Bonjour, moi aussi, je serais infecté par çe virus, puis je suivre la méthode precedemment cité ou y a t'il un cas particulier pour chaque remède? je joints un rapport ELIBAGLA , et à l'avance je vous remercie pour votre aide. Cordialement Wed Nov 12 14:02:31 2008 EliBagle v11.95 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Noviembre del 2008) ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado. C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. Restaurada Clave: "SafeBoot\Minimal y Network" Reinicie para Completar la Limpieza. Wed Nov 12 14:03:13 2008 EliBagle v11.95 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Noviembre del 2008) ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ C:\Program Files\Fichiers communs\Adobe\Updater5\ADOBEUPDATER.EXE --> Eliminado Bagle.dldr Nº Total de Directorios: 15854 Nº Total de Ficheros: 198993 Nº de Ficheros Analizados: 19471 Nº de Ficheros Infectados: 1 Nº de Ficheros Limpiados: 1

comme antony n est peut etre pas la.on peu pour l instant continuer. 1)desinstalle elibagla. 2)Réouvre FindyKill , choisi cette fois ci l option 2 (Suppression) /!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage terminé" -------> ensuite post le rapport FindyKill.txt Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

Bagle............encore

Réponse 2 / 20

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
12 nov. 2008 à 15:21

Bonjour,

Cette infection s'attrape par le téléchargement de cracks (ou par la simple visite d'un site de cracks). C'est un important vecteur d'infection : https://forum.malekal.com/viewtopic.php?f=33&t=893
Supprime tous tes cracks et keygens pourris, sinon inutile de continuer la désinfection, ils réinfecteront ton ordinateur sans arrêt !

Bagle se propage ensuite par disques amovibles (clés USB, disques durs externes, lecteurs mp3) ==> isole ton PC

Télécharge FindyKill (de Chiquitine29)

Fais un clic droit sur le lien --> enregistrer sous --> bureau
---> FindyKill

--> Lance l'installation avec les paramètres par défaut

--> Double clique sur le raccourci FindyKill sur ton bureau

--> Au menu principal, choisis l'option 1 (Recherche)

--> Poste le rapport C:/FindyKill.txt (il est sauvegardé à la racine du disque dur)

metalin
12 nov. 2008 à 15:46

merci pour ta réponse, voila le rapport Findy Kill
----------------- FindyKill V4.500 ------------------

* User : øOo PapOuneT oOø - LIFETEC
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 12/11/08 par Chiquitine29
* Recherche effectuée à 15:39:12 le 12/11/2008
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OneStep\onestep.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\OneStep\onestep.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\AdobeR.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\PROGRA~1\INCRED~1\bin\ImNotfy.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\OneStep\onestep.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\AdobeR.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

Found ! [12/11/2008 14:16] - C:\InfoSat.txt

»»»» Presence des fichiers dans C:\WINDOWS

»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\prefetch\107671.EXE-0A142F37.pf
Found ! - C:\WINDOWS\prefetch\138921.EXE-2C79F83E.pf
Found ! - C:\WINDOWS\prefetch\140937.EXE-15AEFE0D.pf
Found ! - C:\WINDOWS\prefetch\15942859.EXE-20D79E66.pf
Found ! - C:\WINDOWS\prefetch\15966968.EXE-2868EE56.pf
Found ! - C:\WINDOWS\prefetch\15970390.EXE-0E17255B.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-1F20B197.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\WINFILSE.EXE-17C2CF68.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\Prefetch\CNYHKEY.EXE-3024E8B1.pf
Found ! - C:\WINDOWS\Prefetch\MHOTKEY.EXE-28F476F7.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [12/11/2008 15:23] - C:\WINDOWS\system32\mdelk.exe
Found ! [12/11/2008 15:23] - C:\WINDOWS\system32\wintems.exe
Found ! [12/11/2008 15:23] - C:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

Found ! [12/11/2008 15:22] - C:\WINDOWS\system32\drivers\srosa.sys
Found ! [21/10/2006 07:04] - C:\WINDOWS\system32\drivers\winfilse.exe
Found ! [12/11/2008 15:26] - "C:\WINDOWS\system32\drivers\downld"
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\100324281.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\100329453.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\100330218.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\100354718.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\100357796.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\100374609.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\100392031.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\100394171.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\100517000.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\100521546.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\100530656.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\100536140.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\107671.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\114988531.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\114989328.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\114997421.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\114998218.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\115042203.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\115059125.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\115061109.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\115187750.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\115192125.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\115208625.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\115216859.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\116218.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\117406.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\120859.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\122171.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\122234.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\123031.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\125875.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\127187.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\12950109.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\12957796.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\12958687.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\12979500.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\13000515.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\13030906.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\13250687.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\13285765.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\13311109.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\133625.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\134500.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\137828.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\138625.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\138921.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\140937.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\143250.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\145093.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\145812.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\147328.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\14807484.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\14808546.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\14826000.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\14847437.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\14864390.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\14866281.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\14953718.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15002093.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15008750.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15010734.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15021625.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15022578.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15048015.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15067968.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15086156.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15088703.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15125015.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15159843.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15161640.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15164656.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15210531.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15241578.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15252500.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15265828.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15269406.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15276515.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15298875.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15311484.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15336265.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15345250.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15402500.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15430531.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15447234.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15475593.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15506906.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15507453.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15516203.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\155171.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15545875.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1557468.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1558593.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1568828.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1571515.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15755046.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15795937.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15805109.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\158484.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1592296.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15942859.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15948781.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15949984.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15966968.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15970390.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15988000.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\16010796.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1613187.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\161671.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\161687.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\16171859.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\16181968.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\164656.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\16505812.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\16511015.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\16511859.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\16519265.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\16542218.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\16578312.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\166406.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\16657109.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\16703562.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\16710921.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\16712765.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\167156.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\167687.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\169406.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1780781.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1784171.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1784875.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\179703.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1809468.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1810187.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1813875.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1816562.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1850484.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\185187.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1887234.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\189656.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\193578.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1966500.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\198203.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\198281.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\201312.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\203671.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\203921.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\205359.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\2059765.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\206437.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\2066093.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\2067093.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\216890.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\217265.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\218921.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\221015.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\224937.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\227937.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\228984.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\229906.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\230140.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\232734.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\234625.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\237375.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\241500.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\250750.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\259265.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\267625.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\269468.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\271734.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\27406171.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\27407500.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\27452296.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\27477656.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\27496093.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\27598203.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\27646234.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\27653640.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\27655031.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\277312.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\279671.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\285421.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29466578.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29488218.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29493781.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29519328.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29548312.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29569531.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29578640.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29680468.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29720484.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29721296.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29726750.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29732968.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29736421.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29759468.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29777500.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29780765.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29923750.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29933125.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29947031.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\299828.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\30026734.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\30081453.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\30087609.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\30149625.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\30162796.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\30190453.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\30216515.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\30229625.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\30416109.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\30516656.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\30559984.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\31152125.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\31156953.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\31157656.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\31182593.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\31201546.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\31219296.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\31221609.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\31306328.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\31359109.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\31366937.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\31368203.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\313890.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\321593.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\321937.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\322625.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\322828.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\330312.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\331906.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\333140.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\336890.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\339234.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\342046.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\342609.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\345671.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\352140.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\353203.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\356187.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\360015.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\363140.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\370843.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\379000.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\379828.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\380203.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\384890.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\392375.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\407000.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\412296.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\412359.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\413765.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\420609.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\427125.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\432000.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\441812.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\44190015.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\44191046.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\44237031.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\44254828.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\44256906.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\44336093.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\44384625.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\44391406.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\44392578.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\449453.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\45056265.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\451656.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\462109.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\462609.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\464843.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\478171.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\478937.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\489515.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\491937.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\494984.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\507750.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\514265.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\515328.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\516031.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\523531.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\524734.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\532984.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\546390.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\548421.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\550125.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\567781.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\608609.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\626875.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\645546.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\649578.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\654265.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\672375.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\679765.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\698156.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\704812.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\705828.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\85611968.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\85622140.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\85622828.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\85643812.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\85646843.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\85663921.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\85681875.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\85684250.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\85813906.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\85818421.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\85850812.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\85859250.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\8686953.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\8696562.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\8697859.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\8716500.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\8720218.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\8739218.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\8775531.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\8928515.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\8941656.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\8950500.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\9347859.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\9375015.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\9375796.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\9389421.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\9395125.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\9413281.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\9431203.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\9433578.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\9609125.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\9614375.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\9635984.exe
Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\9644828.exe

»»»» Presence des fichiers dans C:\Documents and Settings\øOo PapOuneT oOø\Application Data

»»»» Presence des fichiers dans C:\DOCUME~1\OOPAPO~1\LOCALS~1\Temp

»»»» Presence des fichiers dans C:\Documents and Settings\øOo PapOuneT oOø\Local Settings\Temporary Internet Files\Content.IE5

--------------- [ Registre / Startup ] ----------------

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
CmUCRRun REG_SZ C:\WINDOWS\system32\CmUCReye.exe
RTHDCPL REG_SZ RTHDCPL.EXE
Alcmtr REG_SZ ALCMTR.EXE
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /install
CHotkey REG_SZ mHotkey.exe
ledpointer REG_SZ CNYHKey.exe
RemoteControl REG_SZ "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
PCMService REG_SZ "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
PCSuiteTrayApplication REG_SZ C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
RavAV REG_SZ C:\WINDOWS\AdobeR.exe
msn REG_SZ C:\WINDOWS\system32\msn.exe
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
RocketDock REG_SZ "C:\Program Files\RocketDock\RocketDock.exe"
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

--------------- [ Registre / Clés infectieuses ] ----------------

Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden

- des fichiers cachés non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

- sans echec non fonctionnel !!

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

/!\ Ip6Fw - Type de démarrage = 4

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Lecteur fixe

+- presence des fichiers :

--------------- [ Registre / Mountpoint2 ] ----------------

Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{388f8f23-9ddc-11dd-b9df-0013d3b36f2f}\Shell\AutoRun\command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{729c11e6-4508-11dd-906b-0013d3b36f2f}\Shell\AutoRun\command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4f19fc6-c9c4-11dc-b1eb-0012bf4fa2de}\Shell\AutoRun\command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4f19fc6-c9c4-11dc-b1eb-0012bf4fa2de}\Shell\explore\Command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4f19fc6-c9c4-11dc-b1eb-0012bf4fa2de}\Shell\open\Command

------------------- ! Fin du rapport ! --------------------

Réponse 3 / 20

totobetourne Messages postés 5592 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 6 juin 2012 65
12 nov. 2008 à 15:22

ok mais il faut enlever avant elibagla car possibilite de probleme de compatibilite entre elibagla et findykill.

metalin
12 nov. 2008 à 15:57

ok, j'avais pas vu ton post, je n'avaid pas désinstallé Elibagla, dois je refaire le test Findy Kill?

Réponse 4 / 20

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
12 nov. 2008 à 16:42

Plusieurs fichiers infectés n'ont pas été effacés...

Branche tous tes disques amovibles (clés USB, disques durs externes, lecteurs mp3, iPod...)

Puis utilise Combofix : attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts... Fais exactement ce qui suit :

Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation : en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!

---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

Tuto ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :
double-clique sur C-Fix.exe (= combofix.exe ) .

Appuie sur une touche pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

metalin
12 nov. 2008 à 16:48

Re, est ce nécessaire de faire cette étape, car je n'ai qu'un appareil photo et téléphone que je branche de temps en temps

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 20

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
12 nov. 2008 à 16:53

Tu as un fichier sur ton ordinateur qui est caractéristique d'une infection de disque amovible (AdobeR), les brancher une fois suffit à les infecter.

metalin
12 nov. 2008 à 17:12

waouh! chaud comme manip......... combo me demanded'installer une console de récup windows que je n'aurais pas, est ce ok ? une connexion internet est indispensable, pas de souci ? je ne fais rien en attendant ta réponse, merci encore

Réponse 6 / 20

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
12 nov. 2008 à 17:32

La console de récupération n'est pas obligatoire, c'est seulement pour revenir en arrière en cas de problème.
Si tu veux l'installer, suis le tuto que je t'ai donné. Sinon passe à la suite

metalin
12 nov. 2008 à 18:10

ComboFix 08-11-11.01 - °Oo PapOuneT oO° 2008-11-12 17:39:08.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.667 [GMT 1:00]
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\°Oo Antoine oO°\Application Data\m
c:\documents and settings\°Oo Antoine oO°\Application Data\m\data.oct
c:\documents and settings\°Oo Antoine oO°\Application Data\m\flec006.exe
c:\documents and settings\°Oo Antoine oO°\Application Data\m\list.oct
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\2X ApplicationServer 3.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\7tools_Partition_Manager_2005_6.02.01.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\A_Haunted_Halloween_ScreenSaver_1.00.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\abcAVI_Tag_Editor_1.8.1.129.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Advanced_Page_Rank_Analyzer_2.0_[Crack].zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\AJet_3.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\All_Stats_Hockey_Coach_6.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Altdo_Convert_MP3_Master_2.1.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Apple_FireWire_Drivers_2.5.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Asf_Seek_Maker_1.5_KeyGen.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\AtleX CPU Speed 1.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Autumn Leaves Fall Foliage Collection 2.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Avast.Pro.v4.7.871.Incl.Keymaker-CORE.czip.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Backup2Net_1.1.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\BatteryMon_2.1_Build_1000_Cracked.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Beautiful Britain winter screensaver 1.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Beyond_Media_1.0_Key.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\BFG_Chat_Client_1.17.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Bid-n-Invoice Basic Invoice 2.1.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Butterfly Jungle 3D Screensaver 1.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Car_Logbook_2.3.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Chronilist 5.9.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Claves.Bitdefender.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Copy+ 2.01.01.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\CryptoSystem Personal 1.2.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Custom Shapes Pack 12 'Torus' 1.0.0 Patch.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Data Export - DB22DBF 1.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\DB-HTML_Converter_PRO_1.4.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Demo Builder 6.00.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Desktop FLV Player 1.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Desktop Organizer & Arranger 1.1.7.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Digital Photo Fixer 2004.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Diskasizer 1.2.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Dmouse 1.0.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\DocsToBox 1.1.1 Build 195.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\DVDCommander_Free_2006_2.5.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Easy_Pocket_PC_Installer_1.21.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\EasyHex Hex Editor 1.13.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\EDIdEv_SEF_Reader_1.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\EMS_Data_Import_2005_for_MySQL_2.1.0.2.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Energize 2.0 Beta 2.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Enigma_0.92.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Ewido.antimalware.4.0.Beta.keygen.Serial.czip.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Extra DVD Ripper Express 4.52.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Eye_Candy_5_Impact_[KeyGen].zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\EzLink NG 2005.10.21.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\File Data Viewer 1.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Fitness Assistant 1.99.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Flash_Projector_1.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\FlowChartX_control_4.1.4.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\FMF Skin Creator 1.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Fontonizer_1.02_build_105.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\FotoTagger 2.10.0.1.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\FoxNotes 2.5.4.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\FrameSolver 2D 1.0 Key.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Frobisher Font TrueType 1.51.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\FullShot_9.5.1.1_(Key+Serial).zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\GameSelect_2.1.1.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\genesisseeds_toolbar_for_IE_4.5.132.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Goal.Com - Live News 1.0.0.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Google Pack 2.2.969.23408 Beta.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Green Saver 3.10.0510.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Half-Life_Natural_Selection_4_client_3.0_beta.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Halo_Dedicated_Server_Init_File_Builder_2.1.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Hot Video to iPod Converter 2.0 Crack.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Human Resource Manager 2.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Inhabitants of Wood Screensaver 1.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\JobOrder 12.9.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Kalvyn_Workgroup_Software_Access_Edition_2006_1.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Karamasoft_UltimateEditor_2.3_(Serial).zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\KFI am 640 2.00.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\KingConvert For Data Burn 5.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\LingvoSoft_Dictionary_2007_Russian_-_Armenian_4.0.22_[Key].zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\ListGrabber Standard 4.0.0.39.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Lookup Unlisted Phone Number 1.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\LuckyPhoto 1.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Magic_Audio_Recorder_5.4.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\MCE Controller 1.1.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Microsoft Phishing Filter Add-in for MSN Search Toolbar 3.0.4702.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Millions_of_Light_Years_1.6_Cracked.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\MindChimes 1.3.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Ministry Assistant 1.4.3.4.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\MSN UK Movies 1.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Nawras PC Supervisor 1.0.0.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\NOD32.Antivirus.v2.51.30.FR.(Version.Windows_XP_2000_2003_NT_32-bit_64-bit).Incl-Crack.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\NotepadEx 1.7.4.4.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\PalTalkScene 9.2.221.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Parnian_for_Freehand_3.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Paving Design Expert 1.3.0.135.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\PDF Suite .NET 3.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\PDF_album_maker_1.01_[Cracked].zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Phone Deck 1.3.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Play_Guitar_2.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\PLC Training - RSlogix Simulator 3.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Pluto_3D_ScreenSaver_1.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\PrePromote v4.05.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\PSD2FLA_1.0.3_r031_Key+Serial.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Qurb_3.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\RICECAKES 1.5.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\ServersCheck_VNCAdministrator_1.0_[Serial].zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\SetPwd 1.5.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\SetupTIE2007 1.0.3.4.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Simple_Home_Money_Management_2006.4.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Softinabox_Remind_Me!_1.0.0_Build_38.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Sprinkle Clock ScreenSaver 2.3.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\SSW_Property_and_Event_Pro_2000_2.3_[KeyGen].zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Stay with me toolbar for IE 4.5.132.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Streams 1.53.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Sudoku_Puzzle_Game_1.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Summertime_Skies_1.00.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\SysImage_HTML2Image_1.5_Crack.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\TechSmith_Screen_Capture_Codec_1.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\The Hubble Space Telescope Part 2 1.0.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\True_Conception_of_Sri_Guru_Tattva_1.08.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\UControls GlassButton 1.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\VCW VicMan's Submass 5.2 Key+Serial.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\VeriTime Time Tracker 5.0.4.16.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\ViruScape_2006.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Voxengo_Marquis_Compressor_1.4_(Key).zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\WannaChat 0.50804.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Wav_Split_Mp3_1.00_(Cracked).zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\WeightWare_3.4.0_Crack.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Windows_Live_Messenger_Now_Playing_Plugin_0.23.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\WorshipLeader_4.8.2.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Y!RabidStatter_2.1.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Zinc 2.5.0.16.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\ZPC demo.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\m\srvlist.oct
c:\documents and settings\°Oo Antoine oO°\ravmonlog
c:\documents and settings\°Oo Charlotte oO°\Application Data\addon.dat
c:\documents and settings\°Oo Charlotte oO°\ravmonlog
c:\documents and settings\°Oo PapOuneT oO°\Application Data\addon.dat
c:\documents and settings\°Oo PapOuneT oO°\ravmonlog
c:\windows\adober.exe
c:\windows\system32\ban_list.txt
c:\windows\system32\drivers\srosa.sys
c:\windows\system32\drivers\winfilse.exe
c:\windows\system32\mdelk.exe
c:\windows\system32\msn.exe
c:\windows\system32\tmp88.tmp
c:\windows\system32\tmp89.tmp
c:\windows\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-12 au 2008-11-12 ))))))))))))))))))))))))))))))))))))
.

2008-11-12 15:37 . 2008-11-12 16:26 <REP> d-------- c:\program files\FindyKill
2008-11-09 12:25 . 2008-11-11 19:48 <REP> d-------- c:\documents and settings\All Users\Application Data\TrackMania
2008-11-09 12:15 . 2008-11-09 12:22 <REP> d-------- c:\program files\TmUnitedForever
2008-11-09 12:09 . 2008-11-09 12:09 <REP> d-------- c:\documents and settings\All Users\Application Data\TrackMania United
2008-11-09 12:05 . 2008-11-09 12:07 <REP> d-------- c:\program files\TrackMania United
2008-11-05 10:32 . 2008-11-05 16:31 <REP> d-------- c:\program files\Easy TM Forever
2008-11-04 14:03 . 2008-11-04 14:03 <REP> d-------- c:\documents and settings\°Oo Antoine oO°\Application Data\Mostick
2008-11-04 12:42 . 2008-04-28 15:53 805,400 -ra------ c:\windows\system32\tmpD6.tmp
2008-11-04 12:42 . 2008-04-28 15:53 805,400 -ra------ c:\windows\system32\tmpD5.tmp
2008-11-04 12:41 . 2008-11-12 17:36 8,912,896 --a------ c:\documents and settings\°Oo Antoine oO°\ntuser.dat
2008-11-04 12:41 . 2008-11-12 17:36 8,912,896 --a------ c:\documents and settings\°Oo Antoine oO°\ntuser.dat
2008-11-03 18:58 . 2008-07-16 22:35 9,728 --a------ c:\windows\system32\RtNicProp32.dll
2008-11-03 18:42 . 2008-11-03 18:42 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
2008-11-02 23:41 . 2008-11-03 10:29 <REP> d-------- c:\program files\WinPcap
2008-11-01 12:44 . 2001-11-14 20:19 16,384 --a------ c:\windows\system32\FileOps.exe
2008-10-30 09:12 . 2008-11-01 10:47 45 --a------ C:\TEST.XML
2008-10-29 20:28 . 2004-03-29 16:23 90,112 --a------ c:\windows\unvise32.exe
2008-10-29 20:26 . 2008-10-29 20:26 <REP> d-------- c:\program files\MAXON
2008-10-29 08:46 . 2008-11-12 15:31 <REP> dr-h----- c:\documents and settings\°Oo Antoine oO°\Recent
2008-10-29 08:46 . 2008-11-12 15:31 <REP> dr-h----- c:\documents and settings\°Oo Antoine oO°\Recent
2008-10-28 16:54 . 2008-10-28 18:22 22,060 --a------ c:\windows\system32\msn
2008-10-28 15:51 . 1999-09-18 09:54 180,224 --a------ c:\windows\system32\ijl11.dll
2008-10-25 23:30 . 2008-10-25 23:30 <REP> d-------- c:\documents and settings\°Oo PapOuneT oO°\Application Data\EmailNotifier
2008-10-25 20:43 . 2008-10-25 20:43 <REP> d-------- c:\program files\CA VMN Anti-Spyware
2008-10-25 20:43 . 2008-10-25 20:43 <REP> d-------- c:\documents and settings\All Users\Application Data\EmailNotifier
2008-10-25 20:43 . 2008-11-03 19:38 <REP> d-------- c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar
2008-10-25 20:43 . 2008-10-25 20:43 <REP> d-------- c:\documents and settings\°Oo Antoine oO°\Application Data\EmailNotifier
2008-10-25 20:02 . 2008-10-25 20:02 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-25 19:54 . 2007-02-20 15:04 2,463,976 --a------ c:\windows\system32\NPSWF32.dll
2008-10-25 19:54 . 2007-02-20 15:04 190,696 --a------ c:\windows\system32\NPSWF32_FlashUtil.exe
2008-10-25 19:40 . 2008-10-25 19:40 <REP> d-------- c:\program files\Bonjour
2008-10-25 19:32 . 2008-10-25 19:32 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared
2008-10-25 13:00 . 2008-10-25 13:00 <REP> d-------- c:\documents and settings\°Oo PapOuneT oO°\Application Data\Windows Search
2008-10-25 09:43 . 2007-10-24 15:58 216 --ahs---- C:\BOOT.BKK
2008-10-25 09:39 . 2008-10-25 09:39 <REP> d-------- c:\program files\TGTSoft
2008-10-24 12:38 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-22 08:38 . 2008-10-22 08:38 <REP> d-------- c:\program files\IKEA HomePlanner
2008-10-22 08:37 . 2008-10-22 08:37 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-10-21 13:04 . 2008-11-01 12:44 <REP> d-------- c:\windows\system32\Adobe
2008-10-19 15:40 . 2008-10-19 15:40 <REP> d-------- c:\documents and settings\°Oo PapOuneT oO°\Application Data\Snapfish
2008-10-15 22:10 . 2008-10-15 22:12 1,393 --a------ c:\windows\imsins.BAK
2008-10-15 12:09 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-15 12:08 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 12:08 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 12:08 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 12:08 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 12:08 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 14:26 --------- d-----w c:\program files\Live for Speed S2
2008-11-12 14:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-12 09:49 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-12 09:00 --------- d-----w c:\program files\a-squared Free
2008-11-12 08:17 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-09 15:22 19,554 ----a-w c:\documents and settings\°Oo PapOuneT oO°\Application Data\wklnhst.dat
2008-11-06 19:19 --------- d-----w c:\program files\TrackMania Nations ESWC
2008-11-06 19:10 --------- d-----w c:\program files\SpeedSim
2008-11-06 19:03 --------- d-----w c:\program files\Button Studio
2008-11-06 19:02 --------- d-----w c:\documents and settings\All Users\Application Data\Aquadelic GT
2008-11-05 15:31 --------- d-----w c:\program files\WarRock
2008-11-04 18:00 --------- d-----w c:\program files\Windows Live Safety Center
2008-11-04 11:18 --------- d-----w c:\program files\OpenAL
2008-11-01 11:44 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-10-21 12:02 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-19 15:24 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-10 07:12 159,992 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-10-09 14:20 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-08 18:37 --------- d-----w c:\program files\Alt WAV MP3 WMA OGG Converter
2008-10-07 12:33 6,133,856 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2008-10-03 15:07 --------- d-----w c:\program files\Zylom Games
2008-09-28 16:46 --------- d-----w c:\program files\Micro Application
2008-09-28 16:15 --------- d-----w c:\documents and settings\°Oo PapOuneT oO°\Application Data\Zylom
2008-09-28 16:11 --------- d-----w c:\program files\Java
2008-09-26 17:19 --------- d-----w c:\program files\Lavalys
2008-09-22 18:39 --------- d-----w c:\documents and settings\°Oo Antoine oO°\Application Data\teamspeak2
2008-09-21 07:50 --------- d-----w c:\program files\OneStep
2008-09-20 20:19 --------- d-----w c:\program files\TeamSpeak3
2008-09-20 11:04 --------- d-----w c:\documents and settings\°Oo Antoine oO°\Application Data\Windows Search
2008-09-19 19:39 --------- d-----w c:\program files\Vstplugins
2008-09-19 19:39 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
2008-09-19 19:38 --------- d-----w c:\program files\Sony
2008-09-19 19:37 --------- d-----w c:\program files\Sony Setup
2008-09-16 13:39 --------- d-----w c:\program files\Windows Desktop Search
2008-09-16 13:39 --------- d-----w c:\documents and settings\°Oo PapOuneT oO°\Application Data\Windows Desktop Search
2008-09-13 09:30 --------- d-----w c:\program files\ScanWizard 5
2008-09-13 08:46 --------- d-----w c:\program files\EasyScan
2008-09-13 08:35 --------- d-----w c:\program files\Documalis Free
2008-03-07 19:06 4,328 ----a-w c:\documents and settings\°Oo Antoine oO°\Application Data\wklnhst.dat
2007-11-17 09:23 3,022,242 ----a-w c:\documents and settings\°Oo PapOuneT oO°\TRACE_BOOT+DRIVERS_1_1.BIN
2007-11-17 09:23 3,022,242 ----a-w c:\documents and settings\°Oo PapOuneT oO°\TRACE_BOOT+DRIVERS_1_1.BIN
2007-10-22 02:49 867,848 ----a-w c:\program files\NOV2007_d3dx10_36_x64.cab
2007-10-22 02:49 807,132 ----a-w c:\program files\NOV2007_d3dx10_36_x86.cab
2007-10-22 02:49 49,392 ----a-w c:\program files\NOV2007_X3DAudio_x64.cab
2007-10-22 02:49 44,850 ----a-w c:\program files\dxdllreg_x86.cab
2007-10-22 02:49 21,744 ----a-w c:\program files\NOV2007_X3DAudio_x86.cab
2007-10-22 02:49 200,010 ----a-w c:\program files\NOV2007_XACT_x64.cab
2007-10-22 02:49 151,512 ----a-w c:\program files\NOV2007_XACT_x86.cab
2007-10-22 02:49 1,805,306 ----a-w c:\program files\NOV2007_d3dx9_36_x64.cab
2007-10-22 02:49 1,712,608 ----a-w c:\program files\NOV2007_d3dx9_36_x86.cab
2004-07-09 03:08 2,242,560 ----a-w c:\documents and settings\°Oo Antoine oO°\dsetup32.dll
2004-07-09 03:08 2,242,560 ----a-w c:\documents and settings\°Oo Antoine oO°\dsetup32.dll
2004-07-09 02:03 62,976 ----a-w c:\documents and settings\°Oo Antoine oO°\DSETUP.dll
2004-07-09 02:03 62,976 ----a-w c:\documents and settings\°Oo Antoine oO°\DSETUP.dll
2008-06-06 14:44 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008060620080607\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2006-07-12 237568]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"RemoteControl"="c:\program files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2006-03-31 147456]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 223232]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-25 185632]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-12 78008]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"CHotkey"="mHotkey.exe" [2004-06-03 c:\windows\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2003-07-21 c:\windows\CNYHKey.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

c:\documents and settings\øOo Antoine oOø\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 110592]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 110592]
Scanner Finder.lnk - c:\program files\ScanWizard 5\ScannerFinder.exe [2008-09-13 315392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\HOMECI~1\POWERC~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\TrackMania United\\TmUnited.exe"=
"c:\\Program Files\\DnD Networks\\Onyx\\lib\\Nadeo\\TMU\\TrackmaniaServer.exe"=
"c:\\Program Files\\DnD Networks\\Onyx\\Onyx.exe"=
"c:\\Program Files\\Cossacks 2 - Battle for Europe\\Run\\Data\\engine.exe"=
"c:\\Program Files\\WYSIWYG Web Builder 4.0\\WebBuilder.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Metin2_France\\metin2.bin"=
"c:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Home Cinema\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5002:TCP"= 5002:TCP:tmu
"5002:UDP"= 5002:UDP:tmu
"21:UDP"= 21:UDP:site
"16126:TCP"= 16126:TCP:*:Disabled:emule
"3452:TCP"= 3452:TCP:tmu
"3452:UDP"= 3452:UDP:tmu
"2352:UDP"= 2352:UDP:tmu
"2352:TCP"= 2352:TCP:tmu
"13300:TCP"= 13300:TCP:NortonAV
"13114:TCP"= 13114:TCP:NortonAV
"12917:TCP"= 12917:TCP:NortonAV
"13039:TCP"= 13039:TCP:NortonAV
"15709:TCP"= 15709:TCP:NortonAV

R2 OneStepSearch Service;OneStepSearch Service;c:\program files\OneStep\onestep.exe c:\program files\OneStep\onestep.dll Service [ ]
R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2005-10-17 826112]
R3 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;c:\windows\system32\DRIVERS\cmiucr.SYS [2007-01-05 93056]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [ ]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
S3 maconfservice;Ma-Config Service;c:\documents and settings\°Oo Antoine oO°\Mes documents\maconfservice.exe [2008-11-02 195752]
S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe [ ]
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CE2A1958-4EAC-7237-F218-153CD75EFC12}]
c:\windows\system32\msn.exe
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{A057A204-BACC-4D26-8287-79A187E26987} - c:\progra~1\VMNTOO~1\VMNTOO~1.DLL
Toolbar-{A057A204-BACC-4D26-8287-79A187E26987} - c:\progra~1\VMNTOO~1\VMNTOO~1.DLL
WebBrowser-{A057A204-BACC-4D26-8287-79A187E26987} - c:\progra~1\VMNTOO~1\VMNTOO~1.DLL

.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\°Oo PapOuneT oO°\Application Data\Mozilla\Firefox\Profiles\6ma9wxhy.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 17:49:47
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\OneStep\onestep.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\windows\system32\searchindexer.exe
c:\program files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
c:\program files\OneStep\onestep.exe
c:\windows\system32\rundll32.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\ALCFDRTM.EXE
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Heure de fin: 2008-11-12 18:07:53 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-12 17:07:46

Avant-CF: 56,767,160,320 octets libres
Après-CF: 56,469,618,688 octets libres

406 --- E O F --- 2008-10-25 10:00:58

metalin > metalin
12 nov. 2008 à 21:55

voila le rapport Combo-fix, je pense qu'il s'est déroulé dans de bonne condition, le pc a redémarré normalement, j'ai remis mon pare-feu, mais j'ai l'impression que le problème est toujours existant puisque Avast ne veut pas s'ouvrir (...........win32 non valide), dis moi ce que tu en penses.

Réponse 7 / 20

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
13 nov. 2008 à 01:20

Il est tard, je regarderai le rapport demain après-midi, il va rester une chose à faire avant de pouvoir remettre tes logiciels de protections en fonction.

A demain.

Réponse 8 / 20

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
13 nov. 2008 à 16:01

Toujours avec toutes les protections désactivées, fais ceci :

Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
Folder::
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar

Driver::
Boonty Games
SROSA

------------------------------------------------------------------

- Enregistre ce fichier sur ton bureau (et pas ailleurs !) sous le nom CFScript.txt
- Quitte le Bloc Notes

· Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif

* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Aussitôt après, sans redémarrer ton ordinateur, fais ceci :

Télécharge et installe Malwarebytes' Anti-Malware
- A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
- Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
- Puis va dans l'onglet "Recherche", coche "Exécuter un examen rapide" puis "Rechercher"
- Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
- A la fin du scan, clique sur Afficher les résultats
- Coche tous les éléments détectés puis clique sur Supprimer la sélection
- Enregistre le rapport
- S'il t'est demandé de redémarrer, clique sur Yes

Poste le rapport de scan après la suppression ici

metalin
13 nov. 2008 à 17:31

Bonjour, merci d'ètre là pour me guider, voila le rapport combo-fix
ComboFix 08-11-11.01 - °Oo PapOuneT oO° 2008-11-13 17:18:28.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.586 [GMT 1:00]
Lancé depuis: c:\documents and settings\°Oo PapOuneT oO°\Bureau\C-Fix.exe
Commutateurs utilisés :: c:\documents and settings\°Oo PapOuneT oO°\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\__slider.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\a.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\amazon.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\an.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\arrow.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\arrow_down.gif
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\arrow_up.gif
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\arrowB.gif
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\arrowT.gif
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\autofill.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\b.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\bg_pub.gif
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\bg_ttl.gif
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\bn.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\bottom.png
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\bottom_left.png
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\bottom_right.png
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\c.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\CAlogo.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\canalblog.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\cn.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\COMBOSEARCH.acs
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\d.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\dictionary2.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\dn.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\DownloadCOM.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\dropdown.css
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\email_b.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\equalizer_loading.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\equalizer_off.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\equalizer_on.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\ErrorLog.txt
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\ErrorPageTemplate.css
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\ErrorPageTemplate_search.css
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\f.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\fn.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\g.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\gaming.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\gn.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\graphred0.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\graphred0_5.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\graphred1.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\graphred1_5.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\graphred2.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\graphred2_5.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\graphred3.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\graphred3_5.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\graphred4.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\graphred4_5.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\graphred5.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\h.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\h_aquarius.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\h_aries.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\h_cancer.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\h_capricorn.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\h_gemini.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\h_leo.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\h_libra.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\h_pisces.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\h_sagittarius.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\h_scorpio.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\h_taurus.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\h_virgo.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\help.gif
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\hideremove.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\highlight.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\hn.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\i.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\IEtab1_8.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\images01.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\in.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\j.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\jn.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\k.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\kn.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\l.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\left.png
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\ln.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\loading.gif
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\logo.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\logo_facebook.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\minus.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\minus_on.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\music2.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\n.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\New York_NY_weather.txt
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\New York_NY_weather.txt15914000
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\New York_NY_weather.txt25104015
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\New York_NY_weather.txt3968015
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\New York_NY_weather.txt42643140
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\New York_NY_weather.txt5108015
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\news.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\news.html
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\newsb.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\nn.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\o.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\on.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\p.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\p_yahoo.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\p_yahoo_fr.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\pixsy.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\play.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\play_on.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\plus.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\plus_on.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\pn.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\popup_off.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\popup_on.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\popup_ona.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\q.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\qn.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\r.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\relatedlinks.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\report.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\right.png
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\rn.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\rss.xsl
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\rss1.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\rsslib.js
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\rssmenu1_7a.zip
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\s.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\search.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\search.gif
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\search_fr.gif
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\settings.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\shop2.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\sinfo.txt
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\sinfo.txt175484
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\sinfo.txt363812
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\siteinfo.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\slider.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\sn.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\spacer.gif
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\stars-red1.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\stars-red2.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\stars-red3.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\stars-red4.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\stars-red5.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\stop.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\stop_on.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\t.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\tab_icon.png
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\tabdataV3.js
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\tabwelcome_en.html
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\tabwelcome_fr.html
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\technorati.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\Thumbs.db
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\tn.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\tools.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\top.png
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\top_left.png
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\top_right.png
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\translate.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\u.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\un.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\utf8.js
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\v.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\vmlib.js
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\vmntoolbartb1501.cfg
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\vn.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\w.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\web_fr.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\wikipedia.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\wn.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\x.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\xp_close_small.gif
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\yahoo_search.gif
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\YouTube.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\z.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\zn.bmp
c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\zoom.bmp

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-13 au 2008-11-13 ))))))))))))))))))))))))))))))))))))
.

2008-11-13 12:50 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-13 12:50 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 15:37 . 2008-11-12 16:26 <REP> d-------- c:\program files\FindyKill
2008-11-09 12:25 . 2008-11-12 19:00 <REP> d-------- c:\documents and settings\All Users\Application Data\TrackMania
2008-11-09 12:15 . 2008-11-09 12:22 <REP> d-------- c:\program files\TmUnitedForever
2008-11-09 12:09 . 2008-11-09 12:09 <REP> d-------- c:\documents and settings\All Users\Application Data\TrackMania United
2008-11-09 12:05 . 2008-11-09 12:07 <REP> d-------- c:\program files\TrackMania United
2008-11-05 10:32 . 2008-11-05 16:31 <REP> d-------- c:\program files\Easy TM Forever
2008-11-04 14:03 . 2008-11-04 14:03 <REP> d-------- c:\documents and settings\°Oo Antoine oO°\Application Data\Mostick
2008-11-04 12:42 . 2008-04-28 15:53 805,400 -ra------ c:\windows\system32\tmpD6.tmp
2008-11-04 12:42 . 2008-04-28 15:53 805,400 -ra------ c:\windows\system32\tmpD5.tmp
2008-11-04 12:41 . 2008-11-12 22:44 8,912,896 --a------ c:\documents and settings\°Oo Antoine oO°\ntuser.dat
2008-11-04 12:41 . 2008-11-12 22:44 8,912,896 --a------ c:\documents and settings\°Oo Antoine oO°\ntuser.dat
2008-11-03 18:58 . 2008-07-16 22:35 9,728 --a------ c:\windows\system32\RtNicProp32.dll
2008-11-03 18:42 . 2008-11-03 18:42 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
2008-11-02 23:41 . 2008-11-03 10:29 <REP> d-------- c:\program files\WinPcap
2008-11-01 12:44 . 2001-11-14 20:19 16,384 --a------ c:\windows\system32\FileOps.exe
2008-10-30 09:12 . 2008-11-01 10:47 45 --a------ C:\TEST.XML
2008-10-29 20:28 . 2004-03-29 16:23 90,112 --a------ c:\windows\unvise32.exe
2008-10-29 20:26 . 2008-10-29 20:26 <REP> d-------- c:\program files\MAXON
2008-10-29 08:46 . 2008-11-12 19:05 <REP> dr-h----- c:\documents and settings\°Oo Antoine oO°\Recent
2008-10-29 08:46 . 2008-11-12 19:05 <REP> dr-h----- c:\documents and settings\°Oo Antoine oO°\Recent
2008-10-28 16:54 . 2008-10-28 18:22 22,060 --a------ c:\windows\system32\msn
2008-10-28 15:51 . 1999-09-18 09:54 180,224 --a------ c:\windows\system32\ijl11.dll
2008-10-25 23:30 . 2008-10-25 23:30 <REP> d-------- c:\documents and settings\°Oo PapOuneT oO°\Application Data\EmailNotifier
2008-10-25 20:43 . 2008-10-25 20:43 <REP> d-------- c:\program files\CA VMN Anti-Spyware
2008-10-25 20:43 . 2008-10-25 20:43 <REP> d-------- c:\documents and settings\All Users\Application Data\EmailNotifier
2008-10-25 20:43 . 2008-10-25 20:43 <REP> d-------- c:\documents and settings\°Oo Antoine oO°\Application Data\EmailNotifier
2008-10-25 20:02 . 2008-10-25 20:02 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-25 19:54 . 2007-02-20 15:04 2,463,976 --a------ c:\windows\system32\NPSWF32.dll
2008-10-25 19:54 . 2007-02-20 15:04 190,696 --a------ c:\windows\system32\NPSWF32_FlashUtil.exe
2008-10-25 19:40 . 2008-10-25 19:40 <REP> d-------- c:\program files\Bonjour
2008-10-25 19:32 . 2008-10-25 19:32 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared
2008-10-25 13:00 . 2008-10-25 13:00 <REP> d-------- c:\documents and settings\°Oo PapOuneT oO°\Application Data\Windows Search
2008-10-25 09:43 . 2007-10-24 15:58 216 --ahs---- C:\BOOT.BKK
2008-10-25 09:39 . 2008-10-25 09:39 <REP> d-------- c:\program files\TGTSoft
2008-10-24 12:38 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-22 08:38 . 2008-10-22 08:38 <REP> d-------- c:\program files\IKEA HomePlanner
2008-10-22 08:37 . 2008-10-22 08:37 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-10-21 13:04 . 2008-11-01 12:44 <REP> d-------- c:\windows\system32\Adobe
2008-10-19 15:40 . 2008-10-19 15:40 <REP> d-------- c:\documents and settings\°Oo PapOuneT oO°\Application Data\Snapfish
2008-10-15 22:10 . 2008-11-13 14:10 1,393 --a------ c:\windows\imsins.BAK
2008-10-15 12:09 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-15 12:08 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 12:08 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 12:08 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 12:08 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 12:08 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 14:26 --------- d-----w c:\program files\Live for Speed S2
2008-11-12 14:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-12 09:49 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-12 09:00 --------- d-----w c:\program files\a-squared Free
2008-11-12 08:17 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-09 15:22 19,554 ----a-w c:\documents and settings\°Oo PapOuneT oO°\Application Data\wklnhst.dat
2008-11-06 19:19 --------- d-----w c:\program files\TrackMania Nations ESWC
2008-11-06 19:10 --------- d-----w c:\program files\SpeedSim
2008-11-06 19:03 --------- d-----w c:\program files\Button Studio
2008-11-06 19:02 --------- d-----w c:\documents and settings\All Users\Application Data\Aquadelic GT
2008-11-05 15:31 --------- d-----w c:\program files\WarRock
2008-11-04 18:00 --------- d-----w c:\program files\Windows Live Safety Center
2008-11-04 11:20 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-11-04 11:18 444,952 ----a-w c:\windows\system32\wrap_oal.dll
2008-11-04 11:18 109,080 ----a-w c:\windows\system32\OpenAL32.dll
2008-11-04 11:18 --------- d-----w c:\program files\OpenAL
2008-11-01 11:44 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 18:44 188,909 ----a-w c:\windows\Fonts\petbone.zip
2008-10-21 12:02 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-19 15:24 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-10 07:12 159,992 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-10-10 07:11 182,928 ----a-w c:\windows\system32\PnkBstrB.exe
2008-10-09 14:20 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-08 18:37 --------- d-----w c:\program files\Alt WAV MP3 WMA OGG Converter
2008-10-03 15:07 --------- d-----w c:\program files\Zylom Games
2008-10-02 09:07 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-28 16:46 --------- d-----w c:\program files\Micro Application
2008-09-28 16:15 --------- d-----w c:\documents and settings\°Oo PapOuneT oO°\Application Data\Zylom
2008-09-28 16:11 --------- d-----w c:\program files\Java
2008-09-26 17:19 --------- d-----w c:\program files\Lavalys
2008-09-22 18:39 --------- d-----w c:\documents and settings\°Oo Antoine oO°\Application Data\teamspeak2
2008-09-21 07:50 --------- d-----w c:\program files\OneStep
2008-09-20 20:19 --------- d-----w c:\program files\TeamSpeak3
2008-09-20 11:04 --------- d-----w c:\documents and settings\°Oo Antoine oO°\Application Data\Windows Search
2008-09-19 19:39 --------- d-----w c:\program files\Vstplugins
2008-09-19 19:39 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
2008-09-19 19:38 --------- d-----w c:\program files\Sony
2008-09-19 19:37 --------- d-----w c:\program files\Sony Setup
2008-09-16 13:39 --------- d-----w c:\program files\Windows Desktop Search
2008-09-16 13:39 --------- d-----w c:\documents and settings\°Oo PapOuneT oO°\Application Data\Windows Desktop Search
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-13 09:30 --------- d-----w c:\program files\ScanWizard 5
2008-09-13 08:46 --------- d-----w c:\program files\EasyScan
2008-09-13 08:35 --------- d-----w c:\program files\Documalis Free
2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 13:23 2,147,328 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:23 2,025,984 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-03-07 19:06 4,328 ----a-w c:\documents and settings\°Oo Antoine oO°\Application Data\wklnhst.dat
2007-11-17 09:23 3,022,242 ----a-w c:\documents and settings\°Oo PapOuneT oO°\TRACE_BOOT+DRIVERS_1_1.BIN
2007-11-17 09:23 3,022,242 ----a-w c:\documents and settings\°Oo PapOuneT oO°\TRACE_BOOT+DRIVERS_1_1.BIN
2007-10-22 02:49 867,848 ----a-w c:\program files\NOV2007_d3dx10_36_x64.cab
2007-10-22 02:49 807,132 ----a-w c:\program files\NOV2007_d3dx10_36_x86.cab
2007-10-22 02:49 49,392 ----a-w c:\program files\NOV2007_X3DAudio_x64.cab
2007-10-22 02:49 44,850 ----a-w c:\program files\dxdllreg_x86.cab
2007-10-22 02:49 21,744 ----a-w c:\program files\NOV2007_X3DAudio_x86.cab
2007-10-22 02:49 200,010 ----a-w c:\program files\NOV2007_XACT_x64.cab
2007-10-22 02:49 151,512 ----a-w c:\program files\NOV2007_XACT_x86.cab
2007-10-22 02:49 1,805,306 ----a-w c:\program files\NOV2007_d3dx9_36_x64.cab
2007-10-22 02:49 1,712,608 ----a-w c:\program files\NOV2007_d3dx9_36_x86.cab
2004-07-09 03:08 2,242,560 ----a-w c:\documents and settings\°Oo Antoine oO°\dsetup32.dll
2004-07-09 03:08 2,242,560 ----a-w c:\documents and settings\°Oo Antoine oO°\dsetup32.dll
2004-07-09 02:03 62,976 ----a-w c:\documents and settings\°Oo Antoine oO°\DSETUP.dll
2004-07-09 02:03 62,976 ----a-w c:\documents and settings\°Oo Antoine oO°\DSETUP.dll
2008-06-06 14:44 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008060620080607\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-11-12_17.56.22.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-11-12 21:40:46 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-10-15 21:11:14 593,920 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-11-12 21:41:38 593,920 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-10-15 21:11:14 12,288 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-11-12 21:41:38 12,288 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-10-15 21:11:14 86,016 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-11-12 21:41:38 86,016 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-10-15 21:11:14 135,168 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-11-12 21:41:38 135,168 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-10-15 21:11:14 11,264 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-11-12 21:41:38 11,264 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-10-15 21:11:14 27,136 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-11-12 21:41:38 27,136 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-10-15 21:11:14 4,096 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-11-12 21:41:38 4,096 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-10-15 21:11:14 794,624 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-11-12 21:41:38 794,624 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-10-15 21:11:14 249,856 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-11-12 21:41:38 249,856 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-10-15 21:11:14 61,440 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-11-12 21:41:38 61,440 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-10-15 21:11:14 23,040 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-11-12 21:41:38 23,040 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-10-15 21:11:14 286,720 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-11-12 21:41:38 286,720 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-10-15 21:11:13 409,600 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-11-12 21:41:37 409,600 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-09-11 14:50:11 12,288 ----a-r c:\windows\Installer\{9051040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-11-12 21:41:52 12,288 ----a-r c:\windows\Installer\{9051040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-09-11 14:50:11 135,168 ----a-r c:\windows\Installer\{9051040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-11-12 21:41:52 135,168 ----a-r c:\windows\Installer\{9051040C-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-09-11 14:50:11 4,096 ----a-r c:\windows\Installer\{9051040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-11-12 21:41:52 4,096 ----a-r c:\windows\Installer\{9051040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-09-11 14:50:11 176,128 ----a-r c:\windows\Installer\{9051040C-6000-11D3-8CFE-0150048383C9}\visicon.exe
+ 2008-11-12 21:41:52 176,128 ----a-r c:\windows\Installer\{9051040C-6000-11D3-8CFE-0150048383C9}\visicon.exe
- 2008-11-12 15:34:05 5,860 ----a-w c:\windows\SoftwareDistribution\EventCache\{23D5DA61-6E1E-49D8-AE43-852B44ADAAEA}.bin
+ 2008-11-13 13:11:02 2,642 ----a-w c:\windows\SoftwareDistribution\EventCache\{23D5DA61-6E1E-49D8-AE43-852B44ADAAEA}.bin
- 2008-04-14 02:33:34 1,306,624 -c----w c:\windows\system32\dllcache\msxml6.dll
+ 2008-09-10 01:15:15 1,307,648 -c----w c:\windows\system32\dllcache\msxml6.dll
- 2008-10-07 19:19:40 16,721,856 ----a-w c:\windows\system32\MRT.exe
+ 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
- 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
+ 2008-07-08 13:03:54 18,296 ------w c:\windows\system32\spmsg.dll
+ 2008-09-30 15:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 15:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2006-07-12 237568]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"RemoteControl"="c:\program files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2006-03-31 147456]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 223232]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-25 185632]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-12 78008]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"CHotkey"="mHotkey.exe" [2004-06-03 c:\windows\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2003-07-21 c:\windows\CNYHKey.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

c:\documents and settings\øOo Antoine oOø\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 110592]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 110592]
Scanner Finder.lnk - c:\program files\ScanWizard 5\ScannerFinder.exe [2008-09-13 315392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\HOMECI~1\POWERC~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\TrackMania United\\TmUnited.exe"=
"c:\\Program Files\\DnD Networks\\Onyx\\lib\\Nadeo\\TMU\\TrackmaniaServer.exe"=
"c:\\Program Files\\DnD Networks\\Onyx\\Onyx.exe"=
"c:\\Program Files\\Cossacks 2 - Battle for Europe\\Run\\Data\\engine.exe"=
"c:\\Program Files\\WYSIWYG Web Builder 4.0\\WebBuilder.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Metin2_France\\metin2.bin"=
"c:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Home Cinema\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5002:TCP"= 5002:TCP:tmu
"5002:UDP"= 5002:UDP:tmu
"21:UDP"= 21:UDP:site
"16126:TCP"= 16126:TCP:*:Disabled:emule
"3452:TCP"= 3452:TCP:tmu
"3452:UDP"= 3452:UDP:tmu
"2352:UDP"= 2352:UDP:tmu
"2352:TCP"= 2352:TCP:tmu
"13300:TCP"= 13300:TCP:NortonAV
"13114:TCP"= 13114:TCP:NortonAV
"12917:TCP"= 12917:TCP:NortonAV
"13039:TCP"= 13039:TCP:NortonAV
"15709:TCP"= 15709:TCP:NortonAV

R2 OneStepSearch Service;OneStepSearch Service;c:\program files\OneStep\onestep.exe c:\program files\OneStep\onestep.dll Service [ ]
R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2005-10-17 826112]
R3 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;c:\windows\system32\DRIVERS\cmiucr.SYS [2007-01-05 93056]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [ ]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
S3 maconfservice;Ma-Config Service;c:\documents and settings\°Oo Antoine oO°\Mes documents\maconfservice.exe [2008-11-02 195752]
S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe [ ]
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CE2A1958-4EAC-7237-F218-153CD75EFC12}]
c:\windows\system32\msn.exe
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-13 17:23:41
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-13 17:26:06
ComboFix-quarantined-files.txt 2008-11-13 16:25:44
ComboFix2.txt 2008-11-12 17:07:54

Avant-CF: 58 049 458 176 octets libres
Après-CF: 58,073,399,296 octets libres

459 --- E O F --- 2008-11-13 13:10:56

metalin
13 nov. 2008 à 17:51

voila le rapport anti-malware

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1395
Windows 5.1.2600 Service Pack 3

13/11/2008 17:41:13
mbam-log-2008-11-13 (17-41-13).txt

Type de recherche: Examen rapide
Eléments examinés: 58833
Temps écoulé: 4 minute(s), 34 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
C:\Program Files\OneStep\onestep.exe (Adware.OneStepSearch) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\Program Files\OneStep\onestep.dll (Adware.OneStepSearch) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\onestep (Adware.OneStepSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\OneStep (Adware.OneStepSearch) -> Delete on reboot.

Fichier(s) infecté(s):
C:\Program Files\OneStep\home.js (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\Program Files\OneStep\onestep.dll (Adware.OneStepSearch) -> Delete on reboot.
C:\Program Files\OneStep\onestep.exe (Adware.OneStepSearch) -> Delete on reboot.
C:\Program Files\OneStep\osopt.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\Program Files\OneStep\readme.html (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\Program Files\OneStep\uninstall.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully.
oila le rapport anti-malware

Réponse 9 / 20

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
13 nov. 2008 à 18:16

OK, l'infection Bagle a été supprimée.

Télécharge hijackthis (logiciel de diagnostique) sur ton bureau : https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/

Installe le, lance le et clique sur "Do a system scan and save a logfile".
Fais un copier-coller du rapport entier sur le forum

metalin
13 nov. 2008 à 18:38

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:37:39, on 13/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [connectiv32] C:\backup\connectiv32.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\winfilse.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\°Oo Antoine oO°\Application Data\m\flec006.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Documents and Settings\°Oo Antoine oO°\Mes documents\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OneStepSearch Service - Unknown owner - C:\Program Files\OneStep\onestep.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Réponse 10 / 20

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
13 nov. 2008 à 19:52

J'ai parlé trop vite, Bagle n'a pas été supprimé complètement on dirait :(

# Ouvre le bloc-notes (fais un clic droit sur le bureau > dans l´arborescence choisis nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(x)) :

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"connectiv32"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"drvsyskit"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"german.exe"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"mule_st_key"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Note : Il ne faut pas de ligne vide au début du doc

Puis clique sur "fichier" --> "enregistrer sous" --> choisis le Bureau comme destination --> nomme le « fix.reg ».

Ca doit ressembler à ça une fois enregistré : http://img520.imageshack.us/img520/4251/screenshot005ps2.png

# Double clique sur le fichier fix.reg que tu viens de créer => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"

---> Télécharge OTMoveIt3 (de OldTimer) sur ton Bureau : http://oldtimer.geekstogo.com/OTMoveIt3.exe
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie/colle le texte suivant dans le cadre « Paste Instructions for Items to be Moved » et clique sur Moveit :

:processes
explorer.exe

:files
c:\backup\connectiv32.exe
c:\windows\system32\drivers\winfilse.exe
c:\windows\system32\wintems.exe
c:\documents and settings\°oo antoine oo°\application data\m

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles
Le nom du rapport correspond au moment de sa création : date_heure.log

metalin
13 nov. 2008 à 20:13

Voila

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder c:\backup\connectiv32.exe not found.
File/Folder c:\windows\system32\drivers\winfilse.exe not found.
File/Folder c:\windows\system32\wintems.exe not found.
File/Folder c:\documents and settings\°oo antoine oo°\application data\m not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\OOANTO~1\LOCALS~1\Temp\~DF1A18.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\OOANTO~1\LOCALS~1\Temp\~DF284E.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\OOANTO~1\LOCALS~1\Temp\~DF285B.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\OOANTO~1\LOCALS~1\Temp\~DFD66B.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\OOANTO~1\LOCALS~1\Temp\~DFD67B.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_CcHfD9eK1dEoB3e scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11132008_200829

Files moved on Reboot...
C:\DOCUME~1\OOANTO~1\LOCALS~1\Temp\~DF1A18.tmp moved successfully.
File C:\DOCUME~1\OOANTO~1\LOCALS~1\Temp\~DF284E.tmp not found!
File C:\DOCUME~1\OOANTO~1\LOCALS~1\Temp\~DF285B.tmp not found!
File C:\DOCUME~1\OOANTO~1\LOCALS~1\Temp\~DFD66B.tmp not found!
File C:\DOCUME~1\OOANTO~1\LOCALS~1\Temp\~DFD67B.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\sqlite_CcHfD9eK1dEoB3e not found!

Réponse 11 / 20

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
13 nov. 2008 à 23:41

OTMoveIt n'a trouvé aucun des fichiers... C'est bizarre.

Reposte un hijackthis stp
Et relance FindyKill avec l'option 1 (Recherche) (voir message 1)

metalin
14 nov. 2008 à 13:06

Bonjour Anthony5151, moi qui pensais que ce serait bientot résolu, voila que Hijackthis ne veut pas s'ouvrir (....win32 pas valide ! ), je poste quand même le rapport Findy Kill
A+

----------------- FindyKill V4.500 ------------------

* User : øOo PapOuneT oOø - LIFETEC
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 12/11/08 par Chiquitine29
* Recherche effectuée à 13:01:31 le 14/11/2008
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

»»»» Presence des fichiers dans C:\WINDOWS

»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

»»»» Presence des fichiers dans C:\WINDOWS\system32

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

»»»» Presence des fichiers dans C:\Documents and Settings\øOo PapOuneT oOø\Application Data

»»»» Presence des fichiers dans C:\DOCUME~1\OOPAPO~1\LOCALS~1\Temp

»»»» Presence des fichiers dans C:\Documents and Settings\øOo PapOuneT oOø\Local Settings\Temporary Internet Files\Content.IE5

Found ! - C:\Documents and Settings\øOo PapOuneT oOø\Local Settings\Temporary Internet Files\Content.IE5\FPZS39EX\D36439BF6AFB645FD2B2F5627D57B[1].jpg

--------------- [ Registre / Startup ] ----------------

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
CmUCRRun REG_SZ C:\WINDOWS\system32\CmUCReye.exe
RTHDCPL REG_SZ RTHDCPL.EXE
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /install
CHotkey REG_SZ mHotkey.exe
ledpointer REG_SZ CNYHKey.exe
RemoteControl REG_SZ "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
PCMService REG_SZ "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
PCSuiteTrayApplication REG_SZ C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
RocketDock REG_SZ "C:\Program Files\RocketDock\RocketDock.exe"
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

--------------- [ Registre / Clés infectieuses ] ----------------

--------------- [ Etat / Services ] ----------------

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 2

Ip6Fw - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Lecteur fixe

+- presence des fichiers :

--------------- [ Registre / Mountpoint2 ] ----------------

-> Not found !

------------------- ! Fin du rapport ! --------------------

Réponse 12 / 20

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
14 nov. 2008 à 17:45

Je ne comprends pas, FindyKill ne trouve plus rien non plus...
Peux-tu supprimer Combofix et le re-télécharger (en suivant les conseils donnés plus haut), puis refaire un scan avec stp ?

metalin
14 nov. 2008 à 18:30

voila combo

ComboFix 08-11-12.02 - °Oo PapOuneT oO° 2008-11-14 18:19:44.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.532 [GMT 1:00]
Lancé depuis: c:\documents and settings\°Oo PapOuneT oO°\Bureau\C-Fix.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-14 au 2008-11-14 ))))))))))))))))))))))))))))))))))))
.

2008-11-13 20:11 . 2008-11-13 20:11 <REP> dr-h----- c:\documents and settings\°Oo Antoine oO°\Recent
2008-11-13 20:11 . 2008-11-13 20:11 <REP> dr-h----- c:\documents and settings\°Oo Antoine oO°\Recent
2008-11-13 20:08 . 2008-11-13 20:08 <REP> d-------- C:\_OTMoveIt
2008-11-13 18:37 . 2008-11-13 18:37 <REP> d-------- c:\program files\Trend Micro
2008-11-13 17:34 . 2008-11-13 17:34 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-13 17:34 . 2008-11-13 17:34 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-13 17:34 . 2008-11-13 17:34 <REP> d-------- c:\documents and settings\°Oo PapOuneT oO°\Application Data\Malwarebytes
2008-11-13 17:34 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-13 17:34 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-13 12:50 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-13 12:50 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 15:37 . 2008-11-14 13:02 <REP> d-------- c:\program files\FindyKill
2008-11-09 12:25 . 2008-11-13 20:24 <REP> d-------- c:\documents and settings\All Users\Application Data\TrackMania
2008-11-09 12:15 . 2008-11-09 12:22 <REP> d-------- c:\program files\TmUnitedForever
2008-11-09 12:09 . 2008-11-09 12:09 <REP> d-------- c:\documents and settings\All Users\Application Data\TrackMania United
2008-11-09 12:05 . 2008-11-09 12:07 <REP> d-------- c:\program files\TrackMania United
2008-11-05 10:32 . 2008-11-05 16:31 <REP> d-------- c:\program files\Easy TM Forever
2008-11-04 14:03 . 2008-11-04 14:03 <REP> d-------- c:\documents and settings\°Oo Antoine oO°\Application Data\Mostick
2008-11-04 12:42 . 2008-04-28 15:53 805,400 -ra------ c:\windows\system32\tmpD6.tmp
2008-11-04 12:42 . 2008-04-28 15:53 805,400 -ra------ c:\windows\system32\tmpD5.tmp
2008-11-04 12:41 . 2008-11-13 20:52 8,912,896 --a------ c:\documents and settings\°Oo Antoine oO°\ntuser.dat
2008-11-04 12:41 . 2008-11-13 20:52 8,912,896 --a------ c:\documents and settings\°Oo Antoine oO°\ntuser.dat
2008-11-03 18:58 . 2008-07-16 22:35 9,728 --a------ c:\windows\system32\RtNicProp32.dll
2008-11-03 18:42 . 2008-11-03 18:42 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
2008-11-02 23:41 . 2008-11-03 10:29 <REP> d-------- c:\program files\WinPcap
2008-11-01 12:44 . 2001-11-14 20:19 16,384 --a------ c:\windows\system32\FileOps.exe
2008-10-30 09:12 . 2008-11-01 10:47 45 --a------ C:\TEST.XML
2008-10-29 20:28 . 2004-03-29 16:23 90,112 --a------ c:\windows\unvise32.exe
2008-10-29 20:26 . 2008-10-29 20:26 <REP> d-------- c:\program files\MAXON
2008-10-28 16:54 . 2008-10-28 18:22 22,060 --a------ c:\windows\system32\msn
2008-10-28 15:51 . 1999-09-18 09:54 180,224 --a------ c:\windows\system32\ijl11.dll
2008-10-25 23:30 . 2008-10-25 23:30 <REP> d-------- c:\documents and settings\°Oo PapOuneT oO°\Application Data\EmailNotifier
2008-10-25 20:43 . 2008-10-25 20:43 <REP> d-------- c:\program files\CA VMN Anti-Spyware
2008-10-25 20:43 . 2008-10-25 20:43 <REP> d-------- c:\documents and settings\All Users\Application Data\EmailNotifier
2008-10-25 20:43 . 2008-10-25 20:43 <REP> d-------- c:\documents and settings\°Oo Antoine oO°\Application Data\EmailNotifier
2008-10-25 20:02 . 2008-10-25 20:02 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-25 19:54 . 2007-02-20 15:04 2,463,976 --a------ c:\windows\system32\NPSWF32.dll
2008-10-25 19:54 . 2007-02-20 15:04 190,696 --a------ c:\windows\system32\NPSWF32_FlashUtil.exe
2008-10-25 19:40 . 2008-10-25 19:40 <REP> d-------- c:\program files\Bonjour
2008-10-25 19:32 . 2008-10-25 19:32 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared
2008-10-25 13:00 . 2008-10-25 13:00 <REP> d-------- c:\documents and settings\°Oo PapOuneT oO°\Application Data\Windows Search
2008-10-25 09:43 . 2007-10-24 15:58 216 --ahs---- C:\BOOT.BKK
2008-10-25 09:39 . 2008-10-25 09:39 <REP> d-------- c:\program files\TGTSoft
2008-10-24 12:38 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-22 08:38 . 2008-10-22 08:38 <REP> d-------- c:\program files\IKEA HomePlanner
2008-10-22 08:37 . 2008-10-22 08:37 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-10-21 13:04 . 2008-11-01 12:44 <REP> d-------- c:\windows\system32\Adobe
2008-10-19 15:40 . 2008-10-19 15:40 <REP> d-------- c:\documents and settings\°Oo PapOuneT oO°\Application Data\Snapfish
2008-10-15 12:09 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-15 12:08 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 12:08 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 12:08 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 12:08 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 12:08 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-14 16:41 19,932 ----a-w c:\documents and settings\°Oo PapOuneT oO°\Application Data\wklnhst.dat
2008-11-12 14:26 --------- d-----w c:\program files\Live for Speed S2
2008-11-12 14:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-12 09:49 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-12 09:00 --------- d-----w c:\program files\a-squared Free
2008-11-12 08:17 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-06 19:19 --------- d-----w c:\program files\TrackMania Nations ESWC
2008-11-06 19:10 --------- d-----w c:\program files\SpeedSim
2008-11-06 19:03 --------- d-----w c:\program files\Button Studio
2008-11-06 19:02 --------- d-----w c:\documents and settings\All Users\Application Data\Aquadelic GT
2008-11-05 15:31 --------- d-----w c:\program files\WarRock
2008-11-04 18:00 --------- d-----w c:\program files\Windows Live Safety Center
2008-11-04 11:20 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-11-04 11:18 444,952 ----a-w c:\windows\system32\wrap_oal.dll
2008-11-04 11:18 109,080 ----a-w c:\windows\system32\OpenAL32.dll
2008-11-04 11:18 --------- d-----w c:\program files\OpenAL
2008-11-01 11:44 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 18:44 188,909 ----a-w c:\windows\Fonts\petbone.zip
2008-10-21 12:02 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-19 15:24 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-10 07:12 159,992 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-10-10 07:11 182,928 ----a-w c:\windows\system32\PnkBstrB.exe
2008-10-09 14:20 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-08 18:37 --------- d-----w c:\program files\Alt WAV MP3 WMA OGG Converter
2008-10-03 15:07 --------- d-----w c:\program files\Zylom Games
2008-10-02 09:07 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-28 16:46 --------- d-----w c:\program files\Micro Application
2008-09-28 16:15 --------- d-----w c:\documents and settings\°Oo PapOuneT oO°\Application Data\Zylom
2008-09-28 16:11 --------- d-----w c:\program files\Java
2008-09-26 17:19 --------- d-----w c:\program files\Lavalys
2008-09-22 18:39 --------- d-----w c:\documents and settings\°Oo Antoine oO°\Application Data\teamspeak2
2008-09-20 20:19 --------- d-----w c:\program files\TeamSpeak3
2008-09-20 11:04 --------- d-----w c:\documents and settings\°Oo Antoine oO°\Application Data\Windows Search
2008-09-19 19:39 --------- d-----w c:\program files\Vstplugins
2008-09-19 19:39 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
2008-09-19 19:38 --------- d-----w c:\program files\Sony
2008-09-19 19:37 --------- d-----w c:\program files\Sony Setup
2008-09-16 13:39 --------- d-----w c:\program files\Windows Desktop Search
2008-09-16 13:39 --------- d-----w c:\documents and settings\°Oo PapOuneT oO°\Application Data\Windows Desktop Search
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 13:23 2,147,328 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:23 2,025,984 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-03-07 19:06 4,328 ----a-w c:\documents and settings\°Oo Antoine oO°\Application Data\wklnhst.dat
2007-11-17 09:23 3,022,242 ----a-w c:\documents and settings\°Oo PapOuneT oO°\TRACE_BOOT+DRIVERS_1_1.BIN
2007-11-17 09:23 3,022,242 ----a-w c:\documents and settings\°Oo PapOuneT oO°\TRACE_BOOT+DRIVERS_1_1.BIN
2007-10-22 02:49 867,848 ----a-w c:\program files\NOV2007_d3dx10_36_x64.cab
2007-10-22 02:49 807,132 ----a-w c:\program files\NOV2007_d3dx10_36_x86.cab
2007-10-22 02:49 49,392 ----a-w c:\program files\NOV2007_X3DAudio_x64.cab
2007-10-22 02:49 44,850 ----a-w c:\program files\dxdllreg_x86.cab
2007-10-22 02:49 21,744 ----a-w c:\program files\NOV2007_X3DAudio_x86.cab
2007-10-22 02:49 200,010 ----a-w c:\program files\NOV2007_XACT_x64.cab
2007-10-22 02:49 151,512 ----a-w c:\program files\NOV2007_XACT_x86.cab
2007-10-22 02:49 1,805,306 ----a-w c:\program files\NOV2007_d3dx9_36_x64.cab
2007-10-22 02:49 1,712,608 ----a-w c:\program files\NOV2007_d3dx9_36_x86.cab
2004-07-09 03:08 2,242,560 ----a-w c:\documents and settings\°Oo Antoine oO°\dsetup32.dll
2004-07-09 03:08 2,242,560 ----a-w c:\documents and settings\°Oo Antoine oO°\dsetup32.dll
2004-07-09 02:03 62,976 ----a-w c:\documents and settings\°Oo Antoine oO°\DSETUP.dll
2004-07-09 02:03 62,976 ----a-w c:\documents and settings\°Oo Antoine oO°\DSETUP.dll
2008-06-06 14:44 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008060620080607\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2006-07-12 237568]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"RemoteControl"="c:\program files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2006-03-31 147456]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 223232]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-25 185632]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-12 78008]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"CHotkey"="mHotkey.exe" [2004-06-03 c:\windows\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2003-07-21 c:\windows\CNYHKey.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

c:\documents and settings\øOo Antoine oOø\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 110592]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 110592]
Scanner Finder.lnk - c:\program files\ScanWizard 5\ScannerFinder.exe [2008-09-13 315392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\HOMECI~1\POWERC~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\TrackMania United\\TmUnited.exe"=
"c:\\Program Files\\DnD Networks\\Onyx\\lib\\Nadeo\\TMU\\TrackmaniaServer.exe"=
"c:\\Program Files\\DnD Networks\\Onyx\\Onyx.exe"=
"c:\\Program Files\\Cossacks 2 - Battle for Europe\\Run\\Data\\engine.exe"=
"c:\\Program Files\\WYSIWYG Web Builder 4.0\\WebBuilder.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Metin2_France\\metin2.bin"=
"c:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Home Cinema\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5002:TCP"= 5002:TCP:tmu
"5002:UDP"= 5002:UDP:tmu
"21:UDP"= 21:UDP:site
"16126:TCP"= 16126:TCP:*:Disabled:emule
"3452:TCP"= 3452:TCP:tmu
"3452:UDP"= 3452:UDP:tmu
"2352:UDP"= 2352:UDP:tmu
"2352:TCP"= 2352:TCP:tmu
"13300:TCP"= 13300:TCP:NortonAV
"13114:TCP"= 13114:TCP:NortonAV
"12917:TCP"= 12917:TCP:NortonAV
"13039:TCP"= 13039:TCP:NortonAV
"15709:TCP"= 15709:TCP:NortonAV

R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2005-10-17 826112]
R3 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;c:\windows\system32\DRIVERS\cmiucr.SYS [2007-01-05 93056]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [ ]
S2 OneStepSearch Service;OneStepSearch Service;c:\program files\OneStep\onestep.exe c:\program files\OneStep\onestep.dll Service [ ]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
S3 maconfservice;Ma-Config Service;c:\documents and settings\°Oo Antoine oO°\Mes documents\maconfservice.exe [2008-11-02 195752]
S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe [ ]
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CE2A1958-4EAC-7237-F218-153CD75EFC12}]
c:\windows\system32\msn.exe
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\°Oo PapOuneT oO°\Application Data\Mozilla\Firefox\Profiles\6ma9wxhy.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-14 18:24:55
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-14 18:28:10
ComboFix-quarantined-files.txt 2008-11-14 17:27:35
ComboFix2.txt 2008-11-13 16:26:07
ComboFix3.txt 2008-11-12 17:07:54

Avant-CF: 53 415 317 504 octets libres
Après-CF: 53,456,543,744 octets libres

241 --- E O F --- 2008-11-13 13:10:56

metalin > metalin
15 nov. 2008 à 11:32

Bonjour

J'ai trouvé Bagle avec a-squared et je l'ai mit en quarentaine, est-ce que cela pose probléme pour la suite??

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790 > metalin
15 nov. 2008 à 17:11

Est-ce qu'il y a un rapport ? Où a été trouvée l'infection ?

metalin > anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015
15 nov. 2008 à 20:14

il n'y a pas de rapport, par contre je te donne l'emplacement ou il l'a trouvé:

C:\Documents and Settings\Antoine\local settings\temporary internet Files\content IE5\AZ61534\b64_2 [1].jpg

metalin > anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015
16 nov. 2008 à 12:45

Bonjour
j'ai installé Antivir et fais un rapport; bonjour les dégats !
je poste ce rapport

Avira AntiVir Personal
Report file date: dimanche 16 novembre 2008 00:58

Scanning for 1035635 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: LIFETEC

Version information:
BUILD.DAT : 8.2.0.336 16933 Bytes 30/10/2008 11:40:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 23:57:38
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 23:57:40
ANTIVIR2.VDF : 7.1.0.57 2048 Bytes 09/11/2008 23:57:40
ANTIVIR3.VDF : 7.1.0.88 210944 Bytes 14/11/2008 23:57:41
Engineversion : 8.2.0.31
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 15/11/2008 23:57:51
AESCN.DLL : 8.1.1.5 123251 Bytes 15/11/2008 23:57:50
AERDL.DLL : 8.1.1.3 438645 Bytes 15/11/2008 23:57:49
AEPACK.DLL : 8.1.3.4 393591 Bytes 15/11/2008 23:57:48
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 15/11/2008 23:57:47
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 15/11/2008 23:57:46
AEHELP.DLL : 8.1.1.3 119157 Bytes 15/11/2008 23:57:44
AEGEN.DLL : 8.1.1.0 319859 Bytes 15/11/2008 23:57:43
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56
AECORE.DLL : 8.1.4.1 172405 Bytes 15/11/2008 23:57:42
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 15/11/2008 23:57:42
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 16 novembre 2008 00:58

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'ScannerFinder.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'LaunchApplication.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'CNYHKey.exe' - '1' Module(s) have been scanned
Scan process 'mHotkey.exe' - '1' Module(s) have been scanned
Scan process 'ALCFDRTM.EXE' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'CmUCREye.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
Scan process 'X10nets.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'agrsmsvc.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
47 processes with 47 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '64' files ).

Starting the file scan:

Begin scan in 'C:\' <systeme>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\°Oo Antoine oO°\Mes documents\Downloads\NOCD The Sims 2 Deluxe crack.exe
[DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
[NOTE] The file was moved to '49626638.qua'!
C:\Documents and Settings\°Oo Antoine oO°\Mes documents\eMule Downloads\Incoming\Adobe Crack Serial Keygen All Versions Cs2 Cs3 All Cs3 Progarms Photoshop Premie
[0] Archive type: ZIP
--> adobecs3crack.exe
[DETECTION] Is the TR/WinLdr.A Trojan
[NOTE] The file was moved to '498e66a2.qua'!
C:\Documents and Settings\°Oo Antoine oO°\Mes documents\eMule Downloads\Incoming\Adobe Photoshop CS3 Premium French.rar
[0] Archive type: RAR
--> Adobe Photoshop CS3 Premium French\Adobe Photoshop CS3 Premium French\Crack\Keygen.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Pcclient.581 back-door program
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26001
[WARNING] Failed!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '4bd8f255.qua'!
C:\Documents and Settings\°Oo Antoine oO°\Mes documents\eMule Downloads\Temp\008.part
[0] Archive type: RAR
--> SoftImage_XSI_Advanced_v6.0\setup_XSI_6.0_windows32.exe
[1] Archive type: CAB SFX (self extracting)
--> \msivc8rt.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\°Oo Antoine oO°\Mes documents\logiciel\Cinema 4D\CINEMA_4D_R9.603.zip
[0] Archive type: ZIP
--> keygen.exe
[DETECTION] Is the TR/Dldr.Bagle.aeu Trojan
[NOTE] The file was moved to '496d6eb0.qua'!
C:\Documents and Settings\°Oo Antoine oO°\Mes documents\logiciel\log msn\messenger recovery\MessengerRecovery.rar
[0] Archive type: RAR
--> MessengerRecovery.exe
[1] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Agent.xtc Trojan
--> stealer-msn.exe
[DETECTION] Is the TR/Drop.VB.ckq Trojan
[NOTE] The file was moved to '49926f24.qua'!
C:\Documents and Settings\°Oo Antoine oO°\Mes documents\Mes fichiers reçus\encul de virus msn.zip
[0] Archive type: ZIP
--> yu2008setup.exe
[1] Archive type: RSRC
--> Object
[2] Archive type: CAB (Microsoft)
--> EMU.exe
[3] Archive type: NSIS
--> ProgramFilesDir/connector.exe
[DETECTION] Is the TR/Dldr.Ftp.DM Trojan
[NOTE] The file was moved to '49826f72.qua'!
C:\Documents and Settings\°Oo Antoine oO°\Mes documents\Mes fichiers reçus\Nouveau Archive WinRAR.rar
[0] Archive type: RAR
--> PhotoShop CS3 Extended.exe
[DETECTION] Is the TR/Proxy.Horst.aae.3 Trojan
[NOTE] The file was moved to '49946f79.qua'!
C:\Documents and Settings\°Oo PapOuneT oO°\Mes documents\protection et contrôle\aswclnr.exe
[DETECTION] Contains recognition pattern of the WORM/NetworkWorm/.KN worm
[NOTE] The file was moved to '4996723e.qua'!
C:\Documents and Settings\°Oo PapOuneT oO°\Mes documents\téléchargements\jeu Colette\SetupCasino.exe
[DETECTION] Is the TR/Dloader.DZNY Trojan
[NOTE] The file was moved to '49937269.qua'!
C:\Lop SD\osVer.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Small.gov back-door program
[NOTE] The file was moved to '4975728d.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\OOANTO~1\APPLIC~1\FINDAI~1\datatoolamen.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49937286.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\OOANTO~1\APPLIC~1\FINDAI~1\fyztkary.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '499972a2.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\OOANTO~1\APPLIC~1\FINDAI~1\kemdochw.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '498c7291.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\OOANTO~1\APPLIC~1\FINDAI~1\mcpnffby.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '498f7292.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\OOANTO~1\APPLIC~1\FINDAI~1\MIXCORNFORLESS.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4977727b.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\OOANTO~1\APPLIC~1\FINDAI~1\pcvggmvi.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49957299.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\OOANTO~1\APPLIC~1\FINDAI~1\qlftkjyt.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '498572a5.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\OOANTO~1\APPLIC~1\FINDAI~1\RoadStore.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '498072aa.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\OOANTO~1\APPLIC~1\FINDAI~1\vwkvpgoq.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '498a72b4.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\OOCHAR~1\APPLIC~1\FINDAI~1\RoadStore.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '498072ae.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\OOPAPO~1\APPLIC~1\FINDAI~1\acyallxz.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '499872a9.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\OOPAPO~1\APPLIC~1\FINDAI~1\datatoolamen.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '499372aa.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\OOPAPO~1\APPLIC~1\FINDAI~1\fcdvlmvi.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '498372af.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\OOPAPO~1\APPLIC~1\FINDAI~1\izoelicr.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '498e72c8.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\OOPAPO~1\APPLIC~1\FINDAI~1\jmxlfcnv.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '499772bd.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\OOPAPO~1\APPLIC~1\FINDAI~1\MIXCORNFORLESS.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4977729a.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\OOPAPO~1\APPLIC~1\FINDAI~1\RoadStore.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '498072c3.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\OOPAPO~1\APPLIC~1\FINDAI~1\swjmvrat.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '498972cd.qua'!
C:\Program Files\eMule\Incoming\NOCD The Sims 2 Deluxe crack.exe
[DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
[NOTE] The file was moved to '49627547.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\data.oct.vir
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49937a58.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\flec006.exe.vir
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49847a65.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\2X ApplicationServer 3.zip.vir
[0] Archive type: ZIP
--> serial.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '493f7a54.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\7tools_Partition_Manager_2005_6.02.01.zip.vir
[0] Archive type: ZIP
--> key_generator.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498e7a72.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\abcAVI_Tag_Editor_1.8.1.129.zip.vir
[0] Archive type: ZIP
--> patch.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49827a62.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Advanced_Page_Rank_Analyzer_2.0_[Crack].zip.vir
[0] Archive type: ZIP
--> keygen.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49957a67.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\AJet_3.zip.vir
[0] Archive type: ZIP
--> setup.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49847a4f.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\All_Stats_Hockey_Coach_6.0.zip.vir
[0] Archive type: ZIP
--> patch.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498b7a74.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Altdo_Convert_MP3_Master_2.1.zip.vir
[0] Archive type: ZIP
--> keygen.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49937a76.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Apple_FireWire_Drivers_2.5.zip.vir
[0] Archive type: ZIP
--> serial.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498f7a7d.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Asf_Seek_Maker_1.5_KeyGen.zip.vir
[0] Archive type: ZIP
--> install.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49857a82.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\AtleX CPU Speed 1.0.zip.vir
[0] Archive type: ZIP
--> run.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498b7a85.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Autumn Leaves Fall Foliage Collection 2.0.zip.vir
[0] Archive type: ZIP
--> patch.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49937a88.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Avast.Pro.v4.7.871.Incl.Keymaker-CORE.czip.zip.vir
[0] Archive type: ZIP
--> crac.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49807a8c.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\A_Haunted_Halloween_ScreenSaver_1.00.zip.vir
[0] Archive type: ZIP
--> key_gen.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49677a77.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Backup2Net_1.1.zip.vir
[0] Archive type: ZIP
--> install_patch.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49827a7b.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\BatteryMon_2.1_Build_1000_Cracked.zip.vir
[0] Archive type: ZIP
--> serial.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49937a7f.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Beautiful Britain winter screensaver 1.zip.vir
[0] Archive type: ZIP
--> install_patch.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49807a85.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Beyond_Media_1.0_Key.zip.vir
[0] Archive type: ZIP
--> run.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49987a88.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\BFG_Chat_Client_1.17.zip.vir
[0] Archive type: ZIP
--> key_gen.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49667a6b.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Bid-n-Invoice Basic Invoice 2.1.zip.vir
[0] Archive type: ZIP
--> key_gen.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49837a90.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Butterfly Jungle 3D Screensaver 1.0.zip.vir
[0] Archive type: ZIP
--> install_crack.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49937a9e.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Car_Logbook_2.3.zip.vir
[0] Archive type: ZIP
--> run.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49917a8d.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Chronilist 5.9.zip.vir
[0] Archive type: ZIP
--> install.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49917a96.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Claves.Bitdefender.zip.vir
[0] Archive type: ZIP
--> keygen.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49807a9c.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Copy+ 2.01.01.zip.vir
[0] Archive type: ZIP
--> serial.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498f7aa1.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\CryptoSystem Personal 1.2.zip.vir
[0] Archive type: ZIP
--> crac.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49987aa6.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Custom Shapes Pack 12 'Torus' 1.0.0 Patch.zip.vir
[0] Archive type: ZIP
--> crac.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49927aac.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Data Export - DB22DBF 1.0.zip.vir
[0] Archive type: ZIP
--> key_generator.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49937a9a.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\DB-HTML_Converter_PRO_1.4.zip.vir
[0] Archive type: ZIP
--> serial.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '494c7a7d.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Demo Builder 6.00.zip.vir
[0] Archive type: ZIP
--> serial.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498c7aa2.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Desktop FLV Player 1.0.zip.vir
[0] Archive type: ZIP
--> run.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49927aa4.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Desktop Organizer & Arranger 1.1.7.zip.vir
[0] Archive type: ZIP
--> crac.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49927aa6.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Digital Photo Fixer 2004.zip.vir
[0] Archive type: ZIP
--> install_crack.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49867aac.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Diskasizer 1.2.zip.vir
[0] Archive type: ZIP
--> install.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49927aae.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Dmouse 1.0.0.zip.vir
[0] Archive type: ZIP
--> install_crack.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498e7ab4.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\DocsToBox 1.1.1 Build 195.zip.vir
[0] Archive type: ZIP
--> install_crack.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49827ab8.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\DVDCommander_Free_2006_2.5.zip.vir
[0] Archive type: ZIP
--> key_gen.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49637aa2.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\EasyHex Hex Editor 1.13.zip.vir
[0] Archive type: ZIP
--> keygen.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '4dcad1ff.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Easy_Pocket_PC_Installer_1.21.zip.vir
[0] Archive type: ZIP
--> key_gen.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49927ab1.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\EDIdEv_SEF_Reader_1.0.zip.vir
[0] Archive type: ZIP
--> patch.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49687a96.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\EMS_Data_Import_2005_for_MySQL_2.1.0.2.zip.vir
[0] Archive type: ZIP
--> serial.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49727aa1.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Energize 2.0 Beta 2.zip.vir
[0] Archive type: ZIP
--> install_crack.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49847ac4.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Enigma_0.92.zip.vir
[0] Archive type: ZIP
--> keygen.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49887ac6.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Ewido.antimalware.4.0.Beta.keygen.Serial.czip.zip.vir
[0] Archive type: ZIP
--> patch.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49887ad2.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Extra DVD Ripper Express 4.52.zip.vir
[0] Archive type: ZIP
--> install_crack.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49937ad5.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Eye_Candy_5_Impact_[KeyGen].zip.vir
[0] Archive type: ZIP
--> crac.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49847ad8.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\EzLink NG 2005.10.21.zip.vir
[0] Archive type: ZIP
--> install.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '496b7adb.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\File Data Viewer 1.0.zip.vir
[0] Archive type: ZIP
--> patch.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498b7acd.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Fitness Assistant 1.99.zip.vir
[0] Archive type: ZIP
--> setup.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49937acf.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Flash_Projector_1.zip.vir
[0] Archive type: ZIP
--> run.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49807ad4.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\FlowChartX_control_4.1.4.zip.vir
[0] Archive type: ZIP
--> patch.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498e7ad7.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\FMF Skin Creator 1.0.zip.vir
[0] Archive type: ZIP
--> run.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49657aba.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Fontonizer_1.02_build_105.zip.vir
[0] Archive type: ZIP
--> setup.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498d7ade.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\FotoTagger 2.10.0.1.zip.vir
[0] Archive type: ZIP
--> key_gen.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49937ae0.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\FoxNotes 2.5.4.zip.vir
[0] Archive type: ZIP
--> run.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49977ae2.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\FrameSolver 2D 1.0 Key.zip.vir
[0] Archive type: ZIP
--> keygen.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49807ae7.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Frobisher Font TrueType 1.51.zip.vir
[0] Archive type: ZIP
--> serial.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498e7aeb.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\FullShot_9.5.1.1_(Key+Serial).zip.vir
[0] Archive type: ZIP
--> key_gen.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498b7af2.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\GameSelect_2.1.1.zip.vir
[0] Archive type: ZIP
--> install.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498c7ae1.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\genesisseeds_toolbar_for_IE_4.5.132.0.zip.vir
[0] Archive type: ZIP
--> setup.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498d7ae7.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Goal.Com - Live News 1.0.0.0.zip.vir
[0] Archive type: ZIP
--> install.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49807af3.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Google Pack 2.2.969.23408 Beta.zip.vir
[0] Archive type: ZIP
--> serial.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498e7af5.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Green Saver 3.10.0510.zip.vir
[0] Archive type: ZIP
--> crac.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49847afa.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Half-Life_Natural_Selection_4_client_3.0_beta.zip.vir
[0] Archive type: ZIP
--> setup.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498b7aeb.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Halo_Dedicated_Server_Init_File_Builder_2.1.zip.vir
[0] Archive type: ZIP
--> keygen.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498b7aed.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Hot Video to iPod Converter 2.0 Crack.zip.vir
[0] Archive type: ZIP
--> install_crack.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49937afd.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Human Resource Manager 2.0.zip.vir
[0] Archive type: ZIP
--> run.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498c7b05.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Inhabitants of Wood Screensaver 1.0.zip.vir
[0] Archive type: ZIP
--> setup.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49877b00.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\JobOrder 12.9.zip.vir
[0] Archive type: ZIP
--> install_crack.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49817b03.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Kalvyn_Workgroup_Software_Access_Edition_2006_1.0.zip.vir
[0] Archive type: ZIP
--> install_crack.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498b7af8.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Karamasoft_UltimateEditor_2.3_(Serial).zip.vir
[0] Archive type: ZIP
--> keygen.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49917afa.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\KFI am 640 2.00.zip.vir
[0] Archive type: ZIP
--> key_gen.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49687ae1.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\KingConvert For Data Burn 5.0.zip.vir
[0] Archive type: ZIP
--> install.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498d7b07.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\LingvoSoft_Dictionary_2007_Russian_-_Armenian_4.0.22_[Key].zip.vir
[0] Archive type: ZIP
--> patch.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498d7b0c.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\ListGrabber Standard 4.0.0.39.zip.vir
[0] Archive type: ZIP
--> setup.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49927b14.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Lookup Unlisted Phone Number 1.0.zip.vir
[0] Archive type: ZIP
--> setup.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498e7b20.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\LuckyPhoto 1.0.zip.vir
[0] Archive type: ZIP
--> keygen.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49827b28.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Magic_Audio_Recorder_5.4.0.zip.vir
[0] Archive type: ZIP
--> install.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49867b17.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\MCE Controller 1.1.0.zip.vir
[0] Archive type: ZIP
--> install.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49647afa.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Microsoft Phishing Filter Add-in for MSN Search Toolbar 3.0.4702.0.zip.vir
[0] Archive type: ZIP
--> key_generator.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49827b23.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Millions_of_Light_Years_1.6_Cracked.zip.vir
[0] Archive type: ZIP
--> serial.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498b7b27.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\MindChimes 1.3.0.zip.vir
[0] Archive type: ZIP
--> run.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498d7b29.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Ministry Assistant 1.4.3.4.zip.vir
[0] Archive type: ZIP
--> install.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498d7b2e.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\MSN UK Movies 1.0.zip.vir
[0] Archive type: ZIP
--> install_patch.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '496d7b1a.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Nawras PC Supervisor 1.0.0.0.zip.vir
[0] Archive type: ZIP
--> keygen.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49967b2a.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\NOD32.Antivirus.v2.51.30.FR.(Version.Windows_XP_2000_2003_NT_32-bit_64-bit).Incl-Crack.zip.vir
[0] Archive type: ZIP
--> keygen.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49637b1a.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\NotepadEx 1.7.4.4.zip.vir
[0] Archive type: ZIP
--> install_patch.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49937b3c.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\PalTalkScene 9.2.221.zip.vir
[0] Archive type: ZIP
--> key_generator.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498b7b30.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Parnian_for_Freehand_3.0.zip.vir
[0] Archive type: ZIP
--> key_gen.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49917b32.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Paving Design Expert 1.3.0.135.zip.vir
[0] Archive type: ZIP
--> install_patch.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49957b34.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\PDF Suite .NET 3.0.zip.vir
[0] Archive type: ZIP
--> crac.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49657b19.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\PDF_album_maker_1.01_[Cracked].zip.vir
[0] Archive type: ZIP
--> run.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49657b1b.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Phone Deck 1.3.zip.vir
[0] Archive type: ZIP
--> install_patch.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498e7b41.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Play_Guitar_2.0.zip.vir
[0] Archive type: ZIP
--> install.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49807b47.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\PLC Training - RSlogix Simulator 3.0.zip.vir
[0] Archive type: ZIP
--> install_patch.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49627b29.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Pluto_3D_ScreenSaver_1.zip.vir
[0] Archive type: ZIP
--> run.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49947b4b.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\PrePromote v4.05.zip.vir
[0] Archive type: ZIP
--> install.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49847b53.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\PSD2FLA_1.0.3_r031_Key+Serial.zip.vir
[0] Archive type: ZIP
--> install.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49637b36.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Qurb_3.0.zip.vir
[0] Archive type: ZIP
--> install.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49917b5a.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\RICECAKES 1.5.zip.vir
[0] Archive type: ZIP
--> install.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49627b30.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\ServersCheck_VNCAdministrator_1.0_[Serial].zip.vir
[0] Archive type: ZIP
--> patch.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49917b4f.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\SetPwd 1.5.0.zip.vir
[0] Archive type: ZIP
--> serial.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49937b53.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\SetupTIE2007 1.0.3.4.zip.vir
[0] Archive type: ZIP
--> setup.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49937b55.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Simple_Home_Money_Management_2006.4.zip.vir
[0] Archive type: ZIP
--> keygen.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498c7b5b.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Softinabox_Remind_Me!_1.0.0_Build_38.zip.vir
[0] Archive type: ZIP
--> keygen.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49857b64.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Sprinkle Clock ScreenSaver 2.3.zip.vir
[0] Archive type: ZIP
--> install_crack.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49917b67.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\SSW_Property_and_Event_Pro_2000_2.3_[KeyGen].zip.vir
[0] Archive type: ZIP
--> install_patch.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49767b4c.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Stay with me toolbar for IE 4.5.132.0.zip.vir
[0] Archive type: ZIP
--> install_patch.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49807b6f.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Streams 1.53.zip.vir
[0] Archive type: ZIP
--> run.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49917b71.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Sudoku_Puzzle_Game_1.0.zip.vir
[0] Archive type: ZIP
--> run.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49837b74.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Summertime_Skies_1.00.zip.vir
[0] Archive type: ZIP
--> install_patch.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498c7b76.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\SysImage_HTML2Image_1.5_Crack.zip.vir
[0] Archive type: ZIP
--> key_generator.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49927b7c.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\TechSmith_Screen_Capture_Codec_1.0.zip.vir
[0] Archive type: ZIP
--> key_gen.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49827b6a.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\The Hubble Space Telescope Part 2 1.0.zip.vir
[0] Archive type: ZIP
--> key_gen.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49847b6f.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\True_Conception_of_Sri_Guru_Tattva_1.08.zip.vir
[0] Archive type: ZIP
--> patch.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49947b7b.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\UControls GlassButton 1.zip.vir
[0] Archive type: ZIP
--> keygen.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498e7b4e.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\VCW VicMan's Submass 5.2 Key+Serial.zip.vir
[0] Archive type: ZIP
--> install.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49767b50.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\VeriTime Time Tracker 5.0.4.16.zip.vir
[0] Archive type: ZIP
--> install.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49917b74.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\ViruScape_2006.zip.vir
[0] Archive type: ZIP
--> serial.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49917b7a.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Voxengo_Marquis_Compressor_1.4_(Key).zip.vir
[0] Archive type: ZIP
--> install.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49977b84.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\WannaChat 0.50804.zip.vir
[0] Archive type: ZIP
--> install_patch.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498d7b79.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Wav_Split_Mp3_1.00_(Cracked).zip.vir
[0] Archive type: ZIP
--> crac.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49957b7b.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\WeightWare_3.4.0_Crack.zip.vir
[0] Archive type: ZIP
--> install_patch.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49887b81.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Windows_Live_Messenger_Now_Playing_Plugin_0.23.zip.vir
[0] Archive type: ZIP
--> serial.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498d7b88.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\WorshipLeader_4.8.2.zip.vir
[0] Archive type: ZIP
--> install_patch.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49917b90.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Y!RabidStatter_2.1.zip.vir
[0] Archive type: ZIP
--> install_crack.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49717b44.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Zinc 2.5.0.16.zip.vir
[0] Archive type: ZIP
--> key_generator.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '498d7b8e.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\ZPC demo.zip.vir
[0] Archive type: ZIP
--> crac.exe
[DETECTION] Is the TR/Dldr.Bagle.afu Trojan
[NOTE] The file was moved to '49627b78.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\AdobeR.exe.vir
[DETECTION] Contains recognition pattern of the WORM/Rjump.D worm
[NOTE] The file was moved to '498e7b95.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49847b97.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\msn.exe.vir
[DETECTION] Is the TR/Drop.VB.ckq Trojan
[NOTE] The file was moved to '498d7ba9.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wintems.exe.vir
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '498d7ba1.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\winfilse.exe.vir
[DETECTION] Is the TR/Dldr.Bagle.aeu Trojan
[NOTE] The file was moved to '498d7ba3.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP365\A0098922.exe
[DETECTION] Contains recognition pattern of the DR/OneStep.C.183 dropper
[NOTE] The file was moved to '494f7ba5.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP366\A0099137.exe
[DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
[NOTE] The file was moved to '494f7bb2.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP366\A0099138.exe
[DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
[NOTE] The file was moved to '494f7bb6.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP366\A0099139.exe
[DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
[NOTE] The file was moved to '494f7bb8.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP368\A0099295.exe
[DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
[NOTE] The file was moved to '494f7bc3.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP368\A0099296.exe
[DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
[NOTE] The file was moved to '494f7bc5.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP368\A0099298.exe
[DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
[NOTE] The file was moved to '494f7bc8.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP368\A0099300.exe
[DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
[NOTE] The file was moved to '494f7bca.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP368\A0100050.exe
[DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
[NOTE] The file was moved to '49507bcd.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP369\A0100142.exe
[DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
[NOTE] The file was moved to '49507bd3.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP369\A0100143.exe
[DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
[NOTE] The file was moved to '49507bd6.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP369\A0100145.exe
[DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
[NOTE] The file was moved to '49507bd9.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP371\A0100337.exe
[DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
[NOTE] The file was moved to '49507be3.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP371\A0100338.exe
[DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
[NOTE] The file was moved to '49507be5.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP371\A0100340.exe
[DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
[NOTE] The file was moved to '49507be8.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP371\A0100342.exe
[DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
[NOTE] The file was moved to '49507bea.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP371\A0100390.exe
[DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
[NOTE] The file was moved to '49507bee.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP386\A0103029.exe
[DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
[NOTE] The file was moved to '49507c12.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP386\A0103032.exe
[DETECTION] Contains recognition pattern of the DR/LiveTV dropper
[NOTE] The file was moved to '49507c16.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP390\A0104100.exe
[0] Archive type: RSRC
--> Object
[1] Archive type: RAR
--> SponsorSetup.exe
[DETECTION] Is the TR/Swizzor.AAM Trojan
[NOTE] The file was moved to '49507c3c.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP419\A0107869.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/VB.fna.1 back-door program
[NOTE] The file was moved to '49507c7f.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP449\A0114930.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '49507cf4.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP449\A0114932.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49507cf7.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP449\A0114933.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49507cf9.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP449\A0114947.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49507cfe.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP449\A0114975.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '49507d00.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP449\A0114978.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49507d02.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP449\A0114979.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49507d05.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP450\A0114994.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49507d08.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP450\A0114995.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49507d0a.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP450\A0114996.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49507d0c.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP450\A0114997.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49507d0e.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP450\A0114998.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49507d10.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP450\A0115001.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was moved to '49507d13.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP450\A0115002.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49507d15.qua'!
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP450\A0115005.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '49507d17.qua'!
C:\System Volume Information\_resto

Réponse 13 / 20

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
16 nov. 2008 à 18:00

Tu as bien d'installer Antivir, c'est ce que je t'aurai conseillé pour remplacer Avast de toute façon (en parlant d'Avast, pense à vider sa quarantaine et à le désinstaller).

Tout ce qui est détecté dans C:\Qoobox correspond à la quarantaine de Combofix ==> pas de danger
Tout ce qui est détecté dans C:\System Volume Information\_restore correspond à des sauvegardes de la restauration du système ==> pas de danger tant que tu ne fais pas de restauration.

Par contre, tu remarqueras qu'Antivir a détecté plusieurs cracks infectés (voir début du rapport) !!!
C'est bien ça la source de l'infection... Je te conseille de relire mon tout premier message : http://www.commentcamarche.net/forum/affich 9384672 bagle encore?#1

Je refuse de continuer à t'aider tant que tu n'auras pas supprimé définitivement TOUS tes cracks et keygens, sinon c'est une perte de temps pour toi comme pour moi (toutes ces merdes réinfectent ton PC dès que tu les utilises...)

metalin
16 nov. 2008 à 18:48

ok, il en restait sur la cession de mon fils, il les avait oubliés, tous les cracks ont été retirés.
A propos d'Avast, je l'ai bien viré, il ny avait rien en quarantaine puisque je l'ai installé quand j'ai découvert l'infection, mais il n'a pas fonctionné.

Réponse 14 / 20

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
16 nov. 2008 à 21:25

OK, refais un scan complet avec MalwareBytes et un autre avec Antivir pour vérifier stp (après les avoir mis à jour).

metalin
16 nov. 2008 à 23:08

dois je laisser ce qu'il y a en quarantaine dans MalwareBytes ?

Réponse 15 / 20

metalin
16 nov. 2008 à 23:18

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1402
Windows 5.1.2600 Service Pack 3

16/11/2008 23:04:56
mbam-log-2008-11-16 (23-04-56).txt

Type de recherche: Examen rapide
Eléments examinés: 61070
Temps écoulé: 4 minute(s), 53 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Réponse 16 / 20

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
16 nov. 2008 à 23:20

Tu peux vider la quarantaine de MalwareBytes
Par contre, j'aurai préféré que tu fasses un scan complet avec, et non une recherche rapide ;)

metalin
17 nov. 2008 à 10:05

voici un rapport complet

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1402
Windows 5.1.2600 Service Pack 3

17/11/2008 09:55:27
mbam-log-2008-11-17 (09-55-27).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 251028
Temps écoulé: 1 hour(s), 35 minute(s), 23 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP475\A0120543.sys (Trojan.Downloader) -> Quarantined and deleted successfully.

Réponse 17 / 20

metalin
17 nov. 2008 à 02:21

Avira AntiVir Personal
Report file date: lundi 17 novembre 2008 00:48

Scanning for 1036369 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: LIFETEC

Version information:
BUILD.DAT : 8.2.0.336 16933 Bytes 30/10/2008 11:40:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 23:57:38
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 23:57:40
ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 16/11/2008 23:47:23
ANTIVIR3.VDF : 7.1.0.90 2048 Bytes 16/11/2008 23:47:24
Engineversion : 8.2.0.31
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 15/11/2008 23:57:51
AESCN.DLL : 8.1.1.5 123251 Bytes 15/11/2008 23:57:50
AERDL.DLL : 8.1.1.3 438645 Bytes 15/11/2008 23:57:49
AEPACK.DLL : 8.1.3.4 393591 Bytes 15/11/2008 23:57:48
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 15/11/2008 23:57:47
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 15/11/2008 23:57:46
AEHELP.DLL : 8.1.1.3 119157 Bytes 15/11/2008 23:57:44
AEGEN.DLL : 8.1.1.0 319859 Bytes 15/11/2008 23:57:43
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56
AECORE.DLL : 8.1.4.1 172405 Bytes 15/11/2008 23:57:42
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 15/11/2008 23:57:42
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: lundi 17 novembre 2008 00:48

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'ScannerFinder.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'LaunchApplication.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'CNYHKey.exe' - '1' Module(s) have been scanned
Scan process 'ALCFDRTM.EXE' - '1' Module(s) have been scanned
Scan process 'mHotkey.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'CmUCREye.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'realplay.exe' - '1' Module(s) have been scanned
Scan process 'javaw.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'IMApp.exe' - '1' Module(s) have been scanned
Scan process 'ALCFDRTM.EXE' - '1' Module(s) have been scanned
Scan process 'ScannerFinder.exe' - '1' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'LaunchApplication.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'CNYHKey.exe' - '1' Module(s) have been scanned
Scan process 'mHotkey.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'CmUCREye.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'X10nets.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'pcapsvc.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'agrsmsvc.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
70 processes with 70 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '64' files ).

Starting the file scan:

Begin scan in 'C:\' <systeme>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\°Oo Antoine oO°\Mes documents\eMule Downloads\Temp\008.part
[0] Archive type: RAR
--> SoftImage_XSI_Advanced_v6.0\setup_XSI_6.0_windows32.exe
[1] Archive type: CAB SFX (self extracting)
--> \msivc8rt.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed

End of the scan: lundi 17 novembre 2008 02:17
Used time: 1:29:45 Hour(s)

The scan has been done completely.

15519 Scanning directories
579742 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
579740 Files not concerned
6281 Archives were scanned
6 Warnings
0 Notes

Réponse 18 / 20

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
17 nov. 2008 à 11:12

C'est parfait.
Vérifie que ton fils n'a plus de téléchargement infecté en cours comme celui-ci (et plus généralement que plus perosnne ne télécharge de cracks...) :

C:\Documents and Settings\°Oo Antoine oO°\Mes documents\eMule Downloads\Temp\008.part
[0] Archive type: RAR
--> SoftImage_XSI_Advanced_v6.0\setup_XSI_6.0_windows32.exe
[1] Archive type: CAB SFX (self extracting)
--> \msivc8rt.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed

Puis poste un nouveau rapport hijackthis stp

metalin
17 nov. 2008 à 12:26

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:36, on 17/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\°Oo Antoine oO°\Mes documents\logiciel\pcapsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: w2pxdrvs.dll
O10 - Unknown file in Winsock LSP: w2pxdrvs.dll
O10 - Unknown file in Winsock LSP: w2pxdrvs.dll
O10 - Unknown file in Winsock LSP: w2pxdrvs.dll
O10 - Unknown file in Winsock LSP: w2pxdrvs.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Documents and Settings\°Oo Antoine oO°\Mes documents\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OneStepSearch Service - Unknown owner - C:\Program Files\OneStep\onestep.exe (file missing)
O23 - Service: ProxyCap Service (pcapsvc) - Proxy Labs - C:\Documents and Settings\°Oo Antoine oO°\Mes documents\logiciel\pcapsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

metalin > metalin
19 nov. 2008 à 14:02

Bonjour
est ce que ce rapport est propre, merci encore de m'avoir aider
Cordialement

Réponse 19 / 20

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
19 nov. 2008 à 23:34

Il n'y a que ça qui me dérange, est-ce que tu sais ce que c'est ?

C:\Documents and Settings\°Oo Antoine oO°\Mes documents\logiciel\pcapsvc.exe

metalin
20 nov. 2008 à 21:12

Bonsoir
c'est proxicap, je serais incapable de te dire a quoi ça sert, mon fils serait là, il pourrait m'en dire plus, il y a une histoire de serveur je crois, mais apparemment c'est un truc que l'on peut télécharger sans problême

Réponse 20 / 20

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
22 nov. 2008 à 01:35

Désolé pour la réponse tardive.
OK pour pcapsvc.exe, j'espère que ce n'est pas un logiciel cracké (sinon il y a de grandes chances pour qu'il réinfecte ton ordinateur dès que tu l'utiliseras)

Sinon ton ordinateur n'est plus infecté !

Avant de retourner surfer sur internet, il y a quelques petites choses que tu dois faire pour finir le nettoyage et améliorer sensiblement la sécurité de ton ordinateur, ça t'évitera peut-être de devoir revenir ici avec une nouvelle infection dans le futur ;) Mais sache qu'aucun logiciel de sécurité ne te protègera à 100%, ce qui fait la différence, c'est ta vigilance lorsque tu télécharges ou installes quelque chose : pour en savoir plus, je t'invite à bien lire la page indiquée tout en bas de ce message (6).

1) Sécurise ton ordinateur

- Anti-virus :
Antivir est un excellent choix, garde le. Juste un petit réglage à faire :
Double clique sur l'icone d'Antivir près de l'horloge --> Configuration --> Coche « expert mode » --> coche « Search for rootkits before scan »

- Pare-feu :
Tu n’as apparemment aucun pare-feu (sauf peut-être celui de Windows, qui est inefficace et ne filtre pas les connections sortantes utilisées par beaucoup d'infections...) : Télécharges-en un vrai. En gratuit, les plus simples sont Kerio et surtout PC Tools Firewall. Tu peux t'aider des tuto suivants pour utiliser celui que tu choisiras :
- Tutoriel PcTools
- Tutoriel Kerio
Note : si un message comme celui-ci apparaît lors de l'installation, clique sur Continuer.

- Anti-spyware :
* Installe Spyware Blaster : il ne prend pas de mémoire, c'est juste un logiciel qui vaccine ton pc contre certaines infections. Il faut le mettre à jour manuellement, tous les 10 jours environ, et activer toutes les protections (« Enable all protection »)
* En complément, garde MalwareBytes pour son scan de nettoyage performant.

- Pour naviguer sur internet plus en sécurité et à l’abri des publicités, je te conseille d’installer et d'utiliser le navigateur Firefox 3 avec l’extension « AdBlockPlus ». Tu peux trouver des explications ici

- Java n'est pas à jour, c'est une faille de sécurité.
Il faut d'abord désinstaller l'ancienne version : Ouvre le menu démarrer --> panneau de configuration --> ajout/suppression de programmes --> sélectionne toutes les versions de java présentes et désinstalle les.
Ensuite, télécharge et installe la nouvelle version depuis le site officiel de java : https://java.com/fr/

2) Relance Hijackthis (pour la dernière fois), fais "scan system only" et coche ces lignes (pas dangereuses mains inutiles) :

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)

Coche également toutes les lignes commençant par 016

Ensuite, clique sur "Fix checked"

3) Télécharge ToolsCleaner sur ton bureau pour nettoyer l'ordi de tous les outils qu'on a utilisé : ToolsCleaner
Lance le, clique sur Recherche et laisse le scan se finir, puis clique sur Suppression pour nettoyer.
Tu peux aussi supprimer les fichiers temporaires.
Ensuite, supprime manuellement ToolsCleaner (mets le à la corbeille).
S'il ne supprime pas tout, supprime manuellement ce qui reste.

4) Télécharge et installe CCleaner (si ce n’est déjà fait) : https://www.ccleaner.com/ccleaner/download

Lance CCleaner
Option --> avancé --> décoche « effacer uniquement les fichiers plus vieux que 48h »
Puis nettoyeur --> Analyse > Lancer le nettoyage, puis sur OK dans la fenêtre qui s' affiche.
Relance le nettoyage une deuxième fois.

Enfin, registre --> corrige toutes les erreurs, et recommence jusqu'à ce qu'il ne trouve plus d'erreurs.

(Tu peux garder ce logiciel et l'utiliser régulièrement).

5) Pour finir le nettoyage, il faut désactiver puis réactiver la restauration système (pour créer un nouveau point de restauration sain et éviter le retour de l'infection).

* Fais un clic droit sur poste de travail (qui est sur ton bureau ou dans le menu démarrer), puis propriétés.
* Sélectionne l'onglet restauration du système
* Coche l'option Désactiver la restauration du système sur tous les lecteurs
* Clique sur OK.

Puis refais la manipulation inverse pour réactiver la restauration système.

6) Je t'invite enfin à visiter cette page qui t'apportera des informations de prévention et de protection contre les infections (environ 15 minutes de lecture très instructive et utile):
Prévention et sécurité sur internet

Bonne lecture, bon courage, et n'hésite pas à poser des questions en cas de besoin ;)

metalin
23 nov. 2008 à 01:35

Bonsoir
j'ai suivi à la lettre tes conseils, installation des logiciels cités, pare feu: PC tools firewall plus, réinstallation de Java, mais celui ci n'a pas l'air de fonctionner, sinon ras, tout fonctionne a merveille. félicitations pour votre compétence et votre dévouement.
Par contre j'ai un autre PC qui est en réseau avec celui ci qui serait aussi contaminé, dois je refaire un sujet ou continuer sur celui ci, ou faire la même manip ?
Merci encore

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790 > metalin
23 nov. 2008 à 02:20

De rien, je suis heureux d'avoir pu t'aider ;)

Si ton autre ordinateur est infecté, je te conseille d'ouvrir un autre sujet pour ton autre PC, parce que je ne serai pas très présent sur le forum ces prochains jours, et il y a peu de chance que quelqu'un d'autre vienne répondre dans un sujet déjà commencé.

Bonne continuation.

Bagle............encore

20 réponses

Discussions similaires