Malwares :drive cleaner, spyware-secure,

Résolu
dlewin -  
 ThaNa80 -
salut les gens,

pour faire original j'ai un malware du genre :
drive cleaner, spyware-secure, casino etc- ce sujet existe déjà largement, j'en ait lu pleins. Seulement je ne suis pas sur que ce soit
toujours le même cas pour moi.
En gros : publicité intenpestives et régulières sous Firefox.

J'ai déjà fait en profondeur (scan total + archives) :
- Ad aware
- Avast
-Ccleaner
AVG plante, et le PC est franchement lent malgrè une défragmentation.

Help please !
Configuration: Windows XP
Firefox 2.0.0.3

20 réponses

  1. ThaNa80
     
    Bonjour,

    je suis infestée par bagle, jai téléchargé elibagla je ne sais pas quoi faire ensuite.
    Si vous pouvez m'aider svp !!
    merci

    (22-3-2009 22:27:31)
    EliBagle v12.37 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 18 de Marzo del 2009)
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
    C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
    C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
    gado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\WINUPGRO.EXE --> Bagle Renombrado a .VIR
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\SROSA.SYS --> Bagle(rootkit) Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\SROSA2.SYS --> Eliminado Bagle(rootkit)
    C:\USERS\TOTO\APPDATA\ROAMING\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\M\LIST.OCT --> Eliminado Bagle
    C:\WINDOWS\SYSTEM32\DRIVERS\DOWN\234909296.EXE --> Eliminado Bagle
    C:\WINDOWS\SYSTEM32\DRIVERS\DOWN\308001765.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\100546.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\102459515.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\102497078.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\102579671.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\102596453.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\102631500.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\102718250.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\102767625.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\102892640.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\102905781.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103054656.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103091250.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103106328.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103116218.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103143484.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103161437.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103162937.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103216953.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103236156.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103264062.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103270921.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103290046.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103372500.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103426000.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103510156.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103562546.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103597390.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103699890.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103810796.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103832000.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\103959812.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\104189765.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\104190796.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\104272140.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\104359781.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\104491718.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\104532796.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\104614296.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\1054140.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\105865515.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\105898796.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\105907203.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\1063343.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\106888781.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\107075656.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\107212078.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\107343046.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\112015.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117018484.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117060906.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117154765.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117194828.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117238781.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117329656.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117449062.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117509687.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117553531.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117622343.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117653125.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117700281.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117720843.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117722781.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117741000.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117745390.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117750875.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117805343.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117812421.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117856328.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117872281.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117886625.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117897203.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\117997156.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118040781.EXE --> Eliminado Bagle
    Por favor, envienos una muestra del fichero
    C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.37
    a "virus@satinfo.es". Gracias.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\WINUPGRO.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118269078.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\SROSA.SYS --> Bagle(rootkit) Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118279625.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118317906.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118410984.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118410984.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118412671.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118412671.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118532875.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118532875.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118577015.EXE --> Eliminado Bagle
    gado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118578828.EXE --> Eliminado Bagle
    gado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118696718.EXE --> Eliminado Bagle.dldr
    gado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118786703.EXE --> Eliminado Bagle.dldr
    gado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118980406.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\118980406.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\119029875.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\119029875.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\119060968.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\119060968.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\119184953.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\119184953.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\119301656.EXE --> Eliminado Bagle
    gado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\120469312.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\120469312.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\120502484.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\120502484.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\120510671.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\120510671.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\120583812.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\120583812.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\121351578.EXE --> Eliminado Bagle
    gado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\121382531.EXE --> Eliminado Bagle
    gado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\121402828.EXE --> Eliminado Bagle.dldr
    gado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\121808468.EXE --> Eliminado Bagle.dldr
    gado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\121937343.EXE --> Eliminado Bagle
    gado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\122066703.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\122066703.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\131681234.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\131681234.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\131777046.EXE --> Eliminado Bagle
    gado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\131826484.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\131826484.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\131925093.EXE --> Eliminado Bagle
    gado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132148328.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132152015.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132152015.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132164796.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132164796.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132186734.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132186734.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132236453.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132236453.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132251500.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132251500.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132266234.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132266234.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132345593.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132345593.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132360671.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132360671.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132409296.EXE --> Eliminado Bagle
    gado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132449312.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132463000.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132509531.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132555125.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132586359.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132686140.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132734562.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132979015.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133022984.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133051453.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133105390.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133136765.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133222484.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133284375.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133316218.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133377187.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133770875.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133792484.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\133878812.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\134007453.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\134087359.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\135064250.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\135076453.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\135186125.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\136002125.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\136022656.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\136088203.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\136531281.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\136690250.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\136811359.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\139437.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\146245031.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\146370187.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\146378421.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\146442765.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\146536312.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\146777546.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\146854265.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\146905500.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\146923859.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\146982046.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147010578.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147056656.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147144468.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147184093.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147194000.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147216906.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147268296.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147291437.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147382796.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147426578.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147671578.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147788468.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147793703.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147794531.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14789750.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\147910218.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\148069437.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14829187.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14835812.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\148456578.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14846406.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14848046.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14849109.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\148527312.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\148579531.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14859546.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14859703.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14865812.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14872546.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14876250.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\148770531.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14883765.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\148863109.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14892109.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14897046.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14899390.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14901234.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14912656.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14918046.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14928906.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14930375.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14933468.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14943984.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14951203.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14951390.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14953671.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14961140.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\149626609.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\149659875.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14988296.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14992593.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\14994703.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15001187.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15015593.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15017734.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15023515.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15027125.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15034671.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15047515.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15048093.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\150539718.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15055906.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15057093.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\150577140.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15059109.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\150594953.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\150670312.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15067937.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15071312.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15076015.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15089031.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15092078.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15092250.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15094078.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15096359.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15097218.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15105046.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15105156.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15105500.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15112000.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15117031.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15123046.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15126578.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15129093.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15140078.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15144921.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15156031.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15159968.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15163796.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15167406.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15169437.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15176593.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15177187.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15197437.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15213609.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15215421.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\152156.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15227062.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15237281.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15237359.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15245015.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15246328.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15250593.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15255781.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15256265.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15258093.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15264812.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15271203.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15272968.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15275640.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15276062.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15295171.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15298593.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15305937.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15312609.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15348734.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15357328.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15358500.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15379468.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15393687.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15395578.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15401859.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15403671.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15411953.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15422187.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15436406.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15445812.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15449656.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15479125.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15490140.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15510828.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15517046.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15520015.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15536265.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15548250.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15581078.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15582484.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15583937.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15656390.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15714984.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\15869265.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\160421.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\160625.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\160821906.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\160887968.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161070546.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161114296.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161202484.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161324828.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161438421.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161478109.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161521515.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161664218.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161683093.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161685859.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161725656.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161729843.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161795468.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161842843.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161876234.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161898625.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\161988343.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\162033296.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\162357046.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\162482234.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\162483109.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\162519718.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\162615218.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\162716406.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\162765234.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\162982593.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\163245328.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\163264281.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\163327843.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\163434171.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\163456218.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\163581062.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\164258406.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\164267843.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\164335656.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\165125109.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\165167953.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\175426609.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\175697875.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\175798859.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\175908109.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176028140.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176063562.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176082421.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176295500.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176323734.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176383750.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176398359.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176417640.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176438406.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176463390.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176487468.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176518531.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176576468.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176613156.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\176666296.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\177105062.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\177449343.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\177470031.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\177717218.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\178002562.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\178063234.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\178072515.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\178244906.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\178393203.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\178667906.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\178794343.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\178828468.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\178848734.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\178980421.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\179697671.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\179735312.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\179850218.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\179931109.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\181890.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\185826093.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\185858312.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\186058171.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\186107843.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\190016062.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\190061890.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\190145421.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\190418281.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\190455968.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\190581671.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\190758281.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\190826828.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\190987187.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191015218.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191044453.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191071484.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191078718.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191097625.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191123218.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191125000.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191157187.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191207781.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191232718.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191278171.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191323562.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191875.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191894859.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\191927921.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\192146609.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\192274093.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\192468265.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\192549031.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\192671218.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\192860062.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\192988906.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\193004062.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\193106921.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\193420203.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\193537140.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\193827875.EXE --> Eliminado Bagle
    Por favor, envienos una muestra del fichero
    C:\Muestras\132449312.EXE.Muestra EliBagle v12.37
    a "virus@satinfo.es". Gracias.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\132449312.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\194384109.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\194425187.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\194447734.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\194593921.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\196109.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\196125.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\196843.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\198250.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\200614453.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\200635343.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\200714000.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\200850359.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\203515.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\204609062.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\204663875.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\204745562.EXE --> Eliminado Bagle

    (22-3-2009 22:36:4)
    EliBagle v12.37 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 18 de Marzo del 2009)
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
    C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\SROSA.SYS --> Bagle(rootkit) Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\SROSA.SYS --> Bagle(rootkit) Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\204872203.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\204872203.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\204914531.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\204914531.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205017937.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205017937.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205054984.EXE --> Eliminado Bagle
    gado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205093.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205093.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205218.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205218.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205279328.EXE --> Eliminado Bagle
    gado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205466312.EXE --> Eliminado Bagle
    gado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205624171.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205650093.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205672734.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205672734.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205680171.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205680171.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205693421.EXE --> Eliminado Bagle
    gado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205707562.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205707562.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205728687.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205751453.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205751453.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205766812.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205766812.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205779578.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205779578.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205802046.EXE --> Eliminado Bagle.dldr
    gado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205820812.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205848984.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205848984.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205863953.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205863953.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205901281.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205901281.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205951203.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\205951203.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\206685906.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\206685906.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\206835921.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\206835921.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207066953.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207066953.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207106218.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207106218.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207149265.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207149265.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207272281.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207272281.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207477281.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207477281.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207557796.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207557796.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\207991343.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\208108750.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\208108750.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\208171609.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\208171609.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\208277546.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\208277546.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\208309109.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\208309109.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\208332265.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\208332265.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\209063406.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\209063406.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\209103968.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\209103968.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\209136109.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\209136109.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\209283171.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\209283171.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\209437.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\209437.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\215000.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\215000.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\215359125.EXE --> Eliminado Bagle
    gado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\215388375.EXE --> Eliminado Bagle.dldr
    gado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\215514812.EXE --> Eliminado Bagle
    gado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\215564593.EXE --> Eliminado Bagle
    gado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\217046.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\217046.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\219201078.EXE --> Eliminado Bagle
    gado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\219353531.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\219353531.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\219471156.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\219471156.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\219520375.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\219605906.EXE --> Eliminado Bagle
    gado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220091671.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220091671.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220209109.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220280843.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220280843.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220326218.EXE --> Eliminado Bagle
    gado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220359125.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220359125.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220369609.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220369609.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220388062.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220388062.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220435515.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220435515.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220508218.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220508218.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220516484.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220516484.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220561828.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\220561828.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\221542750.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\221542750.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\221623046.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\221623046.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\221741187.EXE --> Eliminado Bagle.dldr
    gado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\221850109.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\221869953.EXE --> Eliminado Bagle
    gado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222251468.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222251468.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222583984.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222583984.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222658953.EXE --> Eliminado Bagle
    gado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222771093.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222771093.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222775062.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222775062.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222853437.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222853437.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222895921.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222896937.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222896937.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222904203.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222926625.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\222926625.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223002312.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223002312.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223020390.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223020390.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223171.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223171.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223744703.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223744703.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223776546.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223776546.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223782734.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223782734.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223913765.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\223913765.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\227078.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\227078.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\230075796.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\230075796.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\230180562.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\230180562.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\230453.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\230453.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\230750.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\230750.EXE --> Bagle Renombrado a .VIR
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\233871593.EXE --> Eliminado Bagle
    gado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\233912796.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\233912796.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\233995296.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\233995296.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234063781.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234063781.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234107953.EXE --> Eliminado Bagle
    ldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234291156.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234294703.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234294703.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234550453.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234727484.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234727484.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234862984.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234862984.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234969406.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234969406.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234974734.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234974734.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234976578.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\234976578.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\235012078.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\235127625.EXE --> Eliminado Bagle.dldr

    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\235262718.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\235262718.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\236265328.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\236265328.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\236379921.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237110500.EXE --> Eliminado Bagle
    ldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237395765.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237395765.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237453.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237453.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237455718.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237455718.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237470484.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237470484.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237496046.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237496046.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237503718.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237503718.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237572390.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237572390.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237644578.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237644578.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237760812.EXE --> Bagle Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\237760812.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\238406.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\244031.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\245045687.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\238406.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\245064921.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\245365156.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\245064921.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\245640.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\245640.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\248508390.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\248714906.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\248756671.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\248927703.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\249220390.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\249458625.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\249593453.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\249688187.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\249765.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\249774000.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\249812359.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\249835250.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\249980656.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\250041265.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\248508390.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\250970906.EXE --> Bagle.dldr Acceso Denegado.
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\250970906.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\251003625.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\251003625.EXE --> Eliminado Bagle
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\251090171.EXE --> Eliminado Bagle.dldr
    C:\USERS\TOTO\APPDATA\ROAMING\DRIVERS\DOWNLD\251090171.EXE --> Eliminado B
    1
  2. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    télécharge GenProc sur ton bureau
    http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip

    dézippe le dossier, double-clique sur GenProc.bat et poste le contenu du rapport qui s'ouvre

    Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
    0
    1. dlewin
       
      bonjour,

      tout d'abord merci de la réponse; ensuite le rapport généré donne :

      Rapport GenProc 0.37 effectué le 03/04/2007 à 16:41:16,14 - SystemRoot = C:\WINDOWS

      Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.

      # Etape 1/ Télécharge :

      - ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp (clique sur le bouton "Descargar Elibagla") sur ton bureau.
      Lance l'outil ELIBAGLA, de préférence en mode sans échec si tu en as la possibilité, en mode normal dans le cas contraire. Patiente le temps du scan.
      Lorsque c'est terminé, redémarre ton ordinateur.

      # Etape 2/ Lance CCleaner > "Nettoyeur" > "Lancer le nettoyage" et c'est tout.

      # Etape 3/ Poste le contenu du fichier infosat.txt qui se trouve dans Poste de travail > disque C:\ et un nouveau rapport GenProc.


      j'ai volontairement pas encore suivi les directives puisque tu me disait de publier le rapport de Genproc.
      0
  3. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    tu fais très exactement ce que te demande GenProc
    et tu postes les rapports ensuite
    0
  4. dlewin
     
    ok redémarré, effectué la totale avec ccleaner ("cache Firefox ignoré" ?)

    ça donne :

    "
    	  Tue Apr 03 16:48:04 2007
    EliBagle v10.33  (c)2007 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    Eliminada Carpeta "%WinDir%\exefld"
    Restaurada Clave: "SafeBoot\Minimal y Network"
    
    	  Tue Apr 03 16:48:54 2007
    EliBagle v10.33  (c)2007 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\
    
    "
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    vide ton cache de FireFox manuellement
    refais un rapport GenProc comme demandé
    0
  7. dlewin
     
    Après nettoyage cache :
    
    Rapport GenProc 0.37 effectué le 03/04/2007 à 17:28:33,50 - SystemRoot = C:\WINDOWS 
    
    # Etape 1/ Télécharge :  
      
    - ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp (clique sur le bouton "Descargar Elibagla") sur ton bureau.
    Lance l'outil ELIBAGLA, de préférence en mode sans échec si tu en as la possibilité, en mode normal dans le cas contraire. Patiente le temps du scan.
    Lorsque c'est terminé, redémarre ton ordinateur.
    
    # Etape 2/ Lance CCleaner > "Nettoyeur" > "Lancer le nettoyage" et c'est tout.
    
    # Etape 3/ Poste le contenu du fichier infosat.txt qui se trouve dans Poste de travail > disque C:\ et un nouveau rapport GenProc. 
     
    


    et pour infosat.txt

    
    	  Tue Apr 03 16:48:04 2007
    EliBagle v10.33  (c)2007 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    Eliminada Carpeta "%WinDir%\exefld"
    Restaurada Clave: "SafeBoot\Minimal y Network"
    
    	  Tue Apr 03 16:48:54 2007
    EliBagle v10.33  (c)2007 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\
    
    	  Tue Apr 03 17:31:42 2007
    EliBagle v10.33  (c)2007 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    Eliminada Carpeta "%AppData%\Hidires"
    
    	  Tue Apr 03 17:31:53 2007
    EliBagle v10.33  (c)2007 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\
    
    
    0
  8. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    poste un rapport hijack this et refais un GenProc pour vérification
    0
  9. dlewin
     
    voilà :

    Logfile of HijackThis v1.99.1
    Scan saved at 17:57:11, on 03/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
    C:\Program Files\Automation Anywhere 3.5\Automation Anywhere Service.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Automation Anywhere 3.5\AAService.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\LinkStash\lsmon.exe
    C:\WINDOWS\system32\ctfmon.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\LinkStash\lnkstash.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Delphi7SE\Bin\delphi32.exe
    C:\Documents and Settings\HP_Propriétaire\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\www.tootella.org
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [LinkStashMonitor] "C:\Program Files\LinkStash\lsmon.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {E3866A1E-48C9-4381-A9E8-82AC3BDDA921} (FlowChartX Control 3.0) - http://www.mind-fusion.com/fcx_std_30x_trial.CAB
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automation Anywhere Service - Unknown owner - C:\Program Files\Automation Anywhere 3.5\Automation Anywhere Service.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
    0
  10. dlewin
     
    alors ça à donné :

    Rapport GenProc 0.37 effectué le 03/04/2007 à 18:00:22,95 - SystemRoot = C:\WINDOWS 
    
    # Etape 1/ Télécharge :  
      
    - lopxpMH2 http://www.alt-shift-return.org/Info/Fichiers/lopxpMH2.zip sur ton bureau.
    Dézippe-le (clic droit  -> "Extraire ici") et double clique sur le fichier lopxpMH.bat. 
    
    Dans ta prochaine réponse, poste :
    - le contenu du rapport qui va s'ouvrir ;
    - un nouveau rapport GenProc.
    


    voici le contenu du "rapport qui va s'ouvrir"

    Rapport lopxpMH2 version 2.0 fait à 18:00:54,21 le 03/04/2007
    C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp
    
    ******************************************
    ## Répertoires Application Data
    
    
    
     Répertoire de C:\Documents and Settings\All Users\Application Data
    
    25/11/2004  05:25    <REP>          .
    25/11/2004  05:25    <REP>          ..
    23/02/2007  13:23    <REP>          ACD Systems
    06/01/2007  18:12    <REP>          Adobe
    09/03/2007  16:17    <REP>          Adobe Systems
    27/01/2007  16:51    <REP>          Age of Empires 3
    02/01/2005  01:48    <REP>          Apple Computer
    26/03/2007  17:00    <REP>          Blueberry
    02/01/2007  20:29    <REP>          Borland
    26/03/2007  11:40    <REP>          FLEXnet
    02/01/2005  01:34    <REP>          Hewlett-Packard
    02/01/2005  01:44    <REP>          InstallShield
    02/01/2005  01:46    <REP>          InterVideo
    15/03/2007  16:49    <REP>          Macromedia
    25/11/2004  05:25    <REP>          Microsoft
    02/01/2007  20:02    <REP>          Microsoft Help
    02/01/2007  15:59    <REP>          Mindjet
    01/03/2007  10:14    <REP>          Office Genuine Advantage
    02/01/2005  01:48    <REP>          QuickTime
    25/01/2007  20:27    <REP>          Raxco
    03/03/2007  09:48    <REP>          Real
    02/01/2005  01:16    <REP>          SBSI
    24/03/2007  12:01    <REP>          Tarma Installer
    13/02/2007  12:35    <REP>          time 64 meow okay
    11/03/2007  19:43    <REP>          Ubisoft
    15/03/2007  09:54    <REP>          VCOM
    02/01/2007  21:03    <REP>          Windows Genuine Advantage
    27/01/2007  15:44                41 .zreglib
    24/11/2004  00:13                62 desktop.ini
    02/01/2005  01:33             7 332 hpzinstall.log
    26/03/2007  22:55                13 ØÝÃÄ3113›.sys
    25/01/2007  18:50             1 755 QTSBandwidthCache
    26/03/2007  22:57                13 ÝÃÄ›Ò3113›.sys
                   6 fichier(s)            9 216 octets
                  27 Rép(s)  29 449 064 448 octets libres
    
    
     Répertoire de C:\Documents and Settings\BB443B11-7D12-450c-9F85-2D32804655F9
    
    
     Répertoire de C:\Documents and Settings\Default User\Application Data
    
    25/11/2004  05:25    <REP>          .
    25/11/2004  05:25    <REP>          ..
    01/01/2007  21:07    <REP>          Apple Computer
    25/11/2004  05:25    <REP>          Identities
    01/01/2007  21:07    <REP>          Intervideo
    25/11/2004  05:25    <REP>          Microsoft
    01/01/2007  21:07    <REP>          SampleView
    01/01/2007  21:07    <REP>          Symantec
    24/11/2004  00:13                62 desktop.ini
                   1 fichier(s)               62 octets
                   8 Rép(s)  29 449 064 448 octets libres
     Le volume dans le lecteur C s'appelle HP_PAVILION
     Le numéro de série du volume est B8E0-B346
    
     Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data
    
    25/11/2004  05:25    <REP>          .
    25/11/2004  05:25    <REP>          ..
    01/01/2007  21:07    <REP>          {3248F0A6-6813-11D6-A77B-00B0D0150000}
    01/01/2007  21:07    <REP>          Apple Computer
    01/01/2007  21:07    <REP>          ApplicationHistory
    25/11/2004  05:25    <REP>          Microsoft
    01/01/2007  21:07               135 fusioncache.dat
    01/01/2007  21:07         3 237 760 IconCache.db
                   2 fichier(s)        3 237 895 octets
                   6 Rép(s)  29 449 064 448 octets libres
    
    
     Répertoire de C:\Documents and Settings\HP_Propritaire
    
    
    
     Répertoire de C:\Documents and Settings\HP_Propritaire\Local Settings
    
    
    
     Répertoire de C:\Documents and Settings\HP_Propriétaire\Application Data
    
    05/03/2007  13:17    <REP>          .
    05/03/2007  13:17    <REP>          ..
    05/03/2007  13:17    <REP>          SecondLife
                   0 fichier(s)                0 octets
                   3 Rép(s)  29 449 060 352 octets libres
    
    
     Répertoire de C:\Documents and Settings\HP_Propriétaire\Application Data
    
    01/01/2007  21:09    <REP>          .
    01/01/2007  21:09    <REP>          ..
    22/03/2007  22:49    <REP>          ABBYY
    23/02/2007  13:23    <REP>          ACD Systems
    02/01/2007  14:12    <REP>          Adobe
    02/01/2007  14:19    <REP>          AdobeUM
    15/01/2007  12:55    <REP>          Ahead
    01/01/2007  21:09    <REP>          Apple Computer
    07/01/2007  13:06    <REP>          ArcSoft
    26/03/2007  12:08    <REP>          Articulate
    21/03/2007  23:33    <REP>          ATI
    03/03/2007  10:04    <REP>          AVSMedia
    26/03/2007  17:00    <REP>          Blueberry
    02/01/2007  20:29    <REP>          Borland
    07/01/2007  13:07    <REP>          Canon
    02/04/2007  23:38    <REP>          Command & Conquer 3 Les guerres du Tiberium
    28/02/2007  13:47    <REP>          DivX
    29/01/2007  19:57    <REP>          Download Manager
    15/01/2007  10:39    <REP>          EFSoftware
    25/02/2007  11:28    <REP>          Google
    02/01/2007  15:51    <REP>          GRETECH
    07/01/2007  12:51    <REP>          Help
    01/01/2007  21:09    <REP>          Identities
    29/01/2007  21:48    <REP>          IDMComp
    11/01/2007  20:09    <REP>          Inkscape
    12/03/2007  11:33    <REP>          Instant Effects
    01/01/2007  21:09    <REP>          Intervideo
    22/01/2007  10:51    <REP>          Lavasoft
    05/01/2007  20:57    <REP>          Leadertech
    02/01/2007  15:55    <REP>          Logitech
    02/01/2007  01:00    <REP>          Macromedia
    17/02/2007  21:01    <REP>          MahJong Suite
    01/01/2007  21:09    <REP>          Microsoft
    22/01/2007  12:10    <REP>          ModelMakerTools
    01/01/2007  22:19    <REP>          Mozilla
    14/01/2007  11:14    <REP>          NewSoft
    27/02/2007  13:03    <REP>          Nvu
    09/03/2007  16:18    <REP>          Opera
    22/02/2007  13:14    <REP>          pycrust
    22/03/2007  00:00    <REP>          PyScripter
    03/03/2007  09:48    <REP>          Real
    01/01/2007  21:09    <REP>          SampleView
    07/01/2007  13:00    <REP>          ScanSoft
    05/03/2007  13:16    <REP>          SecondLife
    10/02/2007  19:36    <REP>          SecuROM
    22/01/2007  11:13    <REP>          SmartFTP
    23/01/2007  21:48    <REP>          SoarDebugger
    05/01/2007  20:58    <REP>          Sonic
    09/03/2007  12:08    <REP>          Speechi
    24/03/2007  12:01    <REP>          STI
    22/02/2007  16:45    <REP>          Subversion
    03/01/2007  17:34    <REP>          Sun
    15/02/2007  14:34    <REP>          SuperAdBlocker.com
    01/01/2007  21:09    <REP>          Symantec
    02/01/2007  01:09    <REP>          Talkback
    02/01/2007  13:33    <REP>          Thunderbird
    02/01/2007  22:30    <REP>          uTorrent
    15/03/2007  09:53    <REP>          VCOM
    02/01/2007  20:39    <REP>          vlc
    26/03/2007  20:52    <REP>          vmntoolbar
    01/01/2007  21:09                62 desktop.ini
    12/03/2007  15:12            57 858 PyScripter.ini
                   2 fichier(s)           57 920 octets
                  60 Rép(s)  29 449 060 352 octets libres
    
    
     Répertoire de C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data
    
    01/01/2007  21:09    <REP>          .
    01/01/2007  21:09    <REP>          ..
    01/01/2007  21:09    <REP>          {3248F0A6-6813-11D6-A77B-00B0D0150000}
    26/03/2007  17:00    <REP>          {F9228DAD-21AA-4BC3-8B63-E19AA9EEA5F8}
    22/03/2007  22:49    <REP>          ABBYY
    02/01/2007  14:19    <REP>          Adobe
    15/01/2007  12:50    <REP>          Ahead
    01/01/2007  21:09    <REP>          Apple Computer
    01/01/2007  21:09    <REP>          ApplicationHistory
    23/01/2007  22:19    <REP>          ashampoo
    21/03/2007  23:33    <REP>          ATI
    02/01/2007  20:28    <REP>          Borland
    24/02/2007  18:20    <REP>          Gas Powered Games
    18/01/2007  12:42    <REP>          Google
    07/01/2007  12:51    <REP>          Help
    11/02/2007  13:42    <REP>          Identities
    14/02/2007  20:06    <REP>          JollyBear
    12/02/2007  15:51    <REP>          Logitech-LS
    15/03/2007  16:52    <REP>          Macromedia
    01/01/2007  21:09    <REP>          Microsoft
    02/01/2007  20:03    <REP>          Microsoft Help
    02/01/2007  20:54    <REP>          Mindjet
    22/01/2007  12:11    <REP>          ModelMakerTools
    02/01/2007  01:09    <REP>          Mozilla
    06/01/2007  20:07    <REP>          NeuroSolutions
    14/01/2007  11:14    <REP>          NewSoft
    28/03/2007  12:39    <REP>          Paint.NET
    10/03/2007  14:02    <REP>          PCHealth
    22/03/2007  16:34    <REP>          RoboTask
    26/03/2007  16:59    <REP>          Seven Zip
    02/01/2007  13:33    <REP>          Thunderbird
    22/02/2007  17:09    <REP>          TSVNCache
    14/03/2007  17:44    <REP>          Xara
    02/01/2007  11:06           102 400 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    01/01/2007  21:09               138 fusioncache.dat
    02/01/2007  15:41           119 912 GDIPFONTCACHEV1.DAT
    01/01/2007  21:09         4 774 140 IconCache.db
    19/03/2007  19:30             4 096 keyfile3.drm
                   5 fichier(s)        5 000 686 octets
                  33 Rép(s)  29 449 056 256 octets libres
    
    
     Répertoire de C:\Documents and Settings\LocalService\Application Data
    
    02/01/2005  01:11    <REP>          .
    02/01/2005  01:11    <REP>          ..
    25/01/2007  10:52    <REP>          Adobe
    02/01/2005  01:11    <REP>          Microsoft
                   0 fichier(s)                0 octets
                   4 Rép(s)  29 449 056 256 octets libres
    
    
     Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data
    
    02/01/2005  01:11    <REP>          .
    02/01/2005  01:11    <REP>          ..
    18/01/2007  12:27    <REP>          Adobe
    02/01/2005  01:11    <REP>          Microsoft
                   0 fichier(s)                0 octets
                   4 Rép(s)  29 449 056 256 octets libres
    
    
     Répertoire de C:\Documents and Settings\NetworkService\Application Data
    
    02/01/2005  01:11    <REP>          .
    02/01/2005  01:11    <REP>          ..
    02/01/2005  01:11    <REP>          Microsoft
                   0 fichier(s)                0 octets
                   3 Rép(s)  29 449 056 256 octets libres
    
    
     Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data
    
    02/01/2005  01:11    <REP>          .
    02/01/2005  01:11    <REP>          ..
    02/01/2005  01:11    <REP>          Microsoft
                   0 fichier(s)                0 octets
                   3 Rép(s)  29 449 056 256 octets libres
    
    
     Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data
    
    25/11/2004  05:58    <REP>          .
    25/11/2004  05:58    <REP>          ..
    01/01/2007  21:08    <REP>          Apple Computer
    25/11/2004  05:58    <REP>          Identities
    01/01/2007  21:08    <REP>          Intervideo
    25/11/2004  05:58    <REP>          Microsoft
    01/01/2007  21:08    <REP>          SampleView
    01/01/2007  21:08    <REP>          Symantec
    24/11/2004  00:13                62 desktop.ini
                   1 fichier(s)               62 octets
                   8 Rép(s)  29 449 056 256 octets libres
    
    
     Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data
    
    25/11/2004  05:58    <REP>          .
    25/11/2004  05:58    <REP>          ..
    01/01/2007  21:08    <REP>          {3248F0A6-6813-11D6-A77B-00B0D0150000}
    01/01/2007  21:08    <REP>          Apple Computer
    01/01/2007  21:08    <REP>          ApplicationHistory
    25/11/2004  05:58    <REP>          Microsoft
    01/01/2007  21:08               135 fusioncache.dat
    01/01/2007  21:08         3 237 760 IconCache.db
                   2 fichier(s)        3 237 895 octets
                   6 Rép(s)  29 449 052 160 octets libres
    
    ******************************************
    Recherche des taches planifiées dans C:\WINDOWS\tasks
    
    
    C:\WINDOWS\Tasks\ABA989A091DA3DB8.job 
     H‹üáO*AH…Ì“—µì»F ì     < 
          s       "ˆ!×   
             8 c : \ d o c u m e ~ 1 \ h p _ p r o ~ 1 \ a p p l i c ~ 1 \ m p 3 s t u ~ 1 \ M a i l t h a t o w n s . e x e        H P _ P r o p r i é t a i r e         €     0   Ì               <                     
    
    C:\WINDOWS\Tasks\At1.job 
     â,Çt…À@šŽ®p«)KF ä     < 
          s      ¨!                  ! C : \ W I N D O W S \ s y s t e m 3 2 \ w u n a u c l t . e x e        S Y S T E M    C r é é   p a r   N e t S c h e d u l e J o b A d d .       €     0   ×                             ÿ        b÷<T„g+J¥‚˜6™Ç²>¥åÍ@£?5ï1b57tW€ÙUƒ—WjÊþµmƒA`]жgs2ä¹Çýqø-`Ÿ
    
    C:\WINDOWS\Tasks\At2.job 
          s      ¨!                  ! C : \ W I N D O W S \ s y s t e m 3 2 \ w u n a u c l t . e x e        S Y S T E M    C r é é   p a r   N e t S c h e d u l e J o b A d d .       €     0   ×                             ÿ        ¨¹\8¡f”.@qjÁ–Ô•Òéã(dÌÁ¯z_”÷Ûµß"FµXP‡Eéë¦gïÖ4¨""âNÜéÞ®_±¼ˆêÖ
    
    C:\WINDOWS\Tasks\At3.job 
     šùö(›PlCƒ¹·Á$èæF ä     < 
          s      ¨!                  ! C : \ W I N D O W S \ s y s t e m 3 2 \ w u n a u c l t . e x e        S Y S T E M    C r é é   p a r   N e t S c h e d u l e J o b A d d .       €     0   ×        
                         ÿ        ƒæ¶DciVÁD ¤Q3Ê£¢ÌÂLÞœÄ îÊêúÈ)Rtø¯8M*°–æ|ƒ‡¿Ðy>XqSåWÖˆYè¦
    
    C:\WINDOWS\Tasks\Connexion 
    Connexion inexploitable 
    
    
    C:\WINDOWS\Tasks\Donnees_MMAO_22032007154426.job 
     µTÉÚ¢qOI²ãfMÿ-âF     < 
          s      ˆ!                  A C : \ P r o g r a m   F i l e s \ A u t o m a t i o n   A n y w h e r e   3 . 5 \ A u t o m a t i o n   A n y w h e r e . e x e   ~ C : \ D o c u m e n t s   a n d   S e t t i n g s \ H P _ P r o p r i é t a i r e \ M e s   d o c u m e n t s \ A u t o m a t i o n   A n y w h e r e \ A u t o m a t i o n   A n y w h e r e \ M y   T a s k s \ D o n n e e s _ M M A O . a t m n   / u      A u t o m a t i o n   A n y w h e r e        /€     0   ×                                    
    
    C:\WINDOWS\Tasks\PROJET 
    PROJET inexploitable 
    
    ******************************************
    ## Répertoires de C:\Program Files
    
     Le volume dans le lecteur C s'appelle HP_PAVILION
     Le numéro de série du volume est B8E0-B346
    
     Répertoire de C:\Program Files
    
    03/04/2007  00:35    <REP>          .
    03/04/2007  00:35    <REP>          ..
    22/03/2007  22:49    <REP>          ABBYY FineReader 8.0 Professional Edition
    12/03/2007  13:23    <REP>          ABC Amber CHM Converter
    28/02/2007  13:45    <REP>          AC3Filter
    23/02/2007  13:23    <REP>          ACD Systems
    08/03/2007  16:27    <REP>          Active Image Processing
    11/02/2007  15:58    <REP>          Active WebCam
    11/03/2007  19:59    <REP>          Adobe
    12/02/2007  13:08    <REP>          Altova
    02/01/2007  11:42    <REP>          Alwil Software
    26/03/2007  11:53    <REP>          Articulate
    21/03/2007  23:27    <REP>          ATI Technologies
    30/03/2007  09:17    <REP>          Automation Anywhere 3.5
    28/02/2007  13:22    <REP>          AviSynth 2.5
    03/03/2007  10:04    <REP>          AVSMedia
    10/03/2007  21:34    <REP>          BestPractice
    13/02/2007  12:38    <REP>          BitDownload
    26/03/2007  17:00    <REP>          Blueberry Software
    15/02/2007  10:36    <REP>          Borland
    14/01/2007  11:55    <REP>          Canon
    02/01/2007  11:46    <REP>          CCleaner
    01/02/2007  00:05    <REP>          CDBurnerXP Pro 3
    25/01/2007  18:38    <REP>          CDCheck
    18/03/2007  16:37    <REP>          CENEGA
    26/03/2007  22:56    <REP>          CoffeeCup Software
    24/11/2004  03:37    <REP>          ComPlus Applications
    02/04/2007  23:33    <REP>          DAEMON Tools
    11/03/2007  21:48    <REP>          DaemonTools_WhenUSave_Installer
    22/03/2007  14:13    <REP>          David Elfassy Software
    26/03/2007  20:27    <REP>          DebugMode
    15/02/2007  11:17    <REP>          Delphi7SE
    15/02/2007  11:47    <REP>          Developer Express Inc
    24/01/2007  10:04    <REP>          Disk Checker
    28/02/2007  13:43    <REP>          DivX
    13/02/2007  17:24    <REP>          EAGLE-4.16r2
    22/03/2007  16:27    <REP>          EctSoft
    21/02/2007  10:46    <REP>          EDImageCtrl
    15/01/2007  10:39    <REP>          EFCM
    02/04/2007  23:10    <REP>          Electronic Arts
    12/03/2007  10:58    <REP>          e-on software
    03/03/2007  13:45    <REP>          eRightSoft
    24/03/2007  14:56    <REP>          F-CRC
    26/03/2007  17:00    <REP>          Fichiers communs
    20/03/2007  11:36    <REP>          GameShadow
    15/02/2007  13:06    <REP>          GetSingTel
    13/03/2007  19:57    <REP>          glyFX Image Library
    12/03/2007  13:25    <REP>          Google
    02/01/2007  11:44    <REP>          GRETECH
    29/03/2007  11:50    <REP>          Grisoft
    02/01/2007  15:55    <REP>          Guitar Pro 5
    02/03/2007  20:29    <REP>          Haali
    26/03/2007  12:49    <REP>          Hewlett-Packard
    02/01/2007  01:12    <REP>          HP
    19/01/2007  13:13    <REP>          hp deskjet 5550 series
    02/01/2005  01:53    <REP>          HPQ
    29/01/2007  21:48    <REP>          IDM Computer Solutions
    28/02/2007  13:45    <REP>          illiminable
    07/03/2007  14:42    <REP>          Image Viewer CP Pro ActiveX Control
    12/03/2007  14:28    <REP>          Instant Effects
    26/03/2007  12:02    <REP>          Internet Explorer
    02/01/2005  02:17    <REP>          InterVideo
    17/03/2007  23:41    <REP>          Investintech.com Inc
    19/02/2007  23:03    <REP>          Java
    27/01/2007  18:38    <REP>          JoWooD
    02/01/2007  11:30    <REP>          KeePass Password Safe
    22/02/2007  12:47    <REP>          kicad
    26/03/2007  12:47    <REP>          Lavasoft
    04/03/2007  19:38    <REP>          LinkStash
    11/02/2007  16:03    <REP>          Logitech
    17/01/2007  11:17    <REP>          LSoft Technologies
    15/03/2007  16:50    <REP>          Macromedia
    02/01/2005  01:46    <REP>          Macrovision Corp
    25/01/2007  19:41    <REP>          MagicDisc
    15/01/2007  12:08    <REP>          MagicISO
    17/02/2007  21:03    <REP>          MahJong Suite
    02/01/2005  01:23    <REP>          Messenger
    25/11/2004  05:27    <REP>          microsoft frontpage
    27/01/2007  16:36    <REP>          Microsoft Games
    26/03/2007  12:52    <REP>          Microsoft Office
    02/01/2007  20:02    <REP>          Microsoft Visual Studio .NET 2003
    03/01/2007  10:46    <REP>          Microsoft Works
    03/01/2007  10:46    <REP>          Microsoft.NET
    21/02/2007  10:41    <REP>          MindFusion Limited
    02/01/2007  15:59    <REP>          Mindjet
    28/02/2007  13:23    <REP>          MKVtoolnix
    13/02/2007  11:44    <REP>          ModelMaker Code Explorer
    18/02/2007  20:46    <REP>          ModelMakerTools
    25/11/2004  05:27    <REP>          Movie Maker
    03/04/2007  10:16    <REP>          Mozilla Firefox
    03/04/2007  17:59    <REP>          Mozilla Thunderbird
    13/02/2007  12:35    <REP>          MP3 STUPID
    02/01/2007  11:45    <REP>          mp3DirectCut
    25/11/2004  05:27    <REP>          MSN
    25/11/2004  05:27    <REP>          MSN Gaming Zone
    02/01/2007  23:21    <REP>          MSXML 4.0
    11/02/2007  11:33    <REP>          National Guard
    15/01/2007  12:44    <REP>          Nero
    02/01/2007  04:46    <REP>          NetMeeting
    06/01/2007  21:00    <REP>          NeuroSolutions 5
    27/02/2007  13:02    <REP>          Nvu
    14/02/2007  20:08    <REP>          Oberon Media
    03/03/2007  09:48    <REP>          On2 Technologies
    05/03/2007  11:22    <REP>          OpenTTD
    28/03/2007  15:23    <REP>          Optimal Solution
    02/01/2007  04:46    <REP>          Outlook Express
    30/03/2007  12:48    <REP>          Paint.NET
    26/03/2007  09:01    <REP>          Pariah
    02/01/2005  01:55    <REP>          PC-Doctor for Windows
    15/02/2007  21:58    <REP>          Picasa2
    20/03/2007  11:35    <REP>          Plone 2
    07/01/2007  18:43    <REP>          PowerTracks DirectX Plugins
    26/03/2007  11:37    <REP>          Presentersoft PowerVideoMaker
    24/02/2007  13:41    <REP>          Prey Demo
    23/02/2007  19:20    <REP>          Project KickStart 4
    03/01/2007  12:39    <REP>          PTDD Group
    15/02/2007  17:19    <REP>          PV
    17/03/2007  23:40    <REP>          PyQt4
    12/03/2007  15:13    <REP>          PyScripter
    14/02/2007  19:16    <REP>          PythonForDelphi
    13/02/2007  11:55    <REP>          QMMEOpen
    25/01/2007  18:48    <REP>          QuickTime
    05/01/2007  20:45    <REP>          Quintessential Media Player
    05/01/2007  20:47    <REP>          Quintessential Player
    25/01/2007  20:24    <REP>          Raxco
    15/02/2007  13:11    <REP>          RBuilder
    03/03/2007  09:48    <REP>          Real Alternative
    21/03/2007  23:25    <REP>          Realtek
    16/02/2007  19:29    <REP>          RealVNC
    28/02/2007  13:22    <REP>          RIAM Video Enhancer
    28/02/2007  13:40    <REP>          Ripp-It Codec Pack
    28/02/2007  13:40    <REP>          Ripp-it_AM
    20/02/2007  11:54    <REP>          RiverSoftAVG
    22/03/2007  16:34    <REP>          RoboTask
    31/01/2007  13:53    <REP>          Roni Music
    16/01/2007  13:29    <REP>          Runtime Software
    23/01/2007  11:42    <REP>          SeaTools Enterprise
    02/01/2005  01:58    <REP>          Services en ligne
    10/02/2007  20:17    <REP>          Sierra
    26/03/2007  11:18    <REP>          SlySoft
    31/01/2007  13:37    <REP>          Smart Projects
    22/01/2007  11:12    <REP>          SmartFTP Client 2.0
    22/01/2007  11:12    <REP>          SmartFTP Client 2.0 Setup Files
    16/01/2007  09:54    <REP>          Soar
    02/01/2005  01:44    <REP>          Sonic
    13/02/2007  19:04    <REP>          Source Code Library
    28/03/2007  15:24    <REP>          StatPackage
    24/03/2007  12:04    <REP>          STI
    27/02/2007  11:50    <REP>          SuperAdBlocker.com
    02/01/2007  11:42    <REP>          SuperCopier2
    27/08/2006  17:19            56 239 svchosts.tbe
    26/03/2007  16:29    <REP>          SWiSHmax
    02/01/2007  10:58    <REP>          Symantec
    11/01/2007  19:24    <REP>          Tacmi
    18/03/2007  16:33    <REP>          Techland
    23/02/2007  17:07    <REP>          TortoiseSVN
    02/01/2007  15:59    <REP>          Tracker Software
    17/03/2007  17:07    <REP>          TrackMania Nations ESWC
    30/03/2007  21:59    <REP>          TrackMania Sunrise Extreme Demo
    28/01/2007  19:15    <REP>          Transport Tycoon Deluxe
    03/03/2007  16:13    <REP>          Turtle Games
    02/04/2007  00:19    <REP>          Ubisoft
    03/01/2007  14:39    <REP>          UltraISO
    24/11/2004  03:37    <REP>          Uninstall Information
    02/01/2007  22:30    <REP>          uTorrent
    15/01/2007  19:28    <REP>          Valve
    07/03/2007  13:20    <REP>          VB Image Map Control
    02/01/2007  11:29    <REP>          VideoLAN
    26/03/2007  21:17    <REP>          Visicom Media
    30/03/2007  21:33    <REP>          vmntoolbar
    22/01/2007  11:36    <REP>          VP Suite 2.0
    12/02/2007  16:27    <REP>          VP Suite 2.3
    28/01/2007  15:28    <REP>          VVSN
    23/02/2007  22:57    <REP>          Warcraft III
    23/02/2007  19:48    <REP>          Wattle Software
    15/03/2007  10:06    <REP>          website
    15/03/2007  15:54    <REP>          WebSite X5
    31/01/2007  14:00    <REP>          WhereIsIt
    02/02/2007  11:01    <REP>          Win&Soft
    25/03/2007  13:30    <REP>          Winamp
    02/01/2007  04:46    <REP>          Windows Media Player
    02/01/2007  04:46    <REP>          Windows NT
    19/03/2007  13:31    <REP>          WinRAR
    26/03/2007  11:29    <REP>          Wondershare
    28/03/2007  01:14    <REP>          Worldweaver
    22/02/2007  13:03    <REP>          wxPython2.8 Docs and Demos
    03/03/2007  09:49    <REP>          x264
    26/03/2007  13:01    <REP>          Xara
    25/11/2004  05:28    <REP>          xerox
    28/02/2007  13:44    <REP>          Xvid
                   1 fichier(s)           56 239 octets
                 189 Rép(s)  29 449 039 872 octets libres
    
     ******************************************
    ## Popups autorisées
    
    * Internet Explorer
    
    ! REG.EXE VERSION 3.0
    
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
        *.cce.hp.com	REG_BINARY	
        dns-look-up.com	REG_SZ	
        www.dns-look-up.com	REG_SZ	
        netsearchsoft.com	REG_SZ	
        www.netsearchsoft.com	REG_SZ	
    
    * Mozilla Firefox (1 autorisé  2 interdit)
    
    ---------- C:\DOCUMENTS AND SETTINGS\HP_PROPRITAIRE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3A715E6M.DEFAULT\HOSTPERM.1
    host	popup	1	www.delfiweb.com
    host	popup	1	telechargement.journaldunet.com
    host	popup	1	scheme:file
    host	popup	1	admin.1and1.fr
    host	popup	1	www.francehelices.fr
    host	popup	1	www.borland.com
    host	popup	1	www.mandrake10.com
    host	popup	1	www.jeuxvideopc.com
    host	popup	1	www.infos-du-net.com
    host	popup	1	www.metacrawl.ws
    host	popup	1	www.howardjones.com
    host	popup	1	www.aps230.com
    host	popup	1	www.weberiadesign.it
    host	popup	1	www.chauvin-arnoux.com
    host	popup	1	www.developpez.net
    host	popup	1	www.coloriez.com
    host	popup	1	192.168.0.1
    host	popup	1	www.pandora.com
    
    ******************************************
    ## Registre
    
    * [HKEY_CURRENT_USER\\Software\Microsoft\Internet Explorer\Main]
        Search Bar	REG_SZ	http://www.google.com/toolbar/ie8/sidebar.html
    
    ******************************************
    ## Zones de sécurité
    
    * HKCU Domains (4)
    
    * P3P History (5)
    
    ******************************************
    ## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"
    
    
    *************** Fin du rapport ****************
    


    Et un autre Genproc donne :

    Rapport GenProc 0.37 effectué le 03/04/2007 à 18:07:33,20 - SystemRoot = C:\WINDOWS 
    
    # Etape 1/ Télécharge :  
      
    - Navipromo.zip http://www.alt-shift-return.org/Info/Fichiers/Navipromo073.zip et décompresse-le sur ton bureau
    
    - Brute Force Uninstaller http://www.merijn.org/files/bfu.zip et décompresse-le dans un dossier propre à lui (C:\BFU)
    * Fais un clic droit de souris sur ce lien : http://metallica.geekstogo.com/EGDACCESS.bfu
    et choisis "Enregistrer sous" (dans IE c'est "Enregistrer le lien sous..")
    afin de télécharger EGDACCESS.bfu, Type "Tous les fichiers". Sauvegarde dans le dossier créé (C:\BFU). 
     
     
    ***** Copie ce qui suit dans un fichier texte et redémarre en mode sans échec comme indiqué ici https://docs.microsoft.com/en-us/?mfr=true (choisis ta session courante "HP_Propri‚taire") ***** 
     
     
    # Etape 2/ 
     
    * lance le fichier Navipromo.bat qui se trouve dans le dossier Navipromo, sur ton bureau.
    
    * Sélectionne l'option "Recherche et suppression automatique" en appuyant sur la touche R et en validant par entrée. Patiente.
    S'il trouve l'adware Navipromo, tu verras défiler des lignes dans la fenêtre de commande et au bout de quelques instants, il faudra que tu appuies sur une touche pour que le nettoyage soit lancé. Lorsqu'il a terminé, ferme le rapport qui s'est ouvert
    
    * Relance l'outil, Sélectionne l'option "Suppression Heuristique" en appuyant sur la touche H et en validant par entrée ; patiente quelques minutes. Lorsqu'il a terminé, ferme le rapport qui s'est ouvert
    
    * Démarre le "Brute Force Uninstaller" en double-cliquant sur BFU.exe.
    Clique sur le petit dossier jaune, à la droite de la boîte "Scriptline to execute", et double-clique sur : EGDACCESS.bfu
    - Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\EGDACCESS.bfu
    Clique sur "Execute" et laisse-le faire son travail.
    Attendre que "Complete script execution" apparaîsse et clique sur OK. Clique exit pour fermer le programme BFU.
    Recommence encore une fois.
    
    * Démarrer -> panneau de configuration -> options internet
    Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" :
    
    electronic-group - egroup - Montorgueil - VIP - "Sunny Day Design Ltd"
    
    => Supprime-les tous 
     
    # Etape 3/ 
     
    Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout. 
     
    # Etape 4/ 
    
    Redémarre normalement et poste : 
    - Un nouveau rapport HijackThis, toutes fenêtres et applications fermées si tu ne l'as pas tu trouveras HijackThis ici http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis_v2.exe ; 
    - Le contenu du fichier Navipromo.txt qui se trouve dans Poste de travail  C:\ ; 
    
    
    Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
    
    
    0
  11. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    fais la manip avec le BFU et navipromo pendant que je te prépare l'autre
    0
    1. maya
       
      Bonsoir je viens d avoir drivecleaner et n' étant pas trés doué questions ordi j' aurais aimé un peu d aide pr pouvoir l'enlever.Merci
      0
      1. papyber Messages postés 6430 Statut Contributeur sécurité 257 > maya
         
        maya crée ton propre topic car sinon on risque de s'enmêler
        0
  12. dlewin
     
    Logfile of HijackThis v1.99.1
    Scan saved at 18:41:56, on 03/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\LinkStash\lsmon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Automation Anywhere 3.5\Automation Anywhere Service.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Automation Anywhere 3.5\AAService.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\LinkStash\lnkstash.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Documents and Settings\HP_Propriétaire\Bureau\outils_nettoyage\HijackThis.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\www.tootella.org
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www8.hp.com/fr/fr/home.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www8.hp.com/fr/fr/home.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [LinkStashMonitor] "C:\Program Files\LinkStash\lsmon.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {E3866A1E-48C9-4381-A9E8-82AC3BDDA921} (FlowChartX Control 3.0) - http://www.mind-fusion.com/fcx_std_30x_trial.CAB
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automation Anywhere Service - Unknown owner - C:\Program Files\Automation Anywhere 3.5\Automation Anywhere Service.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: InstallShield Licensing Service - Macrovision                                                     - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
    
    


    et puis navipromo donne :

    Rapport Navipromo.bat 0.73 effectué le 03/04/2007 à 18:30:27,03
    C:\Documents and Settings\HP_Propri‚taire\Bureau\outils_nettoyage
    L'opération se déroule en mode sans échec sous le compte "HP_Propri‚taire" 
    
    ** Recherche...
    
    1/ oxhgpxfhqy trouvé, recherche de oxhgpxfhqy* 
    C:\WINDOWS\system32\oxhgpxfhqy.dat
    C:\WINDOWS\system32\oxhgpxfhqy.exe
    C:\WINDOWS\system32\oxhgpxfhqy_nav.dat
    C:\WINDOWS\system32\oxhgpxfhqy_navps.dat
    C:\WINDOWS\prefetch\OXHGPXFHQY.EXE-2107A8C5.pf
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        oxhgpxfhqy	REG_SZ	c:\windows\system32\oxhgpxfhqy.exe oxhgpxfhqy
    
    ------------------
    Fin du rapport de recherche
    Adware Navipromo trouvé 1 fois avec cette méthode 
    
    ################################################
    
    ** Nettoyage...
    
    1/ Déplacement de oxhgpxfhqy* vers C:\Navipromo\Backups...
    C:\WINDOWS\System32\oxhgpxfhqy* déplacé avec succès !
    C:\WINDOWS\prefetch\oxhgpxfhqy* déplacé avec succès
    
     ------------------
    * Suppression clés et valeurs de registre 
    1 entrées de registre netttoyées 
     
    
    * Backups :
    
    C:\Navipromo\Backups\ARPCache.reg
    C:\Navipromo\Backups\HKCURun.reg
    C:\Navipromo\Backups\HKLMRun.reg
    C:\Navipromo\Backups\oxhgpxfhqy.dat
    C:\Navipromo\Backups\oxhgpxfhqy.exe
    C:\Navipromo\Backups\OXHGPXFHQY.EXE-2107A8C5.pf
    C:\Navipromo\Backups\oxhgpxfhqy_nav.dat
    C:\Navipromo\Backups\oxhgpxfhqy_navps.dat
    C:\Navipromo\Backups\pack.epk
    C:\Navipromo\Backups\Uninstall.reg
    
    Ajout d'extension .off aux backups
    
    ## Fin du rapport de Suppression
     
    -------------
    
    Rapport Navipromo.bat 0.73 effectué le 03/04/2007 à 18:31:26,45
    L'opération se déroule en mode sans échec sous le compte "HP_Propri‚taire" 
    
    ## Suppression Heuristique 
    
    * Backups :
    
    
    Aucun résultat par la recherche heuristique  
     
    
    ## Fin du rapport Heuristique
    
    


    alors les difficultés : aucune, on suit ce qui est dit et c'est tout. J'ai donc pu tout faire et même suivre (car ça m'interesse je voudrais savoir d'ou ça vient) le processus (l'excellent processexplorer de sysinternals, même si microsoft les à rachetés, n'a rien donné).

    ET résultat ...... j'ai ouvert quelques liens, la bestiole semble avoir été chassée du grenier.
    0
  13. dlewin
     
    je confirme :
    apres avoir cliqué sur plusieurs liens, en provoquant la "bête" sur des sites à publicité: rien .

    Bravo, franchement je suis épaté. Je suis développeur et là j'avoue que je n'aurai pas trouvé ça (je crois que c'est oxhgpxfh.exe, dat et cie qui est en cause)
    Merci

    PS : l'ennui c'est que je suis protégé par avast, CCleaner, Ad aware en permanence et que cela n'a pas suffit
    0
  14. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    Note comment démarrer en mode sans échec
    https://docs.microsoft.com/en-us/?mfr=true

    Tu vas t'en servir sans accès à internet.

    1/ Télécharge : - CCleaner
    https://www.pcastuces.com/logitheque/ccleaner.htm
    ("Download Latest Version", sur la droite).
    Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.

    2* Crée un nouveau document texte :
    clic droit de souris sur le bureau, "Nouveau"> "Document Texte".
    Ouvre-le et copie-colle dedans de ce qui est en italique ci-dessous, (copie tout d'un trait) :

    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow]
    "netsearchsoft.com"=-
    "www.netsearchsoft.com"=-
    "dns-look-up.com"=-
    "www.dns-look-up.com"=-


    Puis "fichier"/"enregistrer sous" :
    dans : sur le bureau
    Nom du fichier : reglop.reg
    Type de fichier : "tous les fichiers"
    clique sur "enregistrer"

    *****Copie ce qui suit dans un fichier texte et redémarre en mode sans échec (choisis ta session habituelle, pas le compte "Administrateur" ou autre)*****

    désinstalle via "Ajout/Suppression de programmes", si tu trouves :
    (si l'un de ces programmes ne figure pas dans la liste ajout/suppression de programmes, recherche un fichier "uninstall..." dans un répertoire du même nom, dans C:\Program Files et exécute-le)
    BitDownload
    MP3 STUPID

    4/ Assure toi d'avoir accès aux dossiers/fichiers cachés :
    Ouvrir un dossier, n'importe lequel. Aller dans :
    Outils/Options des dossiers/Affichage et
    - cocher "afficher les dossiers et fichiers cachés",
    - décocher "masquer les extensions des fichiers dont le type est connu".
    - décocher masquer les fichiers protégés du système d'exploitation (recommandé)"
    "appliquer" et "ok"

    recherche et supprime ces dossiers ou fichiers en gras, si tu les trouves :
    C:\Documents and Settings\All Users\Application Data\time 64 meow okay
    C:\Program Files\ BitDownload
    C:\Program Files\MP3 STUPID

    recache tes dossiers et fichiers en effectuant la manoeuvre inverse

    5/ démarrer/exécuter, tape cmd et valide par entrée. Colle la ligne suivante dans la fenêtre noire qui s'ouvre :
    del /a C:\WINDOWS\Tasks\ABA989A091DA3DB8.job

    valide par entrée, puis ferme la fenêtre de commande.

    6/ double clique sur reglop.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
    Si c'est bien le cas, clique sur "oui"

    7/ Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

    *Redémarre normalement et poste un nouveau rapport HijackThis, toutes fenêtres et applications fermées. Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
    0
  15. dlewin
     
    que veux tu dire , il semble que cela ait disparu.
    Y a t il besoin de continuer avec ccleaner (que j'avais déjà)
    0
  16. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    tout n'est pas parti
    ceci est le nettoyage d'une 2ème infection de ton PC
    la 1ère soignée par navipromo
    la 2 ème "lop.com" soignée par cette manip, si tu ne la fait pas tu vas très vite revoir des pages de pub indésirables...

    ensuite tu feras ceci
    fais un scan en ligne sur l’un de ces sites
    http://pandasoftware.fr
    https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    http://www.bitdefender.fr/scan8/ie.html
    avec internet explorer et en acceptant l'activex

    poste le rapport ainsi qu'un nouveau hijack this
    0
  17. david
     
    alors tout est ok sauf que

    - je n'avais pas mp3stupid
    - il faut obligatoirement avoir IE pour lancer les scan en ligne
    - Avast les bloque

    - l'analyse Panda donne des choses !!! :

    
    Incident                                                                        Statut                        Analyse                                                                                                                                                                                                                                                         
    
    Adware:Adware/NaviPromo                                                         No Désinfecté                 C:\!KillBox\( 4)                                                                                                                                                                                                                                                
    Spyware:Cookie/RealMedia                                                        No Désinfecté                 C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\3a715e6m.default\cookies.txt[.247realmedia.com/]                                                                                                                            
    Spyware:Cookie/Xiti                                                             No Désinfecté                 C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\3a715e6m.default\cookies.txt[.xiti.com/]                                                                                                                                    
    Spyware:Cookie/adstat                                                           No Désinfecté                 C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\3a715e6m.default\cookies.txt[.ad.stat.4u.pl/]                                                                                                                               
    Spyware:Cookie/SpyLog                                                           No Désinfecté                 C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\3a715e6m.default\cookies.txt[.spylog.com/]                                                                                                                                  
    Spyware:Cookie/2o7                                                              No Désinfecté                 C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\3a715e6m.default\cookies.txt[.2o7.net/]                                                                                                                                     
    Virus:Trj/Alanchum.OH                                                           Désinfecté                    C:\Documents and Settings\HP_Propriétaire\Application Data\Thunderbird\Profiles\uiivdh7a.default\Mail\Local Folders\Inbox[Read More.exe]                                                                                                                        
    Virus:Trj/Alanchum.OL                                                           Désinfecté                    C:\Documents and Settings\HP_Propriétaire\Application Data\Thunderbird\Profiles\uiivdh7a.default\Mail\Local Folders\Inbox[greeting postcard.exe]                                                                                                                
    Virus:Trj/Alanchum.OH                                                           Désinfecté                    C:\Documents and Settings\HP_Propriétaire\Application Data\Thunderbird\Profiles\uiivdh7a.default\Mail\Local Folders\SPAMS[Read More.exe]                                                                                                                        
    Virus:Trj/Alanchum.OL                                                           Désinfecté                    C:\Documents and Settings\HP_Propriétaire\Application Data\Thunderbird\Profiles\uiivdh7a.default\Mail\Local Folders\SPAMS[greeting postcard.exe]                                                                                                                
    Outil indésirable:Application/KillApp.B                                         No Désinfecté                 C:\hp\bin\KillIt.exe                                                                                                                                                                                                                                            
    Adware:Adware/NaviPromo                                                         No Désinfecté                 C:\Navipromo\Backups\oxhgpxfhqy.exe.off                                                                                                                                                                                                                         
    Outil indésirable:Application/Processor                                         No Désinfecté                 C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe                                                                                                                                                                                                       
    
    
    
    0
  18. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    normal ce sont des cookies et les outils que nous avons employé, je n'avais pas pensé de te dire de les supprimer avant le scan en ligne
    reposte moi un hijack this pour contrôle final
    as tu encore des soucis?
    0
  19. david
     
    Voici le rapport

    Logfile of HijackThis v1.99.1
    Scan saved at 14:47:28, on 04/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\LinkStash\lsmon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\PROGRA~1\xStarter\xstarter.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Automation Anywhere 3.5\Automation Anywhere Service.exe
    C:\Program Files\Automation Anywhere 3.5\AAService.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\PROGRA~1\xStarter\xStartUI.exe
    C:\PROGRA~1\xStarter\xPopups.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\LinkStash\lnkstash.exe
    C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
    C:\Documents and Settings\HP_Propriétaire\Bureau\outils_nettoyage\HijackThis.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\www.tootella.org
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www8.hp.com/fr/fr/home.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www8.hp.com/fr/fr/home.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [LinkStashMonitor] "C:\Program Files\LinkStash\lsmon.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [xStarter] C:\PROGRA~1\xStarter\xstarter.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {E3866A1E-48C9-4381-A9E8-82AC3BDDA921} (FlowChartX Control 3.0) - http://www.mind-fusion.com/fcx_std_30x_trial.CAB
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automation Anywhere Service - Unknown owner - C:\Program Files\Automation Anywhere 3.5\Automation Anywhere Service.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: InstallShield Licensing Service - Macrovision                                                     - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
    
    


    Et non depuis hier plus de nouvelles de l'indésirable. Bravo en core pour le sérieux, et... même le professionalisme, oui ça fait bizarre d'employer un tel mot ici, mais je reste épaté.
    0
  20. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    1/lance hijack pour un scan et coche ces lignes

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {E3866A1E-48C9-4381-A9E8-82AC3BDDA921} (FlowChartX Control 3.0) - http://www.mind-fusion.com/fcx_std_30x_trial.CAB

    ferme toutes tes fenêtres y compris internet et clic sur fixer l'objet

    2/ceci c'est ce que trouve le scan en ligne

    Virus:Trj/Alanchum.OH                                                           Désinfecté                    C:\Documents and Settings\HP_Propriétaire\Application Data\Thunderbird\Profiles\uiivdh7a.default\Mail\Local Folders\Inbox[Read More.exe]                                                                                                                        
    Virus:Trj/Alanchum.OL                                                           Désinfecté                    C:\Documents and Settings\HP_Propriétaire\Application Data\Thunderbird\Profiles\uiivdh7a.default\Mail\Local Folders\Inbox[greeting postcard.exe]                                                                                                                
    Virus:Trj/Alanchum.OH                                                           Désinfecté                    C:\Documents and Settings\HP_Propriétaire\Application Data\Thunderbird\Profiles\uiivdh7a.default\Mail\Local Folders\SPAMS[Read More.exe]                                                                                                                        
    Virus:Trj/Alanchum.OL                                                           Désinfecté                    C:\Documents and Settings\HP_Propriétaire\Application Data\Thunderbird\Profiles\uiivdh7a.default\Mail\Local Folders\SPAMS[greeting postcard.exe]    


    recherche en suivant le chemin les fichiers en gras et supprime les s'ils sont encore là

    3/supprime aussi si tu trouves

    C:\hp\bin\KillIt.exe
    C:\Navipromo
    C:\Program Files\Mozilla Firefox\SmitfraudFix

    ainsi que tous les outils que nous avons utilisé comme GenProc ou alibagla qui ne te serviront plus car remis sans cesse à jour

    4/désactive ta restauration
    clique droit sur poste de travail/propriétés/coche la case désactiver la restauration, appliquer
    redémarre ton PC
    démarrer/tous les programmes/ outils système/ restauration du système/ créer un point de restauration

    5/conserve ccleaner et effectue le nettoyage tous les jours avant de couper le PC

    6/installe ce logiciel très utile et scanne ton PC avec une fois par semaine au moins...
    AVG Antispyware
    https://www.avg.com/en-ww/free-antivirus-download

    mode d'utilisation :
    Lance AVG Anti-Spyware, mets le à jour,
    Clique sur le bouton « Analyse »
    Puis « Comment réagir », clique sur Actions recommandées. Sélectionne Quarantaine.
    Retour à l'onglet Analyse.
    Clique sur Analyse complète du système.
    A la fin du scan, choisis " Appliquer toutes les actions "
    Clique sur "Enregistrer le rapport". Le fichier texte se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
    ne laisse pas le résident car à la fin de la période d'essai, tu ne pourras plus t'en servir mais tu pourras toujours faire les mises à jour avant de scanner

    tu peux le coupler avec celui-ci
    spybot search and destroy
    https://www.safer-networking.org/?page=download

    7/défragmente

    8/pense à bien te protéger
    j'ai découvert ce lien qui est plutôt pas mal à ce sujet
    https://forum.pcastuces.com/default.asp

    indique ton sujet comme résolu
    et bon surf
    0
  21. david
     
    juste une dernière chose : il semble qu'un dll ait été
    "déchue" puisqu'elle n'accède plus aux ressources de la même maniere, j'ai eut le message suivant apres un scan de AVG anti rootkit +antivirus:

    "user32.dll à été repositionnée car HHCTRL.OCX tentait d'accéder à une zone mémoire NT."
    


    Question subsidiaire : SI je veux suivre tes conseils, comment fait on pour automatiser un scan AVast, rootkit, spybot, AVG etc .. ? les robots d'automatisations ont besoins des parametres des lignes de commandes et leurs aides ne les fournissent pas .
    HMM un petit script Python si je les avait....
    0