c:\program files\CCleaner
2010-01-20 08:33 . 2010-01-20 08:33	2128660	----a-w-	c:\windows\system32\pythondll.zip
2010-01-17 10:37 . 2010-01-20 12:47	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-01-16 12:50 . 2010-01-17 11:06	--------	d--h--w-	c:\documents and settings\LocalService\Application Data\drivers
2010-01-16 08:41 . 2010-01-21 14:08	--------	d-----w-	C:\FindyKill
2010-01-12 19:09 . 2009-11-21 15:58	471552	-c----w-	c:\windows\system32\dllcache\aclayers.dll
2010-01-09 20:00 . 2010-01-09 20:03	--------	d-----w-	c:\program files\Dactylo
2009-12-25 22:18 . 2009-12-25 22:18	--------	d-----w-	c:\windows\system32\XPSViewer
2009-12-25 22:18 . 2009-12-25 22:18	--------	d-----w-	c:\program files\MSBuild
2009-12-25 22:18 . 2009-12-25 22:18	--------	d-----w-	c:\program files\Reference Assemblies
2009-12-25 22:18 . 2008-07-06 12:06	89088	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-25 22:17 . 2008-07-06 12:06	89088	-c----w-	c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-25 22:17 . 2008-07-06 12:06	117760	------w-	c:\windows\system32\prntvpt.dll
2009-12-25 22:17 . 2008-07-06 10:50	597504	-c----w-	c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-25 22:17 . 2008-07-06 10:50	597504	------w-	c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-12-25 22:17 . 2008-07-06 12:06	575488	-c----w-	c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-25 22:17 . 2008-07-06 12:06	575488	------w-	c:\windows\system32\xpsshhdr.dll
2009-12-25 22:17 . 2008-07-06 12:06	1676288	-c----w-	c:\windows\system32\dllcache\xpssvcs.dll
2009-12-25 22:17 . 2008-07-06 12:06	1676288	------w-	c:\windows\system32\xpssvcs.dll
2009-12-23 07:56 . 2009-12-23 07:56	52224	------w-	c:\documents and settings\MYRIAM\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 16:21 . 2008-03-26 14:15	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2010-01-21 13:56 . 2008-09-26 16:29	--------	d-----w-	c:\program files\Trend Micro
2010-01-21 09:23 . 2009-11-21 19:27	--------	d-----w-	c:\documents and settings\MYRIAM\Application Data\vlc
2010-01-21 06:47 . 2009-03-22 17:26	--------	d-----w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-01-21 06:22 . 2010-01-21 06:22	933941	----a-w-	c:\windows\java\Packages\YCJ1NVRF.ZIP
2010-01-21 06:22 . 2010-01-21 06:22	807416	----a-w-	c:\windows\java\Packages\VPZ735RX.ZIP
2010-01-21 06:22 . 2010-01-21 06:22	6548308	----a-w-	c:\windows\java\Packages\RDZHBD3F.ZIP
2010-01-21 06:22 . 2010-01-21 06:22	1120159	----a-w-	c:\windows\java\Packages\O09797PJ.ZIP
2010-01-21 06:22 . 2010-01-21 06:22	1354601	----a-w-	c:\windows\java\Packages\mtz93lbx.zip
2010-01-21 06:22 . 2010-01-21 06:21	5110617	----a-w-	c:\windows\java\Packages\GF93T3J7.ZIP
2010-01-21 06:21 . 2010-01-21 06:21	988305	----a-w-	c:\windows\java\Packages\43VVLNH3.ZIP
2010-01-21 06:21 . 2010-01-21 06:21	952456	----a-w-	c:\windows\java\Packages\4ylfvxjb.zip
2010-01-20 14:08 . 2008-04-19 09:33	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-01-20 14:08 . 2008-01-10 20:28	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-19 21:50 . 2007-11-25 13:53	55104	------w-	c:\documents and settings\MYRIAM\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-16 21:04 . 2007-12-11 08:24	--------	d-----w-	c:\documents and settings\All Users\Application Data\BitDefender
2010-01-15 20:21 . 2009-10-15 12:07	--------	d-----w-	c:\program files\Oberon Media
2010-01-13 16:41 . 2007-11-24 17:36	--------	d-----w-	c:\program files\Fichiers communs\Adobe
2010-01-02 11:13 . 2009-04-23 12:47	--------	d-----w-	c:\documents and settings\MYRIAM\Application Data\dvdcss
2009-12-27 08:25 . 2008-04-05 15:05	--------	d-----w-	c:\documents and settings\All Users\Application Data\HP
2009-12-26 09:59 . 2009-07-01 19:44	55104	----a-w-	c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-25 22:21 . 2001-08-28 12:00	87560	----a-w-	c:\windows\system32\perfc00C.dat
2009-12-25 22:21 . 2001-08-28 12:00	523788	----a-w-	c:\windows\system32\perfh00C.dat
2009-12-24 22:18 . 2009-03-24 12:55	--------	d-----w-	c:\program files\Microsoft Silverlight
2009-12-23 07:55 . 2009-12-04 09:04	117760	------w-	c:\documents and settings\MYRIAM\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-22 09:51 . 2009-11-15 18:55	--------	d-----w-	c:\program files\Bubble Town
2009-12-21 16:13 . 2007-12-11 08:27	81984	----a-w-	c:\windows\system32\bdod.bin
2009-12-05 18:20 . 2009-12-05 18:20	--------	d-----w-	c:\documents and settings\All Users\Application Data\Canneverbe Limited
2009-12-04 09:03 . 2009-03-21 18:24	--------	d-----w-	c:\documents and settings\MYRIAM\Application Data\SUPERAntiSpyware.com
2009-12-04 09:02 . 2009-04-25 18:14	--------	d-----w-	c:\program files\CDBurnerXP
2009-11-30 13:48 . 2009-09-06 13:11	--------	d-----w-	c:\documents and settings\MYRIAM\Application Data\HpUpdate
2009-11-25 15:25 . 2009-11-23 17:49	--------	d-----w-	c:\documents and settings\All Users\Application Data\NOS
2009-11-25 10:55 . 2009-11-25 10:54	1925024	----a-w-	c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-11-25 10:19 . 2009-12-21 16:25	56816	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2009-11-21 15:58 . 2002-08-29 09:44	471552	----a-w-	c:\windows\AppPatch\aclayers.dll
2009-11-15 15:18 . 2009-03-13 18:26	230432	----a-w-	C:\SPC220NC.DAT
2009-11-14 13:24 . 2009-11-14 13:24	64072	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\French\setup.exe
2008-03-26 14:14 . 2008-03-26 14:14	17681640	-c----w-	c:\program files\Cake_Mania-setup.exe
.

------- Sigcheck -------

[-] 2009-04-22 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[-] 2009-04-22 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE	cpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR	cpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$	cpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE	cpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49	cpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$	cpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE	cpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2GDR	cpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1	cpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$	cpip.sys
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2010-01-20 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-06-09 7700480]
"nwiz"="nwiz.exe" [2007-06-09 1626112]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-06-09 86016]
"SchedulingAgent"="mstinit.exe" [2008-04-13 12288]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EPSON Status Monitor 3 Environment Check.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\EPSON Status Monitor 3 Environment Check.lnk
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin220.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\TrayMin220.lnk
backup=c:\windows\pss\TrayMin220.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Readereader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2009-01-29 22:20	57344	----a-w-	c:\program files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 18:34	1695232	----a-w-	c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-06-09 10:30	7700480	----a-w-	c:\windows\system32
vcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startup

crapoulou · Answer

Merci c'est gentil. Le rapport combofix est trop long pour passer ici alors envoie le ici : http://cijoint.fr/ Et envoie moi l'URL qui te sera communiquée pour que je puisse consulter le document. ***** Parfait, tous les outils devraient passer maintenant : Fais un RSIT stp ce sera plus complet (tu as la procédure précédemment : à la recherche :P) ***** Mets à jour Malwarebytes' Anti Malware, on l'utilisera dans pas longtemps. ***** Télécharge Ad-Remover ( de Cyrildu17 / C_XX ) sur ton bureau : = = = =>>> En cliquant ici <<<= = = = /!\ Déconnectes toi et fermes toutes applications en cours, désactive ton antivirus le temps de la manipulation/!\ * Double clique sur l’exécutable pour le lancer. * Au message d’avertissement qui s’affiche, sélectionne ‘Oui’. * Au menu principal choisi l’option "S" et tape ensuite sur la touche Entrée. * Poste le rapport qui apparaît à la fin de l’analyse qui peut prendre du temps. (Le rapport est sauvegardé aussi sous C:\Ad-report(date).log) (CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller) Note : "Process.exe", une composante de l’outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s’agit pas d’un virus, mais d’un utilitaire destiné à mettre fin à des processus.

mimie17 · Answer

voilà déjà le lien pour ComboFix:

http://www.cijoint.fr/cjlink.php?file=cj201001/cijgOaBvFl.txt

mimie17 · Answer

rapport RSIT :

info.txt logfile of random's system information tool 1.06 2010-01-21 22:25:14

======Uninstall list======

-->MsiExec.exe /I{0F122737-72B2-4095-8B3E-7AAE753DFD3D}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
BPM-Studio 4 Profi-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ALCATech\BPM-Studio Profi\DeIsL1.isu"  -c"C:\Program Files\ALCATech\BPM-Studio Profi\_ISREG32.DLL"
Bubble Town 1.1.0.1-->C:\Program Files\Bubble Town\Uninstall.exe
Bubble Town-->"C:\WINDOWS\Bubble Town\uninstall.exe" "/U:C:\Program Files\Bubble Town\Uninstall\uninstall.xml"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Digital Photo Navigator 1.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7EF4BD8-CA13-11D5-AE3D-005004B8E30C}\Setup.exe" -l0x9 
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Document Viewer 7.0-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Precisionscan Pro 3.1-->MsiExec.exe /I{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{74DC0593-6BC6-4001-AD5F-D810AFB68D86}
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
K-Lite Codec Pack 3.5.7 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Les Indispensables Éducation pour Microsoft Office-->MsiExec.exe /X{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP Manager-->MsiExec.exe /X{49E597BA-63D3-4936-9E02-AEDB5D1FE002}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
NVIDIA Drivers-->C:\WINDOWS\System32
vudisp.exe UninstallGUI
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Philips SPC220NC Webcam-->C:\Program Files\InstallShield Installation Information\{97CB5A86-4887-4919-A251-FBF6414A200D}\setup.exe -runfromtemp -l0x040c -removeonly
Pochette Express 2-->C:\Program Files\Pochette Express 2\uninstall.exe
PowerDirector Express-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EDE721EC-870A-11D8-9D75-000129760D75}\setup.exe"  -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe"  -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe"  -uninstall
Ranch Rush-->"C:\Program Files\orange\jeux\Ranch Rush\Uninstall.exe" "C:\Program Files\orange\jeux\Ranch Rush\install.log"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c  -removeonly
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
USB Flash Disk-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EDFEDAEF-95AA-11D7-A949-5254AB1235E1}\Setup.exe" -l0x9 
VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Webcam Video Viewer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CECB7782-F35F-45CE-97C0-74BBBDC51C22}\Setup.exe" -l0x40c 
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Contrôle parental-->MsiExec.exe /X{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}
Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: AntiVir Desktop (disabled)

======System event log======

Computer Name: PCMIMI
Event Code: 7036
Message: Le service Pml Driver HPZ12 est entré dans l'état : arrêté.

Record Number: 201376
Source Name: Service Control Manager
Time Written: 20100114094354.000000+060
Event Type: Informations
User: 

Computer Name: PCMIMI
Event Code: 7036
Message: Le service Pml Driver HPZ12 est entré dans l'état : en cours d'exécution.

Record Number: 201375
Source Name: Service Control Manager
Time Written: 20100114094354.000000+060
Event Type: Informations
User: 

Computer Name: PCMIMI
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Pml Driver HPZ12.

Record Number: 201374
Source Name: Service Control Manager
Time Written: 20100114094354.000000+060
Event Type: Informations
User: PCMIMI\MYRIAM

Computer Name: PCMIMI
Event Code: 7036
Message: Le service Pml Driver HPZ12 est entré dans l'état : arrêté.

Record Number: 201373
Source Name: Service Control Manager
Time Written: 20100114094349.000000+060
Event Type: Informations
User: 

Computer Name: PCMIMI
Event Code: 7036
Message: Le service Pml Driver HPZ12 est entré dans l'état : en cours d'exécution.

Record Number: 201372
Source Name: Service Control Manager
Time Written: 20100114094349.000000+060
Event Type: Informations
User: 

=====Application event log=====

Computer Name: PCMIMI
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 5
Source Name: SecurityCenter
Time Written: 20090525072711.000000+120
Event Type: Informations
User: 

Computer Name: PCMIMI
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 4
Source Name: SecurityCenter
Time Written: 20090524114441.000000+120
Event Type: Informations
User: 

Computer Name: PCMIMI
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 3
Source Name: SecurityCenter
Time Written: 20090523203340.000000+120
Event Type: Informations
User: 

Computer Name: PCMIMI
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 2
Source Name: SecurityCenter
Time Written: 20090523191313.000000+120
Event Type: Informations
User: 

Computer Name: PCMIMI
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 1
Source Name: SecurityCenter
Time Written: 20090523190157.000000+120
Event Type: Informations
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"OldPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\Fichiers communs\Teleca Shared
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

crapoulou · Answer

Fais une analyse complète du système avec Malwarebytes' Anti Malware comme tu l'as parfaitement fait précédemment.
Poste le rapport une fois terminé.

*****

Essaye une analyse en ligne BitDefender.

mimie17 · Answer

voilà le rapport Ad-Remover:

.
======= RAPPORT D'AD-REMOVER 1.1.4.6_I | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 21.01.2010 à  9:13
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 22:41:19, 21/01/2010 | Mode Normal | Option: SCAN
Exécuté de: C:\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™  Service Pack 3 v5.1.2600
Nom du PC: PCMIMI | Utilisateur actuel: MYRIAM
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.

.
HKCU\software\microsoft\internet explorer\searchscopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.6 [fr] *
.
 Nom du profil: pt4d2ij2.default (MYRIAM)
.
(MYRIAM, prefs.js) Browser.download.lastDir, C:\Documents and Settings\MYRIAM\Bureauugby
(MYRIAM, prefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
(MYRIAM, prefs.js) Browser.search.selectedEngine, Live Search
(MYRIAM, prefs.js) Browser.startup.homepage, hxxp://fr.msn.com/
(MYRIAM, prefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
(MYRIAM, prefs.js) Browser.search.selectedEngine, Live Search
(MYRIAM, prefs.js) Browser.startup.homepage, hxxp://fr.msn.com/
(MYRIAM, prefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
(MYRIAM, prefs.js) Browser.search.selectedEngine, Live Search
(MYRIAM, prefs.js) Browser.startup.homepage, hxxp://fr.msn.com/
(MYRIAM, prefs.js) Browser.startup.homepage, hxxp://fr.msn.com/
(MYRIAM, prefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
(MYRIAM, prefs.js) Browser.search.selectedEngine, Live Search
(MYRIAM, prefs.js) Browser.startup.homepage, hxxp://fr.msn.com/
(MYRIAM, prefs.js) Browser.startup.homepage, hxxp://fr.msn.com/
(MYRIAM, prefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
(MYRIAM, prefs.js) Browser.search.selectedEngine, Live Search
(MYRIAM, prefs.js) Browser.startup.homepage, hxxp://fr.msn.com/
(MYRIAM, prefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
(MYRIAM, prefs.js) Browser.search.selectedEngine, Live Search
(MYRIAM, prefs.js) Browser.startup.homepage, hxxp://fr.msn.com/
(MYRIAM, prefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
(MYRIAM, prefs.js) Browser.search.selectedEngine, Live Search
(MYRIAM, prefs.js) Browser.startup.homepage, hxxp://fr.msn.com/
(MYRIAM, prefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
(MYRIAM, prefs.js) Browser.search.selectedEngine, Live Search
(MYRIAM, prefs.js) Browser.startup.homepage, hxxp://fr.msn.com/
(MYRIAM, prefs.js) Browser.startup.homepage, hxxp://fr.msn.com/
(MYRIAM, prefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
(MYRIAM, prefs.js) Browser.search.selectedEngine, Live Search
(MYRIAM, prefs.js) Browser.startup.homepage, hxxp://fr.msn.com/
(MYRIAM, prefs.js) Browser.startup.homepage, hxxp://fr.msn.com/
(MYRIAM, prefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
(MYRIAM, prefs.js) Browser.search.selectedEngine, Live Search
(MYRIAM, prefs.js) Browser.startup.homepage, hxxp://fr.msn.com/
(MYRIAM, prefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
(MYRIAM, prefs.js) Browser.search.selectedEngine, Live Searchœ÷
(MYRIAM, prefs.js) Browser.startup.homepage, hxxp://fr.msn.com/
(MYRIAM, prefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
(MYRIAM, prefs.js) Browser.search.selectedEngine, Live Search
(MYRIAM, prefs.js) Browser.startup.homepage, hxxp://fr.msn.com/
(MYRIAM, prefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
(MYRIAM, prefs.js) Browser.search.selectedEngine, Live Search
(MYRIAM, prefs.js) Browser.startup.homepage, hxxp://fr.msn.com/
(MYRIAM, prefs.js) Browser.startup.homepage, hxxp://fr.msn.com/
(MYRIAM, prefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
(MYRIAM, prefs.js) Browser.search.selectedEngine, Live Search
(MYRIAM, prefs.js) Browser.startup.homepage, hxxp://fr.msn.com/
(MYRIAM, prefs.js) Browser.startup.homepage, hxxp://fr.msn.com/
(MYRIAM, prefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
(MYRIAM, prefs.js) Browser.search.selectedEngine, Live Search
(MYRIAM, prefs.js) Browser.startup.homepage, hxxp://fr.msn.com/
(MYRIAM, prefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
(MYRIAM, prefs.js) Browser.search.selectedEngine, Live Searchœ÷. 
(MYRIAM, prefs.js) Browser.download.lastDir, C:\Documents and Settings\MYRIAM\Bureau
(MYRIAM, prefs.js) Browser.startup.homepage, hxxp://google.fr/
(MYRIAM, prefs.js) Extensions.enabledItems, {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03,{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12,jqs@sun.com:1.0,{4D9AE42B-F4C0-40e6-AEDB-4EC6E42B77AF}:1.0.0.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6
(MYRIAM, prefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
. 
.
* Internet Explorer Version 6.0.2900.5512 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Enable Browser Extensions: yes
Use Custom Search URL: 0 (0x0)
Start Page: hxxp://mozilla.fr/
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Use Search Asst: no
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\windows\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Use Custom Search URL: 0 (0x0)
Search bar: hxxp://search.msn.com/spbasic.htm
SearchAssistant: hxxp://www.crawler.com/search/ie.aspx?tb_id=60341
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
6405 Octet(s) - C:\Ad-Report-SCAN[1].log 
.
34 Fichier(s) - C:\DOCUME~1\MYRIAM\LOCALS~1\Temp 
2 Fichier(s) - C:\WINDOWS\Temp 
129 Fichier(s) - C:\WINDOWS\Prefetch 
.
2 Fichier(s) - C:\Ad-Remover\BACKUP
0 Fichier(s) - C:\Ad-Remover\QUARANTINE
.
Fin à: 22:43:40 | 21/01/2010 - SCAN[1]
.
============== E.O.F ==============
.

crapoulou · Answer

Excellent.

Nettoyage avec Ad-Remover :

/!\ Déconnectes toi et fermes toutes applications en cours, désactive ton antivirus le temps de la manipulation/!\

* Double clique sur l’exécutable pour le lancer.
* Au message d’avertissement qui s’affiche, sélectionne ‘Oui’.
* Au menu principal choisi l’option "L" et tape ensuite sur la touche Entrée.
* Poste le rapport qui apparaît à la fin de l’analyse qui peut prendre du temps.

(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)
(CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller) 

Note :
"Process.exe", une composante de l’outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s’agit pas d’un virus, mais d’un utilitaire destiné à mettre fin à des processus.

mimie17 · Answer

Je m'occupe de tout le restant demain ouah j'ai veillé ce soir,lol, et toi donc.....tu dois pas avoir beaucoup de repos entre nous tous, encore merci, bonne nuit je reprend demain entre temps j'avais lancer malwarebytes' Anti-Malware voilà le rapport :

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

21/01/2010 23:16:52
mbam-log-2010-01-21 (23-16-52).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 213796
Temps écoulé: 27 minute(s), 39 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{482E715D-4B80-4849-BF77-B243B54D6D73}\RP351\A0080846.sys (Malware.Trace) -> Quarantined and deleted successfully.

crapoulou · Answer

Très bien tu pourras vider la quarantaine de MBAM.
L'élément trouvé se situe dans la restauration : pas de souci, on la purgera en fin de désinfection.
Bonne nuit et à demain !

mimie17 · Answer

bonjour,

je te poste le rapport de VirusTotal, mais ça craint quand même je vois un virus sur CakeMania, alors que je peux t'envoyer la facture je l'ai acheté (et pas cracké) sur orange alors même en payant c'est désolant


 Fichier Cake_Mania-setup.exe reçu le 2010.01.22 07:01:48 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 1/41 (2.44%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 4.
L'heure estimée de démarrage est entre 81 et 116 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email: 	
	
Antivirus 	Version 	Dernière mise à jour 	Résultat
a-squared	4.5.0.50	2010.01.22	-
AhnLab-V3	5.0.0.2	2010.01.22	-
AntiVir	7.9.1.146	2010.01.21	-
Antiy-AVL	2.0.3.7	2010.01.21	-
Authentium	5.2.0.5	2010.01.22	-
Avast	4.8.1351.0	2010.01.22	-
AVG	9.0.0.730	2010.01.21	-
BitDefender	7.2	2010.01.22	-
CAT-QuickHeal	10.00	2010.01.22	-
ClamAV	0.94.1	2010.01.22	PUA.Packed.MinGWGCCDLL.2xx
Comodo	3666	2010.01.22	-
DrWeb	5.0.1.12222	2010.01.22	-
eSafe	7.0.17.0	2010.01.21	-
eTrust-Vet	35.2.7251	2010.01.21	-
F-Prot	4.5.1.85	2010.01.21	-
F-Secure	9.0.15370.0	2010.01.22	-
Fortinet	4.0.14.0	2010.01.22	-
GData	19	2010.01.22	-
Ikarus	T3.1.1.80.0	2010.01.22	-
Jiangmin	13.0.900	2010.01.22	-
K7AntiVirus	7.10.951	2010.01.20	-
Kaspersky	7.0.0.125	2010.01.22	-
McAfee	5868	2010.01.21	-
McAfee+Artemis	5868	2010.01.21	-
McAfee-GW-Edition	6.8.5	2010.01.21	-
Microsoft	1.5302	2010.01.21	-
NOD32	4795	2010.01.22	-
Norman	6.04.03	2010.01.21	-
nProtect	2009.1.8.0	2010.01.22	-
Panda	10.0.2.2	2010.01.21	-
PCTools	7.0.3.5	2010.01.22	-
Prevx	3.0	2010.01.22	-
Rising	22.31.04.03	2010.01.22	-
Sophos	4.50.0	2010.01.22	-
Sunbelt	3.2.1858.2	2010.01.22	-
Symantec	20091.2.0.41	2010.01.22	-
TheHacker	6.5.0.9.158	2010.01.22	-
TrendMicro	9.120.0.1004	2010.01.22	-
VBA32	3.12.12.1	2010.01.21	-
ViRobot	2010.1.22.2150	2010.01.22	-
VirusBuster	5.0.21.0	2010.01.21	-
Information additionnelle
File size: 17681640 bytes
MD5...: 921f0b88d34a340e5cc6d0f428e7cb83
SHA1..: b9fa3778c10393945a9159a7c9c442959eda1d31
SHA256: 34c18739110ee0aa4f6f646e46342502e161f9dd85e152f8a8b07b218f80a63a
ssdeep: 393216:ziTsezbvPLtEnFmoEiF9zYcRLjNnV9vlwNEaAsmHTy2He8L:zqseHzym8
bvLh7dwN9AsmTyihL
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x9264
timedatestamp.....: 0x469dd0b1 (Wed Jul 18 08:34:57 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x163b8 0x17000 6.55 74a7644a4e6b70d4770a421bd7bc2e91
.rdata 0x18000 0x4e9e 0x5000 5.06 f2ae17a5f44394f39099bd499dae916f
.data 0x1d000 0x33a0 0x2000 2.23 b67fa4aabea55f394c9fcfccf90f355c
.rsrc 0x21000 0x1b08 0x2000 4.29 e2f8b0ac031b20b23aef61765386be7b

( 5 imports )
> KERNEL32.dll: GetLastError, ReadFile, WideCharToMultiByte, CreateFileA, GetModuleFileNameA, CloseHandle, GetFileSize, SetFilePointer, GetTempPathA, Sleep, GetCurrentProcessId, WaitForSingleObject, DeleteFileA, GetTickCount, GetCommandLineA, MultiByteToWideChar, WriteFile, InterlockedExchange, SetStdHandle, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, GetLocaleInfoW, IsValidLocale, EnumSystemLocalesA, GetUserDefaultLCID, GetStringTypeW, GetStringTypeA, IsValidCodePage, CreateThread, GetVersionExA, GlobalAlloc, GetMailslotInfo, CreateMailslotA, InterlockedIncrement, InterlockedDecrement, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetACP, GetLocaleInfoA, GetThreadLocale, HeapAlloc, HeapFree, RaiseException, HeapReAlloc, VirtualAlloc, GetProcAddress, GetModuleHandleA, RtlUnwind, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetProcessHeap, GetStartupInfoA, ExitProcess, LCMapStringA, LCMapStringW, GetCPInfo, VirtualFree, HeapDestroy, HeapCreate, GetStdHandle, HeapSize, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetSystemTimeAsFileTime, GetConsoleCP, GetConsoleMode, FlushFileBuffers, LoadLibraryA, GetOEMCP
> SHLWAPI.dll: PathFileExistsA
> SHELL32.dll: ShellExecuteA, ShellExecuteExA
> USER32.dll: DefWindowProcA, PostQuitMessage, GetMessageA, DispatchMessageA, UpdateWindow, ShowWindow, CreateWindowExA, RegisterClassA, PostMessageA, TranslateMessage
> ADVAPI32.dll: SetSecurityDescriptorDacl, InitializeSecurityDescriptor

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (35.1%)
UPX compressed Win32 Executable (28.4%)
Win32 EXE Yoda's Crypter (24.7%)
Win32 Executable Generic (7.9%)
Generic Win/DOS Executable (1.8%)
packers (Kaspersky): UPX, Armadillo, Armadillo
sigcheck:
publisher....: Oberon Media Inc.
copyright....: Copyright (c) Oberon-Media Inc 2004.
product......: Oberon Media Game Runner
description..: Runner: Extracts and runs the game setup
original name: Runner.exe
internal name: Runner
file version.: 1, 0, 0, 8
comments.....: info@oberon-media.com
signers......: Oberon Media Inc.
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 4:36 PM 11/20/2007
verified.....: -
packers (F-Prot): UPX

mimie17 · Answer

voilà le second rapport

 Fichier mtz93lbx.zip reçu le 2010.01.22 07:08:21 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 32/41 (78.05%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 4.
L'heure estimée de démarrage est entre 81 et 116 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email: 	
	
Antivirus 	Version 	Dernière mise à jour 	Résultat
a-squared	4.5.0.50	2010.01.22	-
AhnLab-V3	5.0.0.2	2010.01.22	Win-Trojan/Bagle.813568.C
AntiVir	7.9.1.146	2010.01.21	TR/Dldr.Bagle.cez
Antiy-AVL	2.0.3.7	2010.01.21	Trojan/Win32.Bagle.gen
Authentium	5.2.0.5	2010.01.22	W32/Themida_Packed!Eldorado
Avast	4.8.1351.0	2010.01.22	-
AVG	9.0.0.730	2010.01.21	Win32/Cryptor
BitDefender	7.2	2010.01.22	Trojan.Generic.2963967
CAT-QuickHeal	10.00	2010.01.22	TrojanDownloader.Bagle.cez
ClamAV	0.94.1	2010.01.22	-
Comodo	3666	2010.01.22	Heur.Suspicious
DrWeb	5.0.1.12222	2010.01.22	Win32.HLLM.Beagle.618
eSafe	7.0.17.0	2010.01.21	-
eTrust-Vet	35.2.7251	2010.01.21	Win32/ASuspect.HACJR
F-Prot	4.5.1.85	2010.01.21	W32/Themida_Packed!Eldorado
F-Secure	9.0.15370.0	2010.01.22	Trojan-Downloader:W32/Bagle.gen!A
Fortinet	4.0.14.0	2010.01.22	W32/Packed.B
GData	19	2010.01.22	Trojan.Generic.2963967
Ikarus	T3.1.1.80.0	2010.01.22	Trojan-Downloader.Win32.Bagle
Jiangmin	13.0.900	2010.01.22	TrojanDownloader.Bagle.bmz
K7AntiVirus	7.10.951	2010.01.20	Trojan-Downloader.Win32.Bagle.cez
Kaspersky	7.0.0.125	2010.01.22	Trojan-Downloader.Win32.Bagle.cez
McAfee	5868	2010.01.21	Generic Downloader.x!cjz
McAfee+Artemis	5868	2010.01.21	Generic Downloader.x!cjz
McAfee-GW-Edition	6.8.5	2010.01.21	Trojan.Dldr.Bagle.cez
Microsoft	1.5302	2010.01.21	TrojanDownloader:Win32/Bagle.gen!A
NOD32	4795	2010.01.22	Win32/Bagle.UN
Norman	6.04.03	2010.01.21	DLoader.ACMWD
nProtect	2009.1.8.0	2010.01.22	-
Panda	10.0.2.2	2010.01.21	Generic Trojan
PCTools	7.0.3.5	2010.01.22	-
Prevx	3.0	2010.01.22	-
Rising	22.31.04.03	2010.01.22	Trojan.Win32.Generic.51F5D957
Sophos	4.50.0	2010.01.22	Mal/Generic-A
Sunbelt	3.2.1858.2	2010.01.22	Backdoor.Win32.Ircbot.gen (v)
Symantec	20091.2.0.41	2010.01.22	-
TheHacker	6.5.0.9.158	2010.01.22	Trojan/Downloader.Bagle.cez
TrendMicro	9.120.0.1004	2010.01.22	-
VBA32	3.12.12.1	2010.01.21	Trojan-Downloader.Win32.Bagle.cez
ViRobot	2010.1.22.2150	2010.01.22	Trojan.Win32.Downloader-Bagle.813568
VirusBuster	5.0.21.0	2010.01.21	Trojan.DL.Bagle.ACTS
Information additionnelle
File size: 1354601 bytes
MD5...: 1650b9c6657a190860d6df89178da2a5
SHA1..: 5911e439cef1d22f8b573e5d67c64dd5ab316e3b
SHA256: 2f7edb6119cdc8ea4b881c2a1e63df6dd6629e36653a7dedd276f8338dac58c6
ssdeep: 24576:67sD9GOL7JKSomg8gaM0TFROcXHHNVW3f8kx9se6xE9/:ks4OL7JDo0F/d
tsLsK/
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: ZIP compressed archive (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): Themida
packers (Authentium): Themida

mimie17 · Answer

et voilà pour le 3ième


 Fichier 4ylfvxjb.zip reçu le 2010.01.22 07:17:16 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 32/41 (78.05%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 2.
L'heure estimée de démarrage est entre 58 et 83 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email: 	
	
Antivirus 	Version 	Dernière mise à jour 	Résultat
a-squared	4.5.0.50	2010.01.22	-
AhnLab-V3	5.0.0.2	2010.01.22	Win-Trojan/Bagle.813568.C
AntiVir	7.9.1.146	2010.01.21	TR/Dldr.Bagle.cez
Antiy-AVL	2.0.3.7	2010.01.21	Trojan/Win32.Bagle.gen
Authentium	5.2.0.5	2010.01.22	W32/Themida_Packed!Eldorado
Avast	4.8.1351.0	2010.01.22	-
AVG	9.0.0.730	2010.01.21	Win32/Cryptor
BitDefender	7.2	2010.01.22	Trojan.Generic.2963967
CAT-QuickHeal	10.00	2010.01.22	TrojanDownloader.Bagle.cez
ClamAV	0.94.1	2010.01.22	-
Comodo	3666	2010.01.22	Heur.Suspicious
DrWeb	5.0.1.12222	2010.01.22	Win32.HLLM.Beagle.618
eSafe	7.0.17.0	2010.01.21	-
eTrust-Vet	35.2.7251	2010.01.21	Win32/ASuspect.HACJR
F-Prot	4.5.1.85	2010.01.21	W32/Themida_Packed!Eldorado
F-Secure	9.0.15370.0	2010.01.22	Trojan-Downloader:W32/Bagle.gen!A
Fortinet	4.0.14.0	2010.01.22	W32/Packed.B
GData	19	2010.01.22	Trojan.Generic.2963967
Ikarus	T3.1.1.80.0	2010.01.22	Trojan-Downloader.Win32.Bagle
Jiangmin	13.0.900	2010.01.22	TrojanDownloader.Bagle.bmz
K7AntiVirus	7.10.951	2010.01.20	Trojan-Downloader.Win32.Bagle.cez
Kaspersky	7.0.0.125	2010.01.22	Trojan-Downloader.Win32.Bagle.cez
McAfee	5868	2010.01.21	Generic Downloader.x!cjz
McAfee+Artemis	5868	2010.01.21	Generic Downloader.x!cjz
McAfee-GW-Edition	6.8.5	2010.01.21	Trojan.Dldr.Bagle.cez
Microsoft	1.5405	2010.01.22	TrojanDownloader:Win32/Bagle.gen!A
NOD32	4795	2010.01.22	Win32/Bagle.UN
Norman	6.04.03	2010.01.21	DLoader.ACMWD
nProtect	2009.1.8.0	2010.01.22	-
Panda	10.0.2.2	2010.01.21	Generic Trojan
PCTools	7.0.3.5	2010.01.22	-
Prevx	3.0	2010.01.22	-
Rising	22.31.04.03	2010.01.22	Trojan.Win32.Generic.51F5D957
Sophos	4.50.0	2010.01.22	Mal/Generic-A
Sunbelt	3.2.1858.2	2010.01.22	Backdoor.Win32.Ircbot.gen (v)
Symantec	20091.2.0.41	2010.01.22	-
TheHacker	6.5.0.9.158	2010.01.22	Trojan/Downloader.Bagle.cez
TrendMicro	9.120.0.1004	2010.01.22	-
VBA32	3.12.12.1	2010.01.21	Trojan-Downloader.Win32.Bagle.cez
ViRobot	2010.1.22.2150	2010.01.22	Trojan.Win32.Downloader-Bagle.813568
VirusBuster	5.0.21.0	2010.01.21	Trojan.DL.Bagle.ACTS
Information additionnelle
File size: 952456 bytes
MD5...: eac1da3205fa0b1d6c7f19c9e9b1630a
SHA1..: da0233ef2362ad543aa521df03d77e34537b572b
SHA256: a260eea96b3c40d2ae2f7e46fa1eaaf5eecad7bb8458fc34fe7df51c10179b02
ssdeep: 24576:uvc9sD9GOL7JKSomg8gaM0TFROcXHHNVW3f8kx9se6xE9V:Bs4OL7JDo0F
/dtsLsKV
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
packers (Authentium): Themida
packers (F-Prot): Themida
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: ZIP compressed archive (100.0%)
pdfid.: -

mimie17 · Answer

voilà j'ai vidé la quarantaine de MBAM et j'ai passé bitdefender en ligne voilà le rapport BitDefender QuickScan Beta 32-bit v0.9.9.0 ------------------------------------------ Date de l'analyse : Fri Jan 22 09:21:23 2010 ID de la machine : 50BC8CC2 Aucune infection détectée. ---------------------------- Processus --------- AntiVir Desktop 3120 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe AntiVir Desktop 1544 C:\Program Files\Avira\AntiVir Desktop\avguard.exe AntiVir Desktop 1424 C:\Program Files\Avira\AntiVir Desktop\sched.exe hp digital imaging 3524 C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe hpwuSchd Application 2984 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe Firefox 1404 C:\Program Files\Mozilla Firefox\firefox.exe hp digital imaging 3896 C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe hp digital imaging 3248 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Java(TM) Platform SE 6 U12 1580 C:\Program Files\Java\jre6\bin\jqs.exe Microsoft Search Enhancement Pack 1680 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe Microsoft® Windows® Operating System 1036 C:\WINDOWS\System32\alg.exe Microsoft® Windows® Operating System 656 C:\WINDOWS\system32\csrss.exe Microsoft® Windows® Operating System 736 C:\WINDOWS\system32\lsass.exe Microsoft® Windows® Operating System 1372 C:\WINDOWS\system32\spoolsv.exe Microsoft® Windows® Operating System 916 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System 976 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System 1072 C:\WINDOWS\System32\svchost.exe Microsoft® Windows® Operating System 1160 C:\WINDOWS\System32\svchost.exe Microsoft® Windows® Operating System 1244 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System 1744 C:\WINDOWS\System32\svchost.exe Microsoft® Windows® Operating System 3340 C:\WINDOWS\system32\wuauclt.exe NMSAccessU.exe 1604 C:\Program Files\CDBurnerXP\NMSAccessU.exe NVIDIA Driver Helper Service, Version 94.24 1616 C:\WINDOWS\System32 vsvc32.exe Système d'exploitation Microsoft® Windows® 2772 C:\WINDOWS\Explorer.EXE Système d'exploitation Microsoft® Windows® 724 C:\WINDOWS\system32\services.exe Système d'exploitation Microsoft® Windows® 608 C:\WINDOWS\System32\smss.exe Système d'exploitation Microsoft® Windows® 648 C:\WINDOWS\System32\wbem\wmiapsrv.exe Système d'exploitation Microsoft® Windows® 680 C:\WINDOWS\system32\winlogon.exe Activité du réseau ------------------ Processus firefox.exe (1404) connecté sur le port 80 (HTTP) - wy-in-f147.1e100.net Processus firefox.exe (1404) connecté sur le port 80 (HTTP) - wy-in-f138.1e100.net Processus firefox.exe (1404) connecté sur le port 80 (HTTP) - wy-in-f100.1e100.net Processus firefox.exe (1404) connecté sur le port 80 (HTTP) - a92-123-12-20.deploy.akamaitechnologies.com Processus firefox.exe (1404) connecté sur le port 80 (HTTP) - *.122.2o7.net Processus firefox.exe (1404) connecté sur le port 80 (HTTP) - 81.52.160.74 Processus firefox.exe (1404) connecté sur le port 80 (HTTP) - ww-in-f113.1e100.net Processus firefox.exe (1404) connecté sur le port 80 (HTTP) - 66.40.145.26 Processus svchost.exe (976) écoute sur les ports: 135 (RPC) Fichiers critiques et Autorun ----------------------------- AntiVir Desktop C:\Program Files\Avira\AntiVir Desktop\avgnt.exe hp digital imaging C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe nwiz.exe C:\WINDOWS\system32 wiz.exe hpwuSchd Application C:\Program Files\HP\HP Software Update\HPWuSchd2.exe Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe Adobe Reader and Acrobat Manager C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe hp digital imaging C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll NVIDIA Compatible Windows 2000 Display driver, Ver C:\WINDOWS\System32\NvCpl.dll NVIDIA Media Center Library C:\WINDOWS\System32\NvMcTray.dll Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\browseui.dll Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\crypt32.dll Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\cscdll.dll Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\logonui.exe Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\mstinit.exe Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\sclgntfy.dll Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\shell32.dll Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\stobject.dll Système d'exploitation Microsoft® Windows® c:\windows\system32\userinit.exe Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\webcheck.dll Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\wlnotify.dll Plugins du navigateur --------------------- bdoscandel.exe C:\WINDOWS\bdoscandel.exe bdscanonline C:\WINDOWS\Downloaded Program Files\oscan8.ocx bdupd.dll C:\WINDOWS\Downloaded Program Files\bdupd.dll Installer Control C:\WINDOWS\Downloaded Program Files\CONFLICT.1\InstallerControl.dll Installer Control C:\WINDOWS\Downloaded Program Files\InstallerControl.dll ipsupd.dll C:\WINDOWS\Downloaded Program Files\ipsupd.dll Java(TM) Platform SE 6 U12 c:\program files\java\jre6\bin\jp2ssv.dll Java(TM) Platform SE 6 U12 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll nppdf32.FRA C:\Program Files\Internet Explorer\plugins ppdf32.FRA nppdf32.FRA C:\Program Files\Mozilla Firefox\plugins ppdf32.FRA Orange Installer Plugin C:\Documents and Settings\MYRIAM\Application Data\Mozilla\Firefox\Profiles/pt4d2ij2.default\extensions\{4D9AE42B-F4C0-40e6-AEDB-4EC6E42B77AF}\plugins pOrangeInstaller.dll Shockwave for Director C:\Program Files\Mozilla Firefox\plugins p32dsw.dll Zylom Plugin C:\Program Files\Mozilla Firefox\plugins pzylomgamesplayer.dll AcroIEHelperShim Library c:\program files\fichiers communs\adobe\acrobat\activex\acroiehelpershim.dll Adobe Acrobat C:\Program Files\Internet Explorer\plugins ppdf32.dll Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins ppdf32.dll BitDefender QuickScan C:\Documents and Settings\MYRIAM\Application Data\Mozilla\Firefox\Profiles/pt4d2ij2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll BitDefender QuickScan C:\Documents and Settings\MYRIAM\Application Data\Mozilla\Firefox\Profiles/pt4d2ij2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins pqscan.dll ddfotg.1.0.0.37 C:\WINDOWS\Downloaded Program Files\ddfotg.1.0.0.37.dll DinerDash.1.0.0.98 C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.98.dll DinerDash2_fr.1.0.0.70 C:\WINDOWS\Downloaded Program Files\CONFLICT.1\DinerDash2_fr.1.0.0.70.dll DinerDash2_fr.1.0.0.70 C:\WINDOWS\Downloaded Program Files\DinerDash2_fr.1.0.0.70.dll Dldrv2 ActiveX Control Module C:\WINDOWS\Downloaded Program Files\Dldrv.ocx Java(TM) Platform SE 6 U12 C:\Program Files\Mozilla Firefox\plugins pdeploytk.dll Messenger C:\Program Files\Messenger\msmsgs.exe Microsoft Office 2003 C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL Microsoft Office Live Plug-in for Firefox C:\Program Files\Microsoft\Office Live pOLW.dll Microsoft Search Helper Extention c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll Microsoft® Windows Live Login Helper c:\program files\fichiers communs\microsoft shared\windows live\windowslivelogin.dll Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe Microsoft® Windows® Operating System C:\WINDOWS\system32 svpsp.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins pnul32.dll MSN® Games by Zone.com C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ZIntro.ocx MSN® Games by Zone.com C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll MSN® Games by Zone.com C:\WINDOWS\Downloaded Program Files\ZIntro.ocx NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll Silverlight Plug-In C:\Program Files\Microsoft Silverlight\3.0.40624.0 pctrl.dll Sweetopia.1.0.0.46 C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.46.dll Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\mswsock.dll Système d'exploitation Microsoft® Windows® C:\WINDOWS\system32\shdocvw.dll UNO Messenger C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll Windows Live Toolbar c:\program files\windows live oolbar\wltcore.dll Windows Live® Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll Analyse ------- Le(s) fichier(s) suivant(s) doit/doivent être téléchargé(s) pour une analyse côté serveur: C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_e602b262\System.Drawing.dll Le téléchargement vers le serveur a démarré - 1 fichier(s) téléchargement vers le serveur : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_e602b262\System.Drawing.dll - 835584 octets, hash : 57719b4a396cf22ae31b8ab0045c0880 Vitesse de téléchargement vers le serveur - 39 KB/s Téléchargement vers le serveur terminé - 1 téléchargés vers le serveur, 0 ont échoué Le(s) fichier(s) téléchargé(s) vers le serveur est/sont sain(s) Analyse terminée - la communication a duré 22 secondes Trafic total - 0.86 Mo envoyés, 3.13 Ko reçus 1192 fichiers et modules analysés - 56 seconds

crapoulou · Answer

C'est un faux positif pour ton logiciel acheté, pas de souci.

******

Envoie tous ces dossiers :

c:\windows\java\Packages\YCJ1NVRF.ZIP
c:\windows\java\Packages\VPZ735RX.ZIP
c:\windows\java\Packages\RDZHBD3F.ZIP­
c:\windows\java\Packages\O09797PJ.ZIP­
c:\windows\java\Packages\mtz93lbx.zip­
c:\windows\java\Packages\GF93T3J7.ZIP­
c:\windows\java\Packages\43VVLNH3.ZIP
c:\windows\java\Packages\4ylfvxjb.zip


Ici :
http://analysis.avira.com/samples/

Quand je rentre chez moi, je te les ferai envoyer ailleurs pour faire remonter les infos.
Dis moi quand c'est fait ;-)...
Merci.

mimie17 · Answer

ça y est j'ai tout envoyé

crapoulou · Answer

Fais la même chose ici :
http://uploads.malwarebytes.org/

******

Je me renseigne auprès de quelqu'un s'il les désire aussi.

mimie17 · Answer

C'est fait

crapoulou · Answer

Parfait, je dois y aller, je te tiens au courant en fin d'après midi je l'espère.
Ne touche pas les archives envoyées infectées. On les enlèvera plus tard.
Bonne après-midi.

mimie17 · Answer

pas de problème ça je l'avais compris je deviens plus forte, lol merci

crapoulou · Answer

En effet, en étant désinfecté on apprend beucoup !

https://www.ionos.fr/?affiliate_id=77097

Envoie les mêmes fichiers ici stp.

mimie17 · Answer

Tu m'as appris beaucoup

j'ai réussi a envoyer le premier fichier
par contre dès le 2ième j'ai ce message

les fichiers avec l'extension ZIP ne peuvent être uploadés !

est-ce que c'est que je les envoies à la suite, faut-il que j'attende un moment

crapoulou · Answer

Bizarre si le premier est passé.
Essaye en un autre que celui qui ne passe pas.

mimie17 · Answer

voilà les messages qui apparaissent: 

Les fichiers avec l'extension .ZIP ne peuvent pas être uploadés !

j'ai pu en envoyé que 2 sur les 8 que j'ai

mimie17 · Answer

y a rien à faire j'essaie de nouveau demain
 bonne soirée bonne nuit bien que les tiennes doivent être courtes avec l'aide que tu nous apportes et encore merci

crapoulou · Answer

Oubli l'upload si t'arrive pas encore une fois.

On tentera autre chose demain pour finir proprement et ne rien laisser (OAD).
Bonne nuit et à demain.

crapoulou · Answer

Télécharge OAD sur ton bureau : = = = = =>>> En cliquant ici <<<= = = = = * Double clique sur le OAD pour le lancer. * Tape ceci dans la fenêtre qui s’ouvre 43VVLNH3 * Type de recherche : sélectionne l’option 6 puis valide [Entrée]. OAD va maintenant rechercher le fichier. Laisse le travailler jusqu’à ce qu’il ait terminé. Le rapport de recherche s’affichera automatiquement à dès qu’il en aura terminé. (résultat.txt). * Fais un copier / coller de ce rapport dans ton prochain message. Note : Suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient(e) !

mimie17 · Answer

Pour upload rien à faire

voilà le rapport OAD

 23/01/2010 ----  9:57:35,57  

----------------------------------
§§§§§§ [43VVLNH3] §§§§§§
----------------------------------
[X] Registre
[  ] Fichier (rapide)
[  ] Fichier (disque systeme)
[X] Fichier (complete)




********************
     [Registre] 
********************


[HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"h"="C:\WINDOWS\java\Packages\43VVLNH3.ZIP"

[HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip]
"b"="C:\WINDOWS\java\Packages\43VVLNH3.ZIP"

*******************
     [Fichier] 
*******************

c:\Documents and Settings\MYRIAM\Recent\43VVLNH3.ZIP.lnk
c:\WINDOWS\$NtServicePackUninstall$\43vvlnh3.zip
c:\WINDOWS\java\Packages\43VVLNH3.ZIP


*********************
     [Même date] 
*********************

C:\cc_20100122_103506.reg 
C:\Config.Msi 
C:\Program 
C:\Ad-Remover 
C:\Ad-Report-SCAN[1].log 
C:\Backup.bkf 
C:\cc_20100121_215041.reg 
C:\ComboFix.txt 
C:\FindyKill 
C:\Qoobox 
C:\RECYCLER 
C:sit 
C:\TCleaner.txt 
C:\WINDOWS\inf 
C:\WINDOWS\Installer 
C:\WINDOWS\SchedLgU.Txt 
C:\WINDOWS\setupapi.log 
C:\WINDOWS\WinSxS 
C:\WINDOWS\$NtServicePackUninstall$ 
C:\WINDOWS\AppPatch 
C:\WINDOWS\ban_list.txt 
C:\WINDOWS\Downloaded 
C:\WINDOWS\erdnt 
C:\WINDOWS\Microsoft.NET 
C:\WINDOWS\Registration 
C:\WINDOWSepair 
C:\WINDOWS\system.ini 
C:\WINDOWS\system32 
C:\WINDOWS\Tasks 
C:\WINDOWS\system32\drivers 
C:\WINDOWS\system32\. 
C:\WINDOWS\system32\.. 
C:\WINDOWS\system32\NtmsData 
C:\WINDOWS\system32\drivers\. 
C:\WINDOWS\system32\drivers\.. 



----------------------------------
§§§§§ Fin Rapport §§§§§ 
----------------------------------

crapoulou · Answer

Intéressant !
Je vais te demander pas mal de travail !

Qu'y a-t-il dans ces dossiers stp ? (Toujours avec les fichiers cachés affichées ainsi que les fichiers système).

C:\WINDOWS\system32\.
C:\WINDOWS\system32\..
C:\WINDOWS\system32\drivers\.
C:\WINDOWS\system32\drivers\.. 

******

Refais l'étape OAD avec ce script à chaque fois (autant de rapport que de lignes en-dessous :

YCJ1NVRF.ZIP

VPZ735RX.ZIP

RDZHBD3F.ZIP­

O09797PJ.ZIP­

mtz93lbx.zip­

GF93T3J7.ZIP­

4ylfvxjb.zip

Poste les rapports ici, on y verra plus clair :
http://cijoint.fr/

mimie17 · Answer

Désolé j'ai du m'absenter ce matin
pour le travail aucun problème tu m'as tellement aidé aucun soucis

dans les fameux dossiers
 C:\WINDOWS\system32\.
C:\WINDOWS\system32\..
C:\WINDOWS\system32\drivers\.
C:\WINDOWS\system32\drivers\.. 

y a des tonnes de trucs et je sais même pas ce que c'est moi et il faut que j'en fasse quoi 

C'est en passant OAD que tu vas savoir ????

Sinon on est pas arrivé s'il faut que je te décrive tout ce que j'ai dans ces dossiers

là je t'envoie le lien pour la première ligne


http://www.cijoint.fr/cjlink.php?file=cj201001/cijC8YsW35.txt

mimie17 · Answer

Je -envoie tout les liens en même temps à partir de la 2ième ligne que tu m'as donné :

http://www.cijoint.fr/cjlink.php?file=cj201001/cijfyzafqS.txt

http://www.cijoint.fr/cjlink.php?file=cj201001/cijLZSGTNP.txt

http://www.cijoint.fr/cjlink.php?file=cj201001/cijJfzIhuC.txt

http://www.cijoint.fr/cjlink.php?file=cj201001/cijs0zO2VS.txt

http://www.cijoint.fr/cjlink.php?file=cj201001/cijp1w4wpU.txt

http://www.cijoint.fr/cjlink.php?file=cj201001/cijM3zMUUO.txt

voilà

crapoulou · Answer

Arf, je suis têtu, réessaye sans le .zip de la fin (le point aussi à enlever).

mimie17 · Answer

http://www.cijoint.fr/cjlink.php?file=cj201001/cijKujm4SA.txt

http://www.cijoint.fr/cjlink.php?file=cj201001/cijMhtDC9r.txt

http://www.cijoint.fr/cjlink.php?file=cj201001/cij3pDe9h4.txt

j'ai recommence sans le .Zip mais tous le rapport qui s'ouvrent sont les mêmes c'est normal je continue ou pas

crapoulou · Answer

Je veux te faire effacer proprement toutes les traces, c'est pour cette raison que je t'embête avec toutes ces manipulations.

Toujours les fichiers et dossiers cachés affichés, fais analyser ce fichier sur virustotal en envoyant le rapport comme tu l'as fait précédemment.

c:\WINDOWS\$NtServicePackUninstall$\vpz735rx.zip

mimie17 · Answer

Bonjour,
tu ne m'embêtes pas du tout, j'avais simplement peur de faire une mauvaise manipulation, donc je t'envoie les liens manquants: 

http://www.cijoint.fr/cjlink.php?file=cj201001/cijywc7AeD.txt

http://www.cijoint.fr/cjlink.php?file=cj201001/cijpF4j7Cu.txt

http://www.cijoint.fr/cjlink.php?file=cj201001/cijZBTFm4B.txt

http://www.cijoint.fr/cjlink.php?file=cj201001/cijjoUIf2H.txt


et le rapport de VirusTotal


 Fichier vpz735rx.zip reçu le 2010.01.25 08:58:13 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 34/41 (82.93%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 42 et 60 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email: 	
	
Antivirus 	Version 	Dernière mise à jour 	Résultat
a-squared	4.5.0.50	2010.01.25	-
AhnLab-V3	5.0.0.2	2010.01.23	Win-Trojan/Bagle.813568.C
AntiVir	7.9.1.150	2010.01.25	TR/Dldr.Bagle.cez
Antiy-AVL	2.0.3.7	2010.01.22	Trojan/Win32.Bagle.gen
Authentium	5.2.0.5	2010.01.24	W32/Themida_Packed!Eldorado
Avast	4.8.1351.0	2010.01.25	-
AVG	9.0.0.730	2010.01.24	Win32/Cryptor
BitDefender	7.2	2010.01.25	Trojan.Generic.2963967
CAT-QuickHeal	10.00	2010.01.25	TrojanDownloader.Bagle.cez
ClamAV	0.94.1	2010.01.25	-
Comodo	3702	2010.01.25	Heur.Suspicious
DrWeb	5.0.1.12222	2010.01.25	Win32.HLLM.Beagle.618
eSafe	7.0.17.0	2010.01.24	-
eTrust-Vet	35.2.7258	2010.01.25	Win32/ASuspect.HACJR
F-Prot	4.5.1.85	2010.01.24	W32/Themida_Packed!Eldorado
F-Secure	9.0.15370.0	2010.01.25	Trojan-Downloader:W32/Bagle.gen!A
Fortinet	4.0.14.0	2010.01.25	W32/Packed.B
GData	19	2010.01.25	Trojan.Generic.2963967
Ikarus	T3.1.1.80.0	2010.01.25	Trojan-Downloader.Win32.Bagle
Jiangmin	13.0.900	2010.01.24	TrojanDownloader.Bagle.bmz
K7AntiVirus	7.10.952	2010.01.22	Trojan-Downloader.Win32.Bagle.cez
Kaspersky	7.0.0.125	2010.01.25	Trojan-Downloader.Win32.Bagle.cez
McAfee	5871	2010.01.24	Generic Downloader.x!cjz
McAfee+Artemis	5871	2010.01.24	Generic Downloader.x!cjz
McAfee-GW-Edition	6.8.5	2010.01.25	Trojan.Dldr.Bagle.cez
Microsoft	1.5405	2010.01.25	TrojanDownloader:Win32/Bagle.gen!A
NOD32	4802	2010.01.24	Win32/Bagle.UN
Norman	6.04.03	2010.01.25	DLoader.ACMWD
nProtect	2009.1.8.0	2010.01.24	-
Panda	10.0.2.2	2010.01.24	Generic Trojan
PCTools	7.0.3.5	2010.01.25	Spyware.Keylogger
Prevx	3.0	2010.01.25	-
Rising	22.32.00.04	2010.01.25	Trojan.Win32.Generic.51F5D957
Sophos	4.50.0	2010.01.25	Mal/Generic-A
Sunbelt	3.2.1858.2	2010.01.24	Backdoor.Win32.Ircbot.gen (v)
Symantec	20091.2.0.41	2010.01.25	Spyware.Keylogger
TheHacker	6.5.0.9.162	2010.01.25	Trojan/Downloader.Bagle.cez
TrendMicro	9.120.0.1004	2010.01.25	-
VBA32	3.12.12.1	2010.01.23	Trojan-Downloader.Win32.Bagle.cez
ViRobot	2010.1.25.2153	2010.01.25	Trojan.Win32.Downloader-Bagle.813568
VirusBuster	5.0.21.0	2010.01.24	Trojan.DL.Bagle.ACTS
Information additionnelle
File size: 807420 bytes
MD5...: a64be261ae6423ba7c2cfd596a752701
SHA1..: 1008c8062ee975f7cdf33905fa0cad5200945c06
SHA256: 92778fbbfa815a9e736b7fb1808331cf0eba23e280cabb5d4d51f630c29336a0
ssdeep: 24576:JsD9GOL7JKSomg8gaM0TFROcXHHNVW3f8kx9se6xE9S:Js4OL7JDo0F/dt
sLsKS
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
packers (F-Prot): Themida
packers (Authentium): Themida
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
pdfid.: -
trid..: ZIP compressed archive (100.0%)

crapoulou · Answer

Allez, c'est parti : /!\ Procédure réservée à miemie17. Ne tentez pas de la reproduire si vous avez un problème similaire sous peine de planter votre machine /!\ Télécharge OTM (de Old_Timer) sur ton Bureau. = = = = >>> En cliquant ici <<< = = = = Une fois installé sur le bureau, double-clique sur OTMoveIt.exe pour le lancer. Assure toi que la case Unregister Dll’s and Ocx’s soit bien cochée Copie la liste qui se trouve en gras ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt : Paste Instructions for Items to be moved. :Procédure is: :Files c:\windows\$NtServicePackUninstall$\YCJ1NVRF.dat c:\windows\$NtServicePackUninstall$\VPZ735RX.dat c:\windows\$NtServicePackUninstall$\RDZHBD3F.Zdat c:\windows\$NtServicePackUninstall$\O09797PJ.Zdat c:\windows\$NtServicePackUninstall$\mtz93lbx.zdat c:\windows\$NtServicePackUninstall$\GF93T3J7.Zdat c:\windows\$NtServicePackUninstall$\43VVLNH3.dat c:\windows\$NtServicePackUninstall$\4ylfvxjb.dat c:\WINDOWS\$NtServicePackUninstall$\4ylfvxjb.dat c:\WINDOWS\$NtServicePackUninstall$\4ylfvxjb.zip c:\windows\$NtServicePackUninstall$\YCJ1NVRF.ZIP c:\windows\$NtServicePackUninstall$\VPZ735RX.ZIP c:\windows\$NtServicePackUninstall$\RDZHBD3F.ZIP c:\windows\$NtServicePackUninstall$\O09797PJ.ZIP c:\windows\$NtServicePackUninstall$\mtz93lbx.zip c:\windows\$NtServicePackUninstall$\GF93T3J7.ZIP c:\windows\$NtServicePackUninstall$\43VVLNH3.ZIP c:\windows\$NtServicePackUninstall$\4ylfvxjb.zip c:\windows\java c:\WINDOWS\java C:\WINDOWS\ban_list.txt :reg [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Global Namespace\Java Packages] [HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*] "h"=- [HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip] "b"=- :Commands [purity] [emptytemp] [Reboot] Clique sur MoveIt! pour lancer la suppression. Après avoir fait Moveit!, une fenêtre s’affiche : "The system requires a reboot to finish removing files. Do you want to reboot now ?" Réponds Yes. Le résultat apparaîtra dans le cadre "Results". Clique sur Exit pour fermer. Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

mimie17 · Answer

je n'ai pas trouvé la case à cocher Unregister Dll’s and Ocx’s

j'ai lancé quand même je te poste le rapport

All processes killed
Error: Unable to interpret <:Procédure is:> in the current context!
========== FILES ==========
File/Folder c:\windows\$NtServicePackUninstall$\YCJ1NVRF.dat not found.
File/Folder c:\windows\$NtServicePackUninstall$\VPZ735RX.dat not found.
File/Folder c:\windows\$NtServicePackUninstall$\RDZHBD3F.Zdat not found.
File/Folder c:\windows\$NtServicePackUninstall$\O09797PJ.Zdat not found.
File/Folder c:\windows\$NtServicePackUninstall$\mtz93lbx.zdat not found.
File/Folder c:\windows\$NtServicePackUninstall$\GF93T3J7.Zdat not found.
File/Folder c:\windows\$NtServicePackUninstall$\43VVLNH3.dat not found.
c:\windows\$NtServicePackUninstall$\4ylfvxjb.dat moved successfully.
File/Folder c:\WINDOWS\$NtServicePackUninstall$\4ylfvxjb.dat not found.
c:\WINDOWS\$NtServicePackUninstall$\4ylfvxjb.zip moved successfully.
c:\windows\$NtServicePackUninstall$\ycj1nvrf.zip moved successfully.
c:\windows\$NtServicePackUninstall$\vpz735rx.zip moved successfully.
File/Folder c:\windows\$NtServicePackUninstall$\RDZHBD3F.ZIP­ not found.
File/Folder c:\windows\$NtServicePackUninstall$\O09797PJ.ZIP­ not found.
File/Folder c:\windows\$NtServicePackUninstall$\mtz93lbx.zip­ not found.
File/Folder c:\windows\$NtServicePackUninstall$\GF93T3J7.ZIP­ not found.
c:\windows\$NtServicePackUninstall$\43vvlnh3.zip moved successfully.
File/Folder c:\windows\$NtServicePackUninstall$\4ylfvxjb.zip not found.
c:\windows\java	rustlib folder moved successfully.
c:\windows\java\Packages\Data folder moved successfully.
c:\windows\java\Packages folder moved successfully.
c:\windows\java\classes folder moved successfully.
c:\windows\java folder moved successfully.
File/Folder c:\WINDOWS\java not found.
C:\WINDOWS\ban_list.txt moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Global Namespace\Java Packages\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Softw­are\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenS­aveMRU\* not found.
Registry value HKEY_USERS\S-1-5-21-57989841-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip\b not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
 
User: Administrateur.PCMIMI
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
 
User: Administrateur.PCMIMI.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
 
User: ADMINI~1~PCM
 
User: All Users
 
User: connerie
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
 
User: MYRIAM
->Temp folder emptied: 156777693 bytes
->Temporary Internet Files folder emptied: 46994 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 83756910 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 16373 bytes
 
Total Files Cleaned = 230,00 mb
 
 
OTM by OldTimer - Version 3.1.6.0 log created on 01252010_110447

Files moved on Reboot...

Registry entries deleted on Reboot...

crapoulou · Answer

Très bien !

****

Fais une analyse complète de ton système avec Antivir que tu auras préalablement mis à jour.
Poste le rapport ici.

mimie17 · Answer

Bonjour,

N'ayant plus de nouvelles de ta part je présume que tout va bien pour mon pc, tiens moi au courant que je puisse que je puisse le mettre en résolu, ça serait la moindre des choses de ma part, et encore merci pour toute ton aide.

mimie17 · Answer

t'as pas eu le rapport antivir? et mince je vais essayer de le retrouver

mimie17 · Answer

je l'ai le voilà, j'etais persuadé l'avoir posté

Avira AntiVir Personal
Date de création du fichier de rapport : lundi 25 janvier 2010  11:29

La recherche porte sur 1637243 souches de virus.

Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
Numéro de série         : 0000149996-ADJIE-0000001
Plateforme              : Windows XP
Version de Windows      : (Service Pack 3)  [5.1.2600]
Mode Boot               : Démarré normalement
Identifiant             : SYSTEM
Nom de l'ordinateur     : PCMIMI

Informations de version :
BUILD.DAT               : 9.0.0.74      21698 Bytes  04/12/2009 13:56:00
AVSCAN.EXE              : 9.0.3.10     466689 Bytes  13/10/2009 10:25:46
AVSCAN.DLL              : 9.0.3.0       49409 Bytes  03/03/2009 09:21:02
LUKE.DLL                : 9.0.3.2      209665 Bytes  20/02/2009 10:35:11
LUKERES.DLL             : 9.0.2.0       13569 Bytes  03/03/2009 09:21:31
VBASE000.VDF            : 7.10.0.0   19875328 Bytes  06/11/2009 13:56:32
VBASE001.VDF            : 7.10.1.0    1372672 Bytes  19/11/2009 13:56:32
VBASE002.VDF            : 7.10.3.1    3143680 Bytes  20/01/2010 13:56:32
VBASE003.VDF            : 7.10.3.2       2048 Bytes  20/01/2010 13:56:32
VBASE004.VDF            : 7.10.3.3       2048 Bytes  20/01/2010 13:56:32
VBASE005.VDF            : 7.10.3.4       2048 Bytes  20/01/2010 13:56:32
VBASE006.VDF            : 7.10.3.5       2048 Bytes  20/01/2010 13:56:32
VBASE007.VDF            : 7.10.3.6       2048 Bytes  20/01/2010 13:56:32
VBASE008.VDF            : 7.10.3.7       2048 Bytes  20/01/2010 13:56:32
VBASE009.VDF            : 7.10.3.8       2048 Bytes  20/01/2010 13:56:32
VBASE010.VDF            : 7.10.3.9       2048 Bytes  20/01/2010 13:56:32
VBASE011.VDF            : 7.10.3.10      2048 Bytes  20/01/2010 13:56:32
VBASE012.VDF            : 7.10.3.11      2048 Bytes  20/01/2010 13:56:32
VBASE013.VDF            : 7.10.3.12      2048 Bytes  20/01/2010 13:56:32
VBASE014.VDF            : 7.10.3.45    173568 Bytes  22/01/2010 15:47:02
VBASE015.VDF            : 7.10.3.46      2048 Bytes  22/01/2010 15:47:02
VBASE016.VDF            : 7.10.3.47      2048 Bytes  22/01/2010 15:47:02
VBASE017.VDF            : 7.10.3.48      2048 Bytes  22/01/2010 15:47:02
VBASE018.VDF            : 7.10.3.49      2048 Bytes  22/01/2010 15:47:02
VBASE019.VDF            : 7.10.3.50      2048 Bytes  22/01/2010 15:47:03
VBASE020.VDF            : 7.10.3.51      2048 Bytes  22/01/2010 15:47:03
VBASE021.VDF            : 7.10.3.52      2048 Bytes  22/01/2010 15:47:03
VBASE022.VDF            : 7.10.3.53      2048 Bytes  22/01/2010 15:48:04
VBASE023.VDF            : 7.10.3.54      2048 Bytes  22/01/2010 15:48:04
VBASE024.VDF            : 7.10.3.55      2048 Bytes  22/01/2010 15:48:04
VBASE025.VDF            : 7.10.3.56      2048 Bytes  22/01/2010 15:48:47
VBASE026.VDF            : 7.10.3.57      2048 Bytes  22/01/2010 15:48:47
VBASE027.VDF            : 7.10.3.58      2048 Bytes  22/01/2010 15:48:47
VBASE028.VDF            : 7.10.3.59      2048 Bytes  22/01/2010 15:48:47
VBASE029.VDF            : 7.10.3.60      2048 Bytes  22/01/2010 15:48:47
VBASE030.VDF            : 7.10.3.61      2048 Bytes  22/01/2010 15:48:47
VBASE031.VDF            : 7.10.3.64     81408 Bytes  25/01/2010 10:28:49
Version du moteur       : 8.2.1.150
AEVDF.DLL               : 8.1.1.3      106868 Bytes  23/01/2010 15:48:48
AESCRIPT.DLL            : 8.1.3.12     823675 Bytes  23/01/2010 15:48:48
AESCN.DLL               : 8.1.3.1      127348 Bytes  22/01/2010 13:56:32
AESBX.DLL               : 8.1.1.1      246132 Bytes  22/01/2010 13:56:32
AERDL.DLL               : 8.1.3.4      479605 Bytes  22/01/2010 13:56:32
AEPACK.DLL              : 8.2.0.5      422262 Bytes  22/01/2010 13:56:32
AEOFFICE.DLL            : 8.1.0.38     196987 Bytes  22/01/2010 13:56:32
AEHEUR.DLL              : 8.1.0.195   2232695 Bytes  22/01/2010 13:56:32
AEHELP.DLL              : 8.1.10.0     237942 Bytes  22/01/2010 13:56:32
AEGEN.DLL               : 8.1.1.83     369014 Bytes  22/01/2010 13:56:32
AEEMU.DLL               : 8.1.1.0      393587 Bytes  22/01/2010 13:56:32
AECORE.DLL              : 8.1.9.5      184693 Bytes  22/01/2010 13:56:32
AEBB.DLL                : 8.1.0.3       53618 Bytes  22/01/2010 13:56:32
AVWINLL.DLL             : 9.0.0.3       18177 Bytes  12/12/2008 07:47:30
AVPREF.DLL              : 9.0.3.0       44289 Bytes  26/08/2009 14:13:31
AVREP.DLL               : 8.0.0.3      155905 Bytes  20/01/2009 13:34:28
AVREG.DLL               : 9.0.0.0       36609 Bytes  07/11/2008 14:24:42
AVARKT.DLL              : 9.0.0.3      292609 Bytes  24/03/2009 14:05:22
AVEVTLOG.DLL            : 9.0.0.7      167169 Bytes  30/01/2009 09:36:37
SQLITE3.DLL             : 3.6.1.0      326401 Bytes  28/01/2009 14:03:49
SMTPLIB.DLL             : 9.2.0.25      28417 Bytes  02/02/2009 07:20:57
NETNT.DLL               : 9.0.0.0       11521 Bytes  07/11/2008 14:40:59
RCIMAGE.DLL             : 9.0.0.25    2438913 Bytes  17/06/2009 12:44:26
RCTEXT.DLL              : 9.0.73.0      88321 Bytes  02/11/2009 15:58:32

Configuration pour la recherche actuelle :
Nom de la tâche...............................: Contrôle intégral du système
Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp
Documentation.................................: bas
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: C:, E:, 
Recherche dans les programmes actifs..........: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Tous les fichiers
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen

Début de la recherche : lundi 25 janvier 2010  11:29

La recherche d'objets cachés commence.
'50574' objets ont été contrôlés, '0' objets cachés ont été trouvés.

La recherche sur les processus démarrés commence :
Processus de recherche 'BubbleTown.exe' - '1' module(s) sont contrôlés
Processus de recherche 'BubbleTown.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hpqste08.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hpqimzone.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hpqtra08.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hpwuSchd2.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmiapsrv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SeaPort.exe' - '1' module(s) sont contrôlés
Processus de recherche 'HPZipm12.exe' - '1' module(s) sont contrôlés
Processus de recherche 'nvsvc32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'NMSAccessU.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'32' processus ont été contrôlés avec '32' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
    [INFO]      Aucun virus trouvé !
Secteur d'amorçage maître HD1
    [INFO]      Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
    [INFO]      Aucun virus trouvé !
Secteur d'amorçage 'E:\'
    [INFO]      Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '57' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\' <SYSTEM>
C:\pagefile.sys
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
    [REMARQUE]  Ce fichier est un fichier système Windows.
    [REMARQUE]  Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:\Documents and Settings\MYRIAM\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLIST.ZIP
  [0] Type d'archive: ZIP
    --> crack/patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.cez
C:\Documents and Settings\MYRIAM\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLISTRELATED.ZIP
  [0] Type d'archive: ZIP
    --> keygen/patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.cez
C:\Program Files\Fichiers communs\Java\Update\Base Images\jre1.6.0.b105\core1.zip
  [0] Type d'archive: ZIP
    --> keygen/patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.cez
C:\Program Files\Fichiers communs\Java\Update\Base Images\jre1.6.0.b105\core2.zip
  [0] Type d'archive: ZIP
    --> crack/patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.cez
C:\Program Files\Fichiers communs\Java\Update\Base Images\jre1.6.0.b105\core3.zip
  [0] Type d'archive: ZIP
    --> crack/patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.cez
C:\Program Files\Fichiers communs\Java\Update\Base Images\jre1.6.0.b105\extra.zip
  [0] Type d'archive: ZIP
    --> keygen/patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.cez
C:\Program Files\Fichiers communs\Java\Update\Base Images\jre1.6.0.b105\other.zip
  [0] Type d'archive: ZIP
    --> keygen/patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.cez
C:\Program Files\Java\jre1.6.0_03\lib\deploy\ffjcext.zip
  [0] Type d'archive: ZIP
    --> keygen/patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.cez
C:\Program Files\Java\jre6\lib\deploy\ffjcext.zip
  [0] Type d'archive: ZIP
    --> patch/keygen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.cez
C:\Program Files\MPMAN\MP Manager\jre\lib\deploy\ffjcext.zip
  [0] Type d'archive: ZIP
    --> keygen/keygen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.cez
C:\Program Files\Windows Media Player
pdrmv2.zip
  [0] Type d'archive: ZIP
    --> keygen/crack.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.cez
C:\Program Files\Windows Media Player
pds.zip
  [0] Type d'archive: ZIP
    --> keygen/crack.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.cez
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\data.oct.vir
    [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\1-2-3 PieCharts 1.0.zip.vir
  [0] Type d'archive: ZIP
    --> crac.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\1Click DVD Copy v4.1.1.8 WinALL Incl Keygen Repack by BLiZZARD.zip.vir
  [0] Type d'archive: ZIP
    --> install.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\1st DVD Ripper v5.0.1.zip.vir
  [0] Type d'archive: ZIP
    --> crac.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\3D Matrix ScreenSaver- The Endless Corridors (Serial).zip.vir
  [0] Type d'archive: ZIP
    --> key_gen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\3DField 1.77.zip.vir
  [0] Type d'archive: ZIP
    --> install_crack.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\A1 DVD Ripper Professional 1.0.xx 1.0.xx (Serial).zip.vir
  [0] Type d'archive: ZIP
    --> install_crack.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\A1 Website Download v1.2.8 by AHCU.zip.vir
  [0] Type d'archive: ZIP
    --> install_crack.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Access Animation v1.90 by TMG.zip.vir
  [0] Type d'archive: ZIP
    --> setup.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Acoustica MP3 CD Burner v4.0.95 by EMBRACE.zip.vir
  [0] Type d'archive: ZIP
    --> install.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Ad Muncher 4.06.zip.vir
  [0] Type d'archive: ZIP
    --> crac.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Adobe PageMaker Plug-in Pack for InDesign CS 1.0 (Serial).zip.vir
  [0] Type d'archive: ZIP
    --> install_patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Advanced Replacer v1.1 by LasH.zip.vir
  [0] Type d'archive: ZIP
    --> patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Aglare All to 3GP MP4 iPod Zune iPhone Converter 7.0.zip.vir
  [0] Type d'archive: ZIP
    --> crac.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Aha Password and Info Manager 7.61.00.zip.vir
  [0] Type d'archive: ZIP
    --> patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Album Player v2.12 by DiGERATi.zip.vir
  [0] Type d'archive: ZIP
    --> install_crack.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Alcohol 120 Percent v1.3.4 build 1106 by LasH.zip.vir
  [0] Type d'archive: ZIP
    --> patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Alive CD Ripper 1.1.0.2.zip.vir
  [0] Type d'archive: ZIP
    --> run.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Allok Audio Converter 1.1.0 CrAcKed.zip.vir
  [0] Type d'archive: ZIP
    --> install_crack.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Alltags Planer 99.09 (Serial).zip.vir
  [0] Type d'archive: ZIP
    --> key_gen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Andromeda Screen Shot Saver 2.38.zip.vir
  [0] Type d'archive: ZIP
    --> crac.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Aone Ultra Video Splitter v3.7.0 by BRD.zip.vir
  [0] Type d'archive: ZIP
    --> patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Archon Weld Calculator 6.0 (Serial).zip.vir
  [0] Type d'archive: ZIP
    --> install_patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Aresuki 3.0 for Mac.zip.vir
  [0] Type d'archive: ZIP
    --> key_generator.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\ASE ChartDirector for Python v4.0 Solaris Incl Keymaker by ZWT.zip.vir
  [0] Type d'archive: ZIP
    --> patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Ashampoo Burning Studio v5.0.1 by EMBRACE.zip.vir
  [0] Type d'archive: ZIP
    --> patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Audio Developer SDK 1.0 (crack).zip.vir
  [0] Type d'archive: ZIP
    --> install_crack.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Available Domains 1.02 (Serial).zip.vir
  [0] Type d'archive: ZIP
    --> keygen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\AVS DV to DVD 1.2.1.102-key.zip.vir
  [0] Type d'archive: ZIP
    --> patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\BackupXpress Pro 2.72.35.176 (Serial).zip.vir
  [0] Type d'archive: ZIP
    --> crac.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Bali PLANNING v5.48.zip.vir
  [0] Type d'archive: ZIP
    --> keygen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Benutec RamCleaner v3.55 build 1726.zip.vir
  [0] Type d'archive: ZIP
    --> setup.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Bibliotheque 3.0 for Mac.zip.vir
  [0] Type d'archive: ZIP
    --> key_generator.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Binary Vortex 2.7.zip.vir
  [0] Type d'archive: ZIP
    --> patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\BluePrint Personal Edition 1.2.7 (Serial).zip.vir
  [0] Type d'archive: ZIP
    --> install_crack.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\BoXiKoN v1.5.2 WinALL CRACKED by iNDUCT.zip.vir
  [0] Type d'archive: ZIP
    --> run.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Bram Stokers Dracula (1993) (Psygnosis) FULL!.zip.vir
  [0] Type d'archive: ZIP
    --> run.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\BT Printer List ActiveX v2.0.2.2 by DSi.zip.vir
  [0] Type d'archive: ZIP
    --> install_patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Bubble Frenzy Remix v2.1.zip.vir
  [0] Type d'archive: ZIP
    --> key_gen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Bubble Trouble 1.0.0 for Mac.zip.vir
  [0] Type d'archive: ZIP
    --> install_crack.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Bulker v3.24 WinALL Incl Keygen by BLiZZARD.zip.vir
  [0] Type d'archive: ZIP
    --> install_patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Bytegeist Ghost Trails v3.0 for 3DSMAX v6.zip.vir
  [0] Type d'archive: ZIP
    --> crac.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\CalendarMirror for Outlook 2.1 keygen.zip.vir
  [0] Type d'archive: ZIP
    --> patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Call of Duty Modern Warfare 2 NO INTRO FIX.zip.vir
  [0] Type d'archive: ZIP
    --> patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Call of Duty World at War v1.5 MULTIHACK.zip.vir
  [0] Type d'archive: ZIP
    --> key_gen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Capturix VideoSpy 2007 Enterprise Edition v4.10.2096 by TE.zip.vir
  [0] Type d'archive: ZIP
    --> key_generator.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Cartesia Map Art Clip Art Pack vAll for Mac.zip.vir
  [0] Type d'archive: ZIP
    --> setup.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Catalogue Pro v4.2.21 by diGERATi.zip.vir
  [0] Type d'archive: ZIP
    --> patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\CFi ShellToys XP 2.0.1.zip.vir
  [0] Type d'archive: ZIP
    --> install_crack.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Chaser Keygen.zip.vir
  [0] Type d'archive: ZIP
    --> keygen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\CHN Calculator 4 for Mac.zip.vir
  [0] Type d'archive: ZIP
    --> serial.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Classical Spanish Solitaires 1.0.zip.vir
  [0] Type d'archive: ZIP
    --> key_gen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\CodeTangler Professional 2.0.zip.vir
  [0] Type d'archive: ZIP
    --> install.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\ColorImpact v2.3.0.308 Winall Cracked by iNFECTED.zip.vir
  [0] Type d'archive: ZIP
    --> run.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Command Mail v2.21 by TMG.zip.vir
  [0] Type d'archive: ZIP
    --> key_generator.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Connectpc v1.1 WinALL Incl Keygen by ECLiPSE.zip.vir
  [0] Type d'archive: ZIP
    --> patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\CopyToCD v1.06b.zip.vir
  [0] Type d'archive: ZIP
    --> keygen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Crossword Construction Kit v4.0.3.1 by Core.zip.vir
  [0] Type d'archive: ZIP
    --> install_patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\CUSeeMe Windows PC for Mac.zip.vir
  [0] Type d'archive: ZIP
    --> keygen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\CyberLink StreamAuthor 1.0.zip.vir
  [0] Type d'archive: ZIP
    --> setup.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\DacEasy Order Entry Network 9.10.zip.vir
  [0] Type d'archive: ZIP
    --> keygen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Dark Sector v1.0 [MULTI2] +4 TRAINER #1.zip.vir
  [0] Type d'archive: ZIP
    --> key_gen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Deneba Canvas all versions for Mac.zip.vir
  [0] Type d'archive: ZIP
    --> install.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\DialogBlocks v4.10 Unicode by ACME.zip.vir
  [0] Type d'archive: ZIP
    --> install.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Digital Physiognomy v1.x Generic by FFF.zip.vir
  [0] Type d'archive: ZIP
    --> serial.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\DigitByte Studio Traffic Counter v2.0.zip.vir
  [0] Type d'archive: ZIP
    --> install.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Directory Toolkit v3.2.zip.vir
  [0] Type d'archive: ZIP
    --> setup.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Doppelganger 3.1.zip.vir
  [0] Type d'archive: ZIP
    --> run.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\dotConnect for SQL Server 2.05.49.zip.vir
  [0] Type d'archive: ZIP
    --> serial.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\DropFolder 1.01.zip.vir
  [0] Type d'archive: ZIP
    --> key_gen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\DVD Rebuilder Pro v1.09 by DVT.zip.vir
  [0] Type d'archive: ZIP
    --> patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\dvdXSoft DVD to iPhone Converter v1.42 by AT4RE.zip.vir
  [0] Type d'archive: ZIP
    --> crac.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\DzWords 1.29 (Serial).zip.vir
  [0] Type d'archive: ZIP
    --> patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\EasyText 3.5 (Serial).zip.vir
  [0] Type d'archive: ZIP
    --> crac.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\eAuction Watcher 2.3.5 beta 10.zip.vir
  [0] Type d'archive: ZIP
    --> setup.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\EAUpload 1.3.1 patch.zip.vir
  [0] Type d'archive: ZIP
    --> key_gen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\EBP Compta Facturation 2005 v9.1 R2BIS 877 French RETAIL by RESET.zip.vir
  [0] Type d'archive: ZIP
    --> setup.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Elite Software Ecoord v3.0.11 Incl Keyfilemaker by AGAiN.zip.vir
  [0] Type d'archive: ZIP
    --> crac.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Email Man 3.0.1.12011.zip.vir
  [0] Type d'archive: ZIP
    --> keygen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Embird Alphabet 10 1.0.zip.vir
  [0] Type d'archive: ZIP
    --> crac.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Enable Toolbox 2.3d build 9.zip.vir
  [0] Type d'archive: ZIP
    --> setup.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\English-Spanish Interpreter (ESI) Standard 1.31.zip.vir
  [0] Type d'archive: ZIP
    --> key_gen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\ESP Mail Check 2.0 Beta 3.zip.vir
  [0] Type d'archive: ZIP
    --> keygen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Fancy DVD Copy v2.0 WinALL Incl Keygen by BRD.zip.vir
  [0] Type d'archive: ZIP
    --> install.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Fast Exit Pro 1.06 (Serial).zip.vir
  [0] Type d'archive: ZIP
    --> run.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Feeding Frenzy 2.9.16.1 (Serial).zip.vir
  [0] Type d'archive: ZIP
    --> install_crack.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Financial Advisor for Excel Full Access 4.1.0.zip.vir
  [0] Type d'archive: ZIP
    --> key_gen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Finanzrechner 1.0.zip.vir
  [0] Type d'archive: ZIP
    --> serial.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Fire Frenzy Retail JAVA SE K810 by RLYEH.zip.vir
  [0] Type d'archive: ZIP
    --> serial.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Folder Encryption Fairy v3.5.zip.vir
  [0] Type d'archive: ZIP
    --> run.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\GameHouse Super Jigsaw Flowers by BalCrNepal.zip.vir
  [0] Type d'archive: ZIP
    --> run.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Gene Troopers v1.0 +5 TRAINER.zip.vir
  [0] Type d'archive: ZIP
    --> keygen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Goetz's Graphics Kit 1.02.zip.vir
  [0] Type d'archive: ZIP
    --> crac.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\goUpdater 1.0.4.51.zip.vir
  [0] Type d'archive: ZIP
    --> install_patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\GretagMacbeth ProfileMaker Pro v4.1.5.108 (CD) and 4.1.5.110 (WEB).zip.vir
  [0] Type d'archive: ZIP
    --> install_patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\GTA San Andreas v1.0 +10 TRAINER 2.zip.vir
  [0] Type d'archive: ZIP
    --> keygen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Heinecke Airomate v1.02 by HAZE.zip.vir
  [0] Type d'archive: ZIP
    --> setup.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Hello Engines 3.0 (Serial).zip.vir
  [0] Type d'archive: ZIP
    --> patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\HGSBuchArchiv 4.01 (Serial).zip.vir
  [0] Type d'archive: ZIP
    --> install_crack.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\His Grepship v4.2.1.6 Keymaker Only REPACK by ACME.zip.vir
  [0] Type d'archive: ZIP
    --> patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\History sweeper XXL 3.7.40.078.zip.vir
  [0] Type d'archive: ZIP
    --> keygen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Hoolicon 2.01 Updated.zip.vir
  [0] Type d'archive: ZIP
    --> key_generator.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\HTMLPad 2000.3 x Beta.zip.vir
  [0] Type d'archive: ZIP
    --> crac.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Hucks Rocket Boot Hero v1.2 by AERiS.zip.vir
  [0] Type d'archive: ZIP
    --> crac.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\IAS Log Viewer 2.28.zip.vir
  [0] Type d'archive: ZIP
    --> setup.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Icon Processor v3.0 by SND.zip.vir
  [0] Type d'archive: ZIP
    --> key_generator.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\IdentaFone 4.3.zip.vir
  [0] Type d'archive: ZIP
    --> patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Image Editor 3.1.02.zip.vir
  [0] Type d'archive: ZIP
    --> keygen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Import-Export Studio v2.2.zip.vir
  [0] Type d'archive: ZIP
    --> install_crack.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Installed Programs Finder 1.0.zip.vir
  [0] Type d'archive: ZIP
    --> install_crack.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Investintech Sonic PDF Creator v2.0 WinALL Cracked by iNViSiBLE.zip.vir
  [0] Type d'archive: ZIP
    --> keygen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Invoy 2.00.2.zip.vir
  [0] Type d'archive: ZIP
    --> install.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\ISpQ VideoChat 5.0.zip.vir
  [0] Type d'archive: ZIP
    --> key_gen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\ItsTime 2.8e-key.zip.vir
  [0] Type d'archive: ZIP
    --> serial.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\J. River Media JukeBox v8.0.265.zip.vir
  [0] Type d'archive: ZIP
    --> run.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\JetBoat SuperChamps (Serial).zip.vir
  [0] Type d'archive: ZIP
    --> crac.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\jigpix 2.5 serial by TSRh.zip.vir
  [0] Type d'archive: ZIP
    --> run.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\JProbe Profiler Professional Edition 2.0 (Serial).zip.vir
  [0] Type d'archive: ZIP
    --> install_crack.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\KeyView Pro 6.5.zip.vir
  [0] Type d'archive: ZIP
    --> keygen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\KoolMoves 1.95.zip.vir
  [0] Type d'archive: ZIP
    --> serial.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Lavalys EVEREST Corporate Edition v5.00.1650 by CRD.zip.vir
  [0] Type d'archive: ZIP
    --> crac.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Little Hopper's Math Tac Toe 1.1.zip.vir
  [0] Type d'archive: ZIP
    --> install_crack.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Magic SWF2AVI v1.10 by FFF.zip.vir
  [0] Type d'archive: ZIP
    --> patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Mailcoach 2 x (Serial).zip.vir
  [0] Type d'archive: ZIP
    --> install.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\MakeMS v2.7.zip.vir
  [0] Type d'archive: ZIP
    --> crac.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\McFunSoft DVD Creator v7.8 WinALL Regged by iNDUCT.zip.vir
  [0] Type d'archive: ZIP
    --> install_patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\MEDIAKG FotoWorks v9.1.4 German WinALL Incl Keygen by ViRiLiTY.zip.vir
  [0] Type d'archive: ZIP
    --> key_generator.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Microsoft VirtualEarth Satellite Downloader v3.203 by AHCU.zip.vir
  [0] Type d'archive: ZIP
    --> crac.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Millennium 2000 World Book International Standard English Edition (Serial).zip.vir
  [0] Type d'archive: ZIP
    --> setup.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Mini Video Converter Video to iPhone Converter by AT4RE.zip.vir
  [0] Type d'archive: ZIP
    --> setup.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Mocha Telnet for Vista 1.0.zip.vir
  [0] Type d'archive: ZIP
    --> install_patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Motherload Goldium Edition v1.006 by DELiGHT.zip.vir
  [0] Type d'archive: ZIP
    --> key_generator.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\MP3 Disc Burner v1.60 by LasH.zip.vir
  [0] Type d'archive: ZIP
    --> patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\MySuperSoft Flash2Video v3.68.950 by DVT.zip.vir
  [0] Type d'archive: ZIP
    --> setup.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\MySuperSoft SuperAVConverter v7.6.3500 by DVT.zip.vir
  [0] Type d'archive: ZIP
    --> serial.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Mytoolsoft Batch WaterMark v1.5 by FFF.zip.vir
  [0] Type d'archive: ZIP
    --> setup.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Nero Burning ROM Enterprise Edition v6.6.0.1.zip.vir
  [0] Type d'archive: ZIP
    --> crac.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\NetCetera Rida Rida Ranka v2.5.1.8 SWEDISH by TFT.zip.vir
  [0] Type d'archive: ZIP
    --> key_generator.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\NetInfo v3.0 build 1116.zip.vir
  [0] Type d'archive: ZIP
    --> keygen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\NetSpy 3.0.zip.vir
  [0] Type d'archive: ZIP
    --> setup.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\NextUp Talker v1.011 by TBE.zip.vir
  [0] Type d'archive: ZIP
    --> install_crack.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\NFS Underground 2 [US] EURO CARS UNLOCKED.zip.vir
  [0] Type d'archive: ZIP
    --> install.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\NFS Underground v1.3.4 +6 TRAINER.zip.vir
  [0] Type d'archive: ZIP
    --> serial.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Norbyte Petal Palace v1.0.6 CRACKED by RHE.zip.vir
  [0] Type d'archive: ZIP
    --> crac.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Norton Antivirus for Macintosh Subscription Renewal 9.x for Mac (Serial).zip.vir
  [0] Type d'archive: ZIP
    --> run.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Noughts and Crosses 1.0.zip.vir
  [0] Type d'archive: ZIP
    --> patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\OandO Defrag Server Edition 8.0.1398 (2005-06-08) (Serial).zip.vir
  [0] Type d'archive: ZIP
    --> serial.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Olympic Organizer Deluxe v2.7 WinALL by CHiCNCREAM.zip.vir
  [0] Type d'archive: ZIP
    --> key_gen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Omaitek OmaiProtect v1.00 for SymbianOS7 S60.zip.vir
  [0] Type d'archive: ZIP
    --> run.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\OrgScheduler 5.7.zip.vir
  [0] Type d'archive: ZIP
    --> keygen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\OTTER 1.3.26.129-key.zip.vir
  [0] Type d'archive: ZIP
    --> install.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Palm Heroes v1.03 Retail Russian by RLYEH.zip.vir
  [0] Type d'archive: ZIP
    --> serial.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Pariah v1.02 [ENGLISH] Fixed EXE.zip.vir
  [0] Type d'archive: ZIP
    --> run.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\PC Door Guard v2.8.0.0 Serial.zip.vir
  [0] Type d'archive: ZIP
    --> serial.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Pdf File Splitter 1 CrAcKed.zip.vir
  [0] Type d'archive: ZIP
    --> install.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Phelios Super Sprites 1.6 (Serial).zip.vir
  [0] Type d'archive: ZIP
    --> key_gen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Pile Volume 2.1.6.zip.vir
  [0] Type d'archive: ZIP
    --> patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Platinum FTP Server 1.0.18 (Serial).zip.vir
  [0] Type d'archive: ZIP
    --> setup.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Poker Break 1.0 (Serial).zip.vir
  [0] Type d'archive: ZIP
    --> install.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Polar Studio 6.35 (crack).zip.vir
  [0] Type d'archive: ZIP
    --> patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Pop3check XP 1.0.1009.zip.vir
  [0] Type d'archive: ZIP
    --> serial.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Predator 1.4 (Serial).zip.vir
  [0] Type d'archive: ZIP
    --> serial.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\PS to Tiff 2.0.zip.vir
  [0] Type d'archive: ZIP
    --> install_crack.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Psiloc irRemote Control for Series60.1.65 for Symbian.zip.vir
  [0] Type d'archive: ZIP
    --> install_patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Quick ePics 3.2.3.zip.vir
  [0] Type d'archive: ZIP
    --> crac.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\RA Dicey 1.0.117.zip.vir
  [0] Type d'archive: ZIP
    --> run.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\RegistryFix v6.0 Keymaker Only by EMBRACE.zip.vir
  [0] Type d'archive: ZIP
    --> key_gen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Remove 4.0.zip.vir
  [0] Type d'archive: ZIP
    --> crac.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Romi v3.3 by LasH.zip.vir
  [0] Type d'archive: ZIP
    --> keygen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Sage 100 Comptabilite SQL v13.01 French RETAIL by RESET.zip.vir
  [0] Type d'archive: ZIP
    --> patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Sage Moyens de Paiement 100 v13.00 French RETAIL by RESET.zip.vir
  [0] Type d'archive: ZIP
    --> patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\SaveForm 2.31.zip.vir
  [0] Type d'archive: ZIP
    --> key_generator.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Security Administrator 7.1.zip.vir
  [0] Type d'archive: ZIP
    --> patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Setup Specialist 2001.zip.vir
  [0] Type d'archive: ZIP
    --> patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\SFR visCrypt v1.2.0 Retail for PocketPC by RLYEH.zip.vir
  [0] Type d'archive: ZIP
    --> key_generator.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Shadow Remote Administartor 1.04a.zip.vir
  [0] Type d'archive: ZIP
    --> serial.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Smart report maker 1.2 keygen.zip.vir
  [0] Type d'archive: ZIP
    --> install_crack.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Snooper 3.43.zip.vir
  [0] Type d'archive: ZIP
    --> install.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\SobolSoft Find and Replace Multiple Items At Once Software by AT4RE.zip.vir
  [0] Type d'archive: ZIP
    --> install_patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Source Guard Professional 2.0 (Serial).zip.vir
  [0] Type d'archive: ZIP
    --> setup.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\SpeedAddress v2006.04 German by BLiZZARD.zip.vir
  [0] Type d'archive: ZIP
    --> install.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\speedlaunch 1.0 cracked prc by TSRh.zip.vir
  [0] Type d'archive: ZIP
    --> serial.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\SPX Instant Screen Capture 4.41.zip.vir
  [0] Type d'archive: ZIP
    --> keygen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Spy Bouncer v1.32 by CSS.zip.vir
  [0] Type d'archive: ZIP
    --> key_generator.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\SpyRemover v1.64 by Lucid.zip.vir
  [0] Type d'archive: ZIP
    --> install_crack.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\SQL Dictionary Swedish Portuguese 1.0.zip.vir
  [0] Type d'archive: ZIP
    --> install_crack.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\SQLMerger 2.1.zip.vir
  [0] Type d'archive: ZIP
    --> install_crack.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\StartPro 2.0 B2.zip.vir
  [0] Type d'archive: ZIP
    --> setup.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Steinberg My MP3 Pro 5 (Serial).zip.vir
  [0] Type d'archive: ZIP
    --> crac.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Stomp RecordNow MAX v4.50.zip.vir
  [0] Type d'archive: ZIP
    --> install.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Studo 10.0 Plus ( Serial ) 10.0 Plus (Serial).zip.vir
  [0] Type d'archive: ZIP
    --> key_gen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Super Disk Reder 98.1.0.zip.vir
  [0] Type d'archive: ZIP
    --> serial.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Supersoft PROPHET 2008 by TSRh.zip.vir
  [0] Type d'archive: ZIP
    --> install_patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\SwitchSniffer v1.2.0 WinNT Cracked by GRACO.zip.vir
  [0] Type d'archive: ZIP
    --> keygen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Text tree 1.2.zip.vir
  [0] Type d'archive: ZIP
    --> install.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\TGS Open Inventor v6.0 for VC6 Incl Licgen by TBE.zip.vir
  [0] Type d'archive: ZIP
    --> keygen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\The Cleaner Professional v4.1.zip.vir
  [0] Type d'archive: ZIP
    --> key_gen.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\ThumbsUp 3.5.zip.vir
  [0] Type d'archive: ZIP
    --> install_crack.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\TinyIRC Pro v2.0.1.zip.vir
  [0] Type d'archive: ZIP
    --> key_generator.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\Trash It 1.71.zip.vir
  [0] Type d'archive: ZIP
    --> run.exe
      [RESULTAT]  Contient le cheval de Troie TR/Dldr.Bagle.buz
C:\Qoobox\Quarantine\C\Documents and Settings\MYRIAM\Application Data\m\shared\TrendMedium 2.75.zip.vir
  [

mimie17 · Answer

pourquoi j'arrive pas à te le poster je l'avais retrouvé et je te l'ai envoyer je vais recommencer

mimie17 · Answer

j'espère que tu pourras l'ouvrir j'ai du le renommer :

http://www.cijoint.fr/cjlink.php?file=cj201001/cijQVsj82o.txt

crapoulou · Answer

C'est bon pour ton lien.
Il a été bloqué, un modérateur l'a affiché ici :
https://forums.commentcamarche.net/forum/affich-16170035-probleme-logiciel-de-securite?page=8#150
(Il est incomplet mais bon sur ton lien, j'ai tout).

********

Vide la quarantaine d'Antivir.

********

Peux-tu me générer un nouveau rapport RSIT ?
(log.txt).

mimie17 · Answer

voilà le rapport RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by MYRIAM at 2010-01-29 11:30:25
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 34 GB (69%) free of 50 GB
Total RAM: 1023 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:34, on 29/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Bubble Town\BubbleTown.exe
C:\Program Files\Bubble Town\BubbleTown.exe
C:\Documents and Settings\MYRIAM\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\MYRIAM.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mozilla.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5392B545-31A5-4724-BEF3-4FED1D56FDAC} (CPlayFirstDinerDash2_frControl Object) - file://C:\Documents and Settings\MYRIAM\Local Settings\Application Data\Oberon Media\Oberon Games Host\DinerDash2_fr.1.0.0.70.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://charon777.free.fr/plugins/hardwaredetection_2_0_4_10.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

crapoulou · Answer

Relance Hijackthis. Il se situe ici : C:\Program Files\Trend Micro\HijackThis\MYRIAM.exe Clique sur "Do a system scan only". Coche ces lignes : R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341 O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') Clique ensuite sur fix checked. Ferme Hijackthis. ********** Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques : Télécharge Toolscleaner sur ton Bureau = = = =>>> En cliquant ici <<<= = = = * Double-clique sur ToolsCleaner2.exe et laisse le travailler * Clique sur Recherche et laisse le scan se terminer. * Clique sur Suppression pour finaliser. * Tu peux, si tu le souhaites, te servir des Options facultatives. * Clique sur Quitter, pour que le rapport puisse se créer. * Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse. ********** Tu as des traces d'Avast Il existe un utilitaire pour désinstaller Avast proprement : Télécharge le = = = =>>> En cliquant ici <<<= = = = et suis la procédure expliquée sur ce lien. ********* Mets à jour Internet Explorer en téléchargeant la version 8 (même si tu ne l’utilises pas, sinon c’est une faille de sécurité de ne pas le tenir à jour…) = = = =>>> En cliquant ici <<<= = = = ********* * Télécharge Ccleaner Slim : = = = = >>> En cliquant ici <<< = = = = * Installe le. * Choisis l’onglet Nettoyeur Quitte ton navigateur Internet avant de le lancer, décoche la dernière case (Avancé si elle est cochée) puis clique sur "lancer le nettoyage" quand il aura terminé le scan cliques en bas à droite sur "lancer le nettoyage" et accepte par oui. Attention, il risque de vider ta corbeille : si tu veux récupérer des fichiers effacés par erreur, mieux vaut le faire maintenant. * Choisis l’onglet Registre - Clique sur Chercher des erreurs - Une fois la recherche terminée, clic sur Réparer les erreurs sélectionnées (par défaut, tout est sélectionné, laisse comme ça) - Au message Voulez-vous sauvegarder les changements faits dans le registre, réponds Oui et enregistre le fichier au format « .reg » en le nommant par la date par exemple en le mettant sur le bureau. Puis continue. - A la fenêtre qui s’ouvre ensuite, clique sur Corriger toutes les erreurs sélectionnées puis OK - Recommence jusqu’à ce qu’aucune erreur n’apparaisse (ou une seule récurrente). - Ferme Ccleaner. * Tutoriel en images ICI si besoin. Note : La sauvegarde utilisée permet de remettre tel que la base était avant la manipulation au cas où il y aurait des soucis mais cela ne m’est jamais arrivé ! Il vaut mieux prendre des précautions, c’est tout. ;-) ************ Tu peux garder Malwarebytes anti malware en tant qu’anti malware, il est très efficace. (Même s’il ne résout pas tous les problèmes, bien entendu … !) Par contre, il n’a pas de scan résident en mode gratuit ! Il faut donc pour l’utiliser le lancer, faire les mises à jour et faire un scan complet après.

mimie17 · Answer

en procédant au fur et à mesure voilà le rapport ToolsCleaner2.exe

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche: 

C:\Combofix.txt: trouvé !
C:\Qoobox: trouvé !
C:\_OTM: trouvé !
C:\FindyKill: trouvé !
C:\Rsit: trouvé !
C:\Ad-remover: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\MYRIAM\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\MYRIAM\Bureau\Rsit.exe: trouvé !
C:\Documents and Settings\MYRIAM\Recent\HijackThis.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !
C:\WINDOWS\mbr.exe: trouvé !

---------------------------------
--> Suppression: 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\MYRIAM\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\MYRIAM\Recent\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Documents and Settings\MYRIAM\Bureau\Rsit.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox\Quarantine\catchme.log: supprimé !
C:\WINDOWS\mbr.exe: supprimé !
C:\Qoobox: supprimé !
C:\_OTM: supprimé !
C:\FindyKill: supprimé !
C:\Rsit: supprimé !
C:\Ad-remover: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

crapoulou · Answer

Très bien.
Supprime Toolscleaner et C:\TCleaner.txt.
Tu peux passer à la suite.

mimie17 · Answer

au sujet de la suite pour avast le seule chose que je trouve à telecharger c'est aswclnr.exe c'est  un outil désinfectant avast est-ce que je dois faire analyser ou je tombe pas sur la bonne page quand je clique sur le lien que tu m'as donné

crapoulou · Answer

C'est ceci qu'il faut exécuter :
http://files.avast.com/files/eng/aswclear.exe

crapoulou · Answer

Je reviens en fin d'après-midi, on a pas terminé.

mimie17 · Answer

ok merci à ce soir

crapoulou · Answer

Télécharge ZHPDiag sur ton bureau : = = = = =>>>En cliquant ici <<<= = = = = = Une fois le téléchargement achevé, double clique sur ZHPDiag.exe et suis les instructions pour l’installer. N'oublie pas de cocher la case qui permet de mettre un raccourci sur le Bureau. Double clique sur le raccourci ZHPDiag sur ton Bureau pour le lancer. /!\ L’outil a créé 2 icônes ZHPDiag et ZHPFix /!\ Clique sur le tournevis en haut à droite de ZHPDiag et clique sur Tous pour cocher toutes les cases. Clique sur la loupe pour lancer l'analyse. Laisse l’outil travailler, il peut être assez long, c’est normal. Ferme ZHPDiag en fin d’analyse. Pour transmettre le rapport clique sur ce lien : http://www.cijoint.fr/ Clique sur Parcourir et cherche le répertoire où est installé ZHPDiag (en général C:\Program Files\ZHPDiag). Sélectionne le fichier ZHPDiag.txt. Clique sur "Cliquez ici pour déposer le fichier". Un lien de cette forme : http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt est ajouté dans la page. Copie ce lien dans ta réponse. Télécharge ZHPDiag sur ton bureau : = = = = =>>>En cliquant ici <<<= = = = = = Une fois le téléchargement achevé, double clique sur ZHPDiag.exe et suis les instructions pour l’installer. N'oublie pas de cocher la case qui permet de mettre un raccourci sur le Bureau. Double clique sur le raccourci ZHPDiag sur ton Bureau pour le lancer. /!\ L’outil a créé 2 icônes ZHPDiag et ZHPFix /!\ Clique sur le tournevis en haut à droite de ZHPDiag et clique sur "Tous" pour cocher toutes les cases. Clique sur la loupe pour lancer l'analyse. Laisse l’outil travailler, il peut être assez long, c’est normal. Enregistre le rapport (icône de la Disquette) sur ton PC (repère où tu l’as enregistré). Ferme ZHPDiag en fin d’analyse. Pour transmettre le rapport clique sur ce lien : http://www.cijoint.fr/ Clique sur Parcourir et cherche le répertoire où est installé ZHPDiag (en général C:\Program Files\ZHPDiag). Sélectionne le fichier ZHPDiag.txt. Clique sur "Cliquez ici pour déposer le fichier". Un lien de cette forme : http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt est ajouté dans la page. Copie ce lien dans ta réponse.

mimie17 · Answer

V'là le lien pour ZHP.Diag

http://www.cijoint.fr/cjlink.php?file=cj201001/cijxvRAikq.txt

crapoulou · Answer

Arf, je suis coupable ! Le lien est ancien.
Recommence avec cette version :
ZHPDiag.

mimie17 · Answer

effectivement c'est pas pareil, le raccourci est beaucoup plus joli lol

tiens voici le lien

http://www.cijoint.fr/cjlink.php?file=cj201001/cijcGtgGTy.txt

crapoulou · Answer

lol t'as vu joli le parchemin ;-).
Concrètement, c'est surtout qu'il me fallait les O65 !
J'analyse ça et te tiens au courant.

crapoulou · Answer

Affiche les fichiers et dossiers cachés ainsi que les fichiers du système :
- Mes documents
- Outils
- Options des dossiers
- Onglet « Affichage »
- Coche Afficher les fichiers et dossiers cachés

******

Une jolie infirmière va t'accueillir ici :
http://secubox.gateweb.org/mad.php

Envoie lui ces deux fichiers :
c:\windows\system32\drivers\TCPIP.SYS
c:\windows\system32\dllcache\TCPIP.SYS

Description pour les deux tu mets :

De la part de crapoulou : signature MD5 non vérifiée.
Topic : https://forums.commentcamarche.net/forum/affich-16170035-probleme-logiciel-de-securite?page=6#108
Crapoulou : https://www.commentcamarche.net/communaute/profil-crapoulou?section=mp

mimie17 · Answer

Bonsoir,
Tu me tiendras au courant pour voir si la jolie infirmière a fait du bon boulot, merci

Probleme logiciel de securite

161 réponses

Discussions similaires

Newsletters