Bagle............encore

metalin -  
anthony5151 Messages postés 10927 Statut Contributeur sécurité -
Bonjour,
moi aussi, je serais infecté par çe virus, puis je suivre la méthode precedemment cité ou y a t'il un cas particulier pour chaque remède? je joints un rapport ELIBAGLA , et à l'avance je vous remercie pour votre aide.
Cordialement

Wed Nov 12 14:02:31 2008
EliBagle v11.95 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Nov 12 14:03:13 2008
EliBagle v11.95 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Program Files\Fichiers communs\Adobe\Updater5\ADOBEUPDATER.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 15854
Nº Total de Ficheros: 198993
Nº de Ficheros Analizados: 19471
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
Configuration: Windows XP
Internet Explorer 7.0

20 réponses

Résumé de la discussion

Une infestation par Bagle est signalée et la question porte sur l'applicabilité d'une méthode antérieure, avec un rapport ELIBAGLA joint et une demande quant à l'éventuelle spécificité des remèdes selon les cas. Des interventions pratiques convergent: désinstaller EliBagle puis relancer FindyKill en sélectionnant l’option Suppression, avec deux redémarrages et publication du rapport FindyKill.txt, et d'autres recommandent ensuite ComboFix ou la réinstallation des outils et un nouveau scan. En parallèle, les comptes-rendus de scanners antivirus mentionnent des analyses sous Avira et les rapports fournis, mais plusieurs contributeurs insistent sur la poursuite des procédures de désinfection jusqu’au bout, même lorsque les symptômes disparaissent.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. totobetourne Messages postés 5677 Statut Membre 65
     
    comme antony n est peut etre pas la.on peu pour l instant continuer.

    1)desinstalle elibagla.

    2)Réouvre FindyKill , choisi cette fois ci l option 2 (Suppression)

    /!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage terminé"

    -------> ensuite post le rapport FindyKill.txt

    Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
    1
    1. metalin
       
      ok, j'éxécute
      0
    2. metalin
       
      voila le rapport, par contre il n'y a pas eu de redémarrage, est ce normal ?


      ----------------- FindyKill V4.500 ------------------

      * User : øOo PapOuneT oOø - LIFETEC
      * Emplacement : C:\Program Files\FindyKill
      * Outils Mis a jours le 12/11/08 par Chiquitine29
      * Suppression effectuée à 16:19:11 le 12/11/2008
      * Windows XP - Internet Explorer 7.0.5730.13


      ((((((((((((((( *** Suppression *** ))))))))))))))))))


      --------------- [ Processus actifs ] ----------------


      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\agrsmsvc.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\OneStep\onestep.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      C:\WINDOWS\system32\SearchIndexer.exe
      C:\Program Files\OneStep\onestep.exe
      C:\WINDOWS\system32\CmUCReye.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\mHotkey.exe
      C:\WINDOWS\CNYHKey.exe
      C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
      C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
      C:\WINDOWS\AdobeR.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\ScanWizard 5\ScannerFinder.exe
      C:\PROGRA~1\INCRED~1\bin\IMApp.exe
      C:\WINDOWS\ALCFDRTM.EXE
      C:\PROGRA~1\INCRED~1\bin\ImNotfy.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\Program Files\OneStep\onestep.exe
      C:\WINDOWS\system32\CmUCReye.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\mHotkey.exe
      C:\WINDOWS\CNYHKey.exe
      C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
      C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
      C:\WINDOWS\AdobeR.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\RocketDock\RocketDock.exe
      C:\Program Files\ScanWizard 5\ScannerFinder.exe
      C:\WINDOWS\ALCFDRTM.EXE
      C:\WINDOWS\system32\SearchProtocolHost.exe
      C:\WINDOWS\system32\SearchFilterHost.exe

      --------------- [ Fichiers / Dossiers infectieux ] ----------------


      »»»» Supression des fichiers dans C:

      Deleted ! - C:\InfoSat.txt

      »»»» Supression des fichiers dans C:\WINDOWS


      »»»» Supression des fichiers dans C:\WINDOWS\Prefetch

      Deleted ! - C:\WINDOWS\prefetch\107671.EXE-0A142F37.pf
      Deleted ! - C:\WINDOWS\prefetch\138921.EXE-2C79F83E.pf
      Deleted ! - C:\WINDOWS\prefetch\140937.EXE-15AEFE0D.pf
      Deleted ! - C:\WINDOWS\prefetch\15942859.EXE-20D79E66.pf
      Deleted ! - C:\WINDOWS\prefetch\15966968.EXE-2868EE56.pf
      Deleted ! - C:\WINDOWS\prefetch\15970390.EXE-0E17255B.pf
      Deleted ! - C:\WINDOWS\prefetch\CNYHKEY.EXE-3024E8B1.pf
      Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-1F20B197.pf
      Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
      Deleted ! - C:\WINDOWS\prefetch\MHOTKEY.EXE-28F476F7.pf
      Deleted ! - C:\WINDOWS\prefetch\WINFILSE.EXE-17C2CF68.pf
      Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf

      »»»» Supression des fichiers dans C:\WINDOWS\system32

      Not deleted !! - C:\WINDOWS\system32\mdelk.exe
      Not deleted !! - C:\WINDOWS\system32\wintems.exe
      Deleted ! - C:\WINDOWS\system32\ban_list.txt

      »»»» Supression des fichiers dans C:\WINDOWS\system32\drivers

      Not deleted !! - C:\WINDOWS\system32\drivers\srosa.sys
      Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys
      Not deleted !! - C:\WINDOWS\system32\drivers\winfilse.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\100324281.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\100329453.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\100330218.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\100354718.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\100357796.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\100374609.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\100392031.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\100394171.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\100517000.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\100521546.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\100530656.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\100536140.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\107671.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\114988531.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\114989328.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\114997421.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\114998218.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\115042203.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\115059125.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\115061109.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\115187750.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\115192125.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\115208625.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\115216859.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\116218.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\117406.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\120859.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\122171.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\122234.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\123031.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\125875.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\127187.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\12950109.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\12957796.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\12958687.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\12979500.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\13000515.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\13030906.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\13250687.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\13285765.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\13311109.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\133625.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\134500.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\137828.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\138625.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\138921.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\140937.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\143250.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\145093.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\145812.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\147328.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\14807484.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\14808546.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\14826000.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\14847437.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\14864390.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\14866281.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\14953718.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15002093.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15008750.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15010734.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15021625.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15022578.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15048015.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15067968.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15086156.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15088703.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15125015.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15159843.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15161640.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15164656.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15210531.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15241578.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15252500.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15265828.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15269406.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15276515.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15298875.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15311484.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15336265.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15345250.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15402500.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15430531.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15447234.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15475593.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15506906.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15507453.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15516203.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\155171.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15545875.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\1557468.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\1558593.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\1568828.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\1571515.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15755046.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15795937.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15805109.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\158484.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\1592296.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15942859.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15948781.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15949984.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15966968.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15970390.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\15988000.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\16010796.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\1613187.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\161671.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\161687.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\16171859.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\16181968.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\164656.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\16505812.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\16511015.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\16511859.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\16519265.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\16542218.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\16578312.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\166406.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\16657109.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\16703562.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\16710921.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\16712765.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\167156.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\167687.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\169406.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\1780781.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\1784171.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\1784875.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\179703.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\1809468.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\1810187.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\1813875.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\1816562.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\1850484.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\185187.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\1887234.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\189656.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\193578.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\1966500.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\198203.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\198281.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\201312.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\203671.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\203921.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\205359.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\2059765.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\206437.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\2066093.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\2067093.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\216890.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\217265.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\218921.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\221015.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\224937.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\227937.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\228984.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\229906.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\230140.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\232734.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\234625.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\237375.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\241500.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\250750.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\259265.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\267625.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\269468.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\271734.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\27406171.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\27407500.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\27452296.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\27477656.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\27496093.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\27598203.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\27646234.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\27653640.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\27655031.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\277312.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\279671.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\285421.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\29466578.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\29488218.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\29493781.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\29519328.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\29548312.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\29569531.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\29578640.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\29680468.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\29720484.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\29721296.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\29726750.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\29732968.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\29736421.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\29759468.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\29777500.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\29780765.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\29923750.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\29933125.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\29947031.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\299828.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\30026734.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\30081453.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\30087609.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\30149625.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\30162796.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\30190453.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\30216515.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\30229625.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\30416109.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\30516656.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\30559984.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\31152125.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\31156953.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\31157656.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\31182593.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\31201546.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\31219296.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\31221609.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\31306328.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\31359109.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\31366937.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\31368203.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\313890.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\321593.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\321937.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\322625.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\322828.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\330312.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\331906.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\333140.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\336890.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\339234.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\342046.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\342609.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\345671.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\352140.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\353203.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\356187.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\360015.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\363140.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\370843.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\379000.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\379828.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\380203.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\384890.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\392375.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\407000.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\412296.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\412359.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\413765.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\420609.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\427125.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\432000.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\441812.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\44190015.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\44191046.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\44237031.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\44254828.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\44256906.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\44336093.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\44384625.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\44391406.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\44392578.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\449453.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\45056265.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\451656.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\462109.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\462609.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\464843.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\478171.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\478937.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\489515.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\491937.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\494984.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\507750.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\514265.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\515328.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\516031.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\523531.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\524734.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\532984.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\546390.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\548421.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\550125.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\567781.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\608609.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\626875.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\645546.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\649578.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\654265.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\672375.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\679765.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\698156.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\704812.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\705828.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\85611968.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\85622140.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\85622828.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\85643812.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\85646843.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\85663921.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\85681875.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\85684250.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\85813906.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\85818421.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\85850812.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\85859250.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\8686953.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\8696562.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\8697859.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\8716500.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\8720218.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\8739218.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\8775531.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\8928515.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\8941656.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\8950500.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\9347859.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\9375015.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\9375796.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\9389421.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\9395125.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\9413281.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\9431203.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\9433578.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\9609125.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\9614375.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\9635984.exe
      Deleted ! - C:\WINDOWS\system32\drivers\downld\9644828.exe
      Deleted ! - "C:\WINDOWS\system32\drivers\downld"

      »»»» Supression des fichiers dans C:\Documents and Settings\øOo PapOuneT oOø\Application Data


      »»»» Supression des fichiers dans C:\DOCUME~1\OOPAPO~1\LOCALS~1\Temp


      »»»» Supression des fichiers dans C:\Documents and Settings\øOo PapOuneT oOø\Local Settings\Temporary Internet Files\Content.IE5


      --------------- [ Registre / Clés infectieuses ] ----------------

      Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
      Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
      Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
      Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
      Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA

      --------------- [ Etat / Redémarage des services ] ----------------

      +- Mode sans echec restauré !

      +- Affichage des fichiers cachés réparé !



      +- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

      Ndisuio - Type de démarrage = 3

      EapHost - Type de démarrage = 2

      Ip6Fw - Type de démarrage = 2

      SharedAccess - Type de démarrage = 2

      wuauserv - Type de démarrage = 2

      wscsvc - Type de démarrage = 2


      --------------- [ Nettoyage des supports amovibles ] ----------------

      +- Informations :

      C: - Lecteur fixe


      +- Suppression des fichiers :


      --------------- [ Registre / Moutpoint2 ] ----------------

      Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{388f8f23-9ddc-11dd-b9df-0013d3b36f2f}\Shell\AutoRun\command
      Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{729c11e6-4508-11dd-906b-0013d3b36f2f}\Shell\AutoRun\command
      Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4f19fc6-c9c4-11dc-b1eb-0012bf4fa2de}\Shell\AutoRun\command
      Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4f19fc6-c9c4-11dc-b1eb-0012bf4fa2de}\Shell\explore\Command
      Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4f19fc6-c9c4-11dc-b1eb-0012bf4fa2de}\Shell\open\Command

      --------------- [ Recherche Cracks / Keygen ] ----------------



      ---------------- ! Fin du rapport ! ------------------
      0
  2. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Bonjour,

    Cette infection s'attrape par le téléchargement de cracks (ou par la simple visite d'un site de cracks). C'est un important vecteur d'infection : https://forum.malekal.com/viewtopic.php?f=33&t=893
    Supprime tous tes cracks et keygens pourris, sinon inutile de continuer la désinfection, ils réinfecteront ton ordinateur sans arrêt !

    Bagle se propage ensuite par disques amovibles (clés USB, disques durs externes, lecteurs mp3) ==> isole ton PC

    Télécharge FindyKill (de Chiquitine29)

    Fais un clic droit sur le lien --> enregistrer sous --> bureau
    ---> FindyKill

    --> Lance l'installation avec les paramètres par défaut

    --> Double clique sur le raccourci FindyKill sur ton bureau

    --> Au menu principal, choisis l'option 1 (Recherche)

    --> Poste le rapport C:/FindyKill.txt (il est sauvegardé à la racine du disque dur)

    0
    1. metalin
       
      merci pour ta réponse, voila le rapport Findy Kill
      ----------------- FindyKill V4.500 ------------------

      * User : øOo PapOuneT oOø - LIFETEC
      * Emplacement : C:\Program Files\FindyKill
      * Outils Mis a jours le 12/11/08 par Chiquitine29
      * Recherche effectuée à 15:39:12 le 12/11/2008
      * Windows XP - Internet Explorer 7.0.5730.13

      ((((((((((((((((( *** Recherche *** ))))))))))))))))))


      --------------- [ Processus actifs ] ----------------


      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\agrsmsvc.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\OneStep\onestep.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      C:\WINDOWS\system32\SearchIndexer.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\OneStep\onestep.exe
      C:\WINDOWS\system32\CmUCReye.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\mHotkey.exe
      C:\WINDOWS\CNYHKey.exe
      C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
      C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
      C:\WINDOWS\AdobeR.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\ScanWizard 5\ScannerFinder.exe
      C:\PROGRA~1\INCRED~1\bin\IMApp.exe
      C:\WINDOWS\ALCFDRTM.EXE
      C:\PROGRA~1\INCRED~1\bin\ImNotfy.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\OneStep\onestep.exe
      C:\WINDOWS\system32\CmUCReye.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\mHotkey.exe
      C:\WINDOWS\CNYHKey.exe
      C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
      C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
      C:\WINDOWS\AdobeR.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\RocketDock\RocketDock.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\ScanWizard 5\ScannerFinder.exe
      C:\WINDOWS\ALCFDRTM.EXE
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\WINDOWS\system32\SearchProtocolHost.exe
      C:\WINDOWS\system32\SearchFilterHost.exe

      --------------- [ Fichiers/Dossiers infectieux ] ----------------


      »»»» Presence des fichiers dans C:

      Found ! [12/11/2008 14:16] - C:\InfoSat.txt

      »»»» Presence des fichiers dans C:\WINDOWS


      »»»» Presence des fichiers dans C:\WINDOWS\Prefetch

      Found ! - C:\WINDOWS\prefetch\107671.EXE-0A142F37.pf
      Found ! - C:\WINDOWS\prefetch\138921.EXE-2C79F83E.pf
      Found ! - C:\WINDOWS\prefetch\140937.EXE-15AEFE0D.pf
      Found ! - C:\WINDOWS\prefetch\15942859.EXE-20D79E66.pf
      Found ! - C:\WINDOWS\prefetch\15966968.EXE-2868EE56.pf
      Found ! - C:\WINDOWS\prefetch\15970390.EXE-0E17255B.pf
      Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-1F20B197.pf
      Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
      Found ! - C:\WINDOWS\prefetch\WINFILSE.EXE-17C2CF68.pf
      Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
      Found ! - C:\WINDOWS\Prefetch\CNYHKEY.EXE-3024E8B1.pf
      Found ! - C:\WINDOWS\Prefetch\MHOTKEY.EXE-28F476F7.pf

      »»»» Presence des fichiers dans C:\WINDOWS\system32

      Found ! [12/11/2008 15:23] - C:\WINDOWS\system32\mdelk.exe
      Found ! [12/11/2008 15:23] - C:\WINDOWS\system32\wintems.exe
      Found ! [12/11/2008 15:23] - C:\WINDOWS\system32\ban_list.txt

      »»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

      Found ! [12/11/2008 15:22] - C:\WINDOWS\system32\drivers\srosa.sys
      Found ! [21/10/2006 07:04] - C:\WINDOWS\system32\drivers\winfilse.exe
      Found ! [12/11/2008 15:26] - "C:\WINDOWS\system32\drivers\downld"
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\100324281.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\100329453.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\100330218.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\100354718.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\100357796.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\100374609.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\100392031.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\100394171.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\100517000.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\100521546.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\100530656.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\100536140.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\107671.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\114988531.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\114989328.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\114997421.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\114998218.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\115042203.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\115059125.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\115061109.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\115187750.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\115192125.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\115208625.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\115216859.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\116218.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\117406.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\120859.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\122171.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\122234.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\123031.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\125875.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\127187.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\12950109.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\12957796.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\12958687.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\12979500.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\13000515.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\13030906.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\13250687.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\13285765.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\13311109.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\133625.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\134500.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\137828.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\138625.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\138921.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\140937.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\143250.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\145093.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\145812.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\147328.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\14807484.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\14808546.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\14826000.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\14847437.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\14864390.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\14866281.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\14953718.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15002093.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15008750.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15010734.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15021625.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15022578.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15048015.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15067968.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15086156.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15088703.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15125015.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15159843.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15161640.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15164656.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15210531.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15241578.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15252500.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15265828.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15269406.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15276515.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15298875.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15311484.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15336265.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15345250.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15402500.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15430531.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15447234.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15475593.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15506906.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15507453.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15516203.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\155171.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15545875.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1557468.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1558593.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1568828.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1571515.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15755046.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15795937.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15805109.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\158484.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1592296.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15942859.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15948781.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15949984.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15966968.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15970390.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\15988000.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\16010796.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1613187.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\161671.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\161687.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\16171859.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\16181968.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\164656.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\16505812.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\16511015.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\16511859.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\16519265.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\16542218.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\16578312.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\166406.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\16657109.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\16703562.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\16710921.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\16712765.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\167156.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\167687.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\169406.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1780781.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1784171.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1784875.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\179703.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1809468.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1810187.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1813875.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1816562.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1850484.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\185187.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1887234.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\189656.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\193578.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\1966500.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\198203.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\198281.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\201312.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\203671.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\203921.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\205359.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\2059765.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\206437.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\2066093.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\2067093.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\216890.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\217265.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\218921.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\221015.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\224937.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\227937.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\228984.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\229906.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\230140.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\232734.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\234625.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\237375.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\241500.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\250750.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\259265.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\267625.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\269468.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\271734.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\27406171.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\27407500.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\27452296.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\27477656.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\27496093.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\27598203.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\27646234.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\27653640.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\27655031.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\277312.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\279671.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\285421.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29466578.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29488218.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29493781.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29519328.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29548312.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29569531.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29578640.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29680468.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29720484.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29721296.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29726750.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29732968.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29736421.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29759468.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29777500.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29780765.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29923750.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29933125.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\29947031.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\299828.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\30026734.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\30081453.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\30087609.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\30149625.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\30162796.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\30190453.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\30216515.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\30229625.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\30416109.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\30516656.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\30559984.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\31152125.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\31156953.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\31157656.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\31182593.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\31201546.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\31219296.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\31221609.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\31306328.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\31359109.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\31366937.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\31368203.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\313890.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\321593.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\321937.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\322625.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\322828.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\330312.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\331906.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\333140.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\336890.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\339234.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\342046.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\342609.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\345671.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\352140.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\353203.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\356187.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\360015.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\363140.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\370843.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\379000.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\379828.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\380203.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\384890.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\392375.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\407000.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\412296.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\412359.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\413765.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\420609.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\427125.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\432000.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\441812.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\44190015.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\44191046.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\44237031.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\44254828.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\44256906.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\44336093.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\44384625.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\44391406.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\44392578.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\449453.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\45056265.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\451656.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\462109.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\462609.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\464843.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\478171.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\478937.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\489515.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\491937.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\494984.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\507750.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\514265.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\515328.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\516031.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\523531.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\524734.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\532984.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\546390.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\548421.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\550125.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\567781.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\608609.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\626875.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\645546.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\649578.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\654265.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\672375.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\679765.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\698156.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\704812.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\705828.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\85611968.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\85622140.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\85622828.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\85643812.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\85646843.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\85663921.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\85681875.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\85684250.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\85813906.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\85818421.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\85850812.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\85859250.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\8686953.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\8696562.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\8697859.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\8716500.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\8720218.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\8739218.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\8775531.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\8928515.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\8941656.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\8950500.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\9347859.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\9375015.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\9375796.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\9389421.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\9395125.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\9413281.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\9431203.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\9433578.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\9609125.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\9614375.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\9635984.exe
      Found ! [12/11/2008 15:26] C:\WINDOWS\system32\drivers\downld\9644828.exe

      »»»» Presence des fichiers dans C:\Documents and Settings\øOo PapOuneT oOø\Application Data


      »»»» Presence des fichiers dans C:\DOCUME~1\OOPAPO~1\LOCALS~1\Temp


      »»»» Presence des fichiers dans C:\Documents and Settings\øOo PapOuneT oOø\Local Settings\Temporary Internet Files\Content.IE5


      --------------- [ Registre / Startup ] ----------------


      ! REG.EXE VERSION 3.0

      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
      CmUCRRun REG_SZ C:\WINDOWS\system32\CmUCReye.exe
      RTHDCPL REG_SZ RTHDCPL.EXE
      Alcmtr REG_SZ ALCMTR.EXE
      NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      nwiz REG_SZ nwiz.exe /install
      CHotkey REG_SZ mHotkey.exe
      ledpointer REG_SZ CNYHKey.exe
      RemoteControl REG_SZ "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
      PCMService REG_SZ "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
      NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
      PCSuiteTrayApplication REG_SZ C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
      QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
      TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      RavAV REG_SZ C:\WINDOWS\AdobeR.exe
      msn REG_SZ C:\WINDOWS\system32\msn.exe
      NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

      ! REG.EXE VERSION 3.0

      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
      CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
      RocketDock REG_SZ "C:\Program Files\RocketDock\RocketDock.exe"
      msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

      --------------- [ Registre / Clés infectieuses ] ----------------


      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA

      --------------- [ Etat / Services ] ----------------

      Clé manquante : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden

      - des fichiers cachés non fonctionnel !!

      Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

      - sans echec non fonctionnel !!

      Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

      - sans echec non fonctionnel !!

      Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

      - sans echec non fonctionnel !!



      +- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

      /!\ Ndisuio - Type de démarrage = 4

      EapHost - Type de démarrage = 3

      /!\ Ip6Fw - Type de démarrage = 4

      /!\ SharedAccess - Type de démarrage = 4

      /!\ wuauserv - Type de démarrage = 4

      /!\ wscsvc - Type de démarrage = 4



      --------------- [ Recherche dans supports amovibles] ----------------


      +- Informations :

      C: - Lecteur fixe


      +- presence des fichiers :



      --------------- [ Registre / Mountpoint2 ] ----------------

      Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{388f8f23-9ddc-11dd-b9df-0013d3b36f2f}\Shell\AutoRun\command
      Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{729c11e6-4508-11dd-906b-0013d3b36f2f}\Shell\AutoRun\command
      Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4f19fc6-c9c4-11dc-b1eb-0012bf4fa2de}\Shell\AutoRun\command
      Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4f19fc6-c9c4-11dc-b1eb-0012bf4fa2de}\Shell\explore\Command
      Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4f19fc6-c9c4-11dc-b1eb-0012bf4fa2de}\Shell\open\Command


      ------------------- ! Fin du rapport ! --------------------
      0
  3. totobetourne Messages postés 5677 Statut Membre 65
     
    ok mais il faut enlever avant elibagla car possibilite de probleme de compatibilite entre elibagla et findykill.
    0
    1. metalin
       
      ok, j'avais pas vu ton post, je n'avaid pas désinstallé Elibagla, dois je refaire le test Findy Kill?
      0
  4. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Plusieurs fichiers infectés n'ont pas été effacés...

    Branche tous tes disques amovibles (clés USB, disques durs externes, lecteurs mp3, iPod...)

    Puis utilise Combofix : attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts... Fais exactement ce qui suit :

    Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
    Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    --------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
    !! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation : en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!

    ---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

    Tuto ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    ---------------------------------------------------------------------------------------------------------------------------------

    Ensuite :
    double-clique sur C-Fix.exe (= combofix.exe ) .

    Appuie sur une touche pour démarrer le scan .

    Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

    Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

    0
    1. metalin
       
      Re, est ce nécessaire de faire cette étape, car je n'ai qu'un appareil photo et téléphone que je branche de temps en temps
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Tu as un fichier sur ton ordinateur qui est caractéristique d'une infection de disque amovible (AdobeR), les brancher une fois suffit à les infecter.

    0
    1. metalin
       
      waouh! chaud comme manip......... combo me demanded'installer une console de récup windows que je n'aurais pas, est ce ok ? une connexion internet est indispensable, pas de souci ? je ne fais rien en attendant ta réponse, merci encore
      0
  7. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    La console de récupération n'est pas obligatoire, c'est seulement pour revenir en arrière en cas de problème.
    Si tu veux l'installer, suis le tuto que je t'ai donné. Sinon passe à la suite

    0
    1. metalin
       
      ComboFix 08-11-11.01 - °Oo PapOuneT oO° 2008-11-12 17:39:08.1 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.667 [GMT 1:00]
      * Un nouveau point de restauration a été créé

      [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\documents and settings\°Oo Antoine oO°\Application Data\m
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\data.oct
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\flec006.exe
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\list.oct
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\2X ApplicationServer 3.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\7tools_Partition_Manager_2005_6.02.01.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\A_Haunted_Halloween_ScreenSaver_1.00.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\abcAVI_Tag_Editor_1.8.1.129.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Advanced_Page_Rank_Analyzer_2.0_[Crack].zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\AJet_3.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\All_Stats_Hockey_Coach_6.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Altdo_Convert_MP3_Master_2.1.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Apple_FireWire_Drivers_2.5.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Asf_Seek_Maker_1.5_KeyGen.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\AtleX CPU Speed 1.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Autumn Leaves Fall Foliage Collection 2.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Avast.Pro.v4.7.871.Incl.Keymaker-CORE.czip.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Backup2Net_1.1.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\BatteryMon_2.1_Build_1000_Cracked.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Beautiful Britain winter screensaver 1.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Beyond_Media_1.0_Key.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\BFG_Chat_Client_1.17.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Bid-n-Invoice Basic Invoice 2.1.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Butterfly Jungle 3D Screensaver 1.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Car_Logbook_2.3.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Chronilist 5.9.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Claves.Bitdefender.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Copy+ 2.01.01.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\CryptoSystem Personal 1.2.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Custom Shapes Pack 12 'Torus' 1.0.0 Patch.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Data Export - DB22DBF 1.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\DB-HTML_Converter_PRO_1.4.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Demo Builder 6.00.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Desktop FLV Player 1.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Desktop Organizer & Arranger 1.1.7.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Digital Photo Fixer 2004.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Diskasizer 1.2.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Dmouse 1.0.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\DocsToBox 1.1.1 Build 195.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\DVDCommander_Free_2006_2.5.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Easy_Pocket_PC_Installer_1.21.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\EasyHex Hex Editor 1.13.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\EDIdEv_SEF_Reader_1.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\EMS_Data_Import_2005_for_MySQL_2.1.0.2.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Energize 2.0 Beta 2.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Enigma_0.92.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Ewido.antimalware.4.0.Beta.keygen.Serial.czip.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Extra DVD Ripper Express 4.52.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Eye_Candy_5_Impact_[KeyGen].zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\EzLink NG 2005.10.21.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\File Data Viewer 1.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Fitness Assistant 1.99.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Flash_Projector_1.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\FlowChartX_control_4.1.4.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\FMF Skin Creator 1.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Fontonizer_1.02_build_105.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\FotoTagger 2.10.0.1.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\FoxNotes 2.5.4.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\FrameSolver 2D 1.0 Key.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Frobisher Font TrueType 1.51.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\FullShot_9.5.1.1_(Key+Serial).zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\GameSelect_2.1.1.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\genesisseeds_toolbar_for_IE_4.5.132.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Goal.Com - Live News 1.0.0.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Google Pack 2.2.969.23408 Beta.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Green Saver 3.10.0510.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Half-Life_Natural_Selection_4_client_3.0_beta.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Halo_Dedicated_Server_Init_File_Builder_2.1.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Hot Video to iPod Converter 2.0 Crack.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Human Resource Manager 2.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Inhabitants of Wood Screensaver 1.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\JobOrder 12.9.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Kalvyn_Workgroup_Software_Access_Edition_2006_1.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Karamasoft_UltimateEditor_2.3_(Serial).zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\KFI am 640 2.00.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\KingConvert For Data Burn 5.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\LingvoSoft_Dictionary_2007_Russian_-_Armenian_4.0.22_[Key].zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\ListGrabber Standard 4.0.0.39.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Lookup Unlisted Phone Number 1.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\LuckyPhoto 1.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Magic_Audio_Recorder_5.4.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\MCE Controller 1.1.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Microsoft Phishing Filter Add-in for MSN Search Toolbar 3.0.4702.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Millions_of_Light_Years_1.6_Cracked.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\MindChimes 1.3.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Ministry Assistant 1.4.3.4.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\MSN UK Movies 1.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Nawras PC Supervisor 1.0.0.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\NOD32.Antivirus.v2.51.30.FR.(Version.Windows_XP_2000_2003_NT_32-bit_64-bit).Incl-Crack.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\NotepadEx 1.7.4.4.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\PalTalkScene 9.2.221.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Parnian_for_Freehand_3.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Paving Design Expert 1.3.0.135.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\PDF Suite .NET 3.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\PDF_album_maker_1.01_[Cracked].zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Phone Deck 1.3.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Play_Guitar_2.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\PLC Training - RSlogix Simulator 3.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Pluto_3D_ScreenSaver_1.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\PrePromote v4.05.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\PSD2FLA_1.0.3_r031_Key+Serial.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Qurb_3.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\RICECAKES 1.5.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\ServersCheck_VNCAdministrator_1.0_[Serial].zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\SetPwd 1.5.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\SetupTIE2007 1.0.3.4.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Simple_Home_Money_Management_2006.4.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Softinabox_Remind_Me!_1.0.0_Build_38.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Sprinkle Clock ScreenSaver 2.3.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\SSW_Property_and_Event_Pro_2000_2.3_[KeyGen].zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Stay with me toolbar for IE 4.5.132.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Streams 1.53.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Sudoku_Puzzle_Game_1.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Summertime_Skies_1.00.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\SysImage_HTML2Image_1.5_Crack.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\TechSmith_Screen_Capture_Codec_1.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\The Hubble Space Telescope Part 2 1.0.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\True_Conception_of_Sri_Guru_Tattva_1.08.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\UControls GlassButton 1.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\VCW VicMan's Submass 5.2 Key+Serial.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\VeriTime Time Tracker 5.0.4.16.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\ViruScape_2006.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Voxengo_Marquis_Compressor_1.4_(Key).zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\WannaChat 0.50804.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Wav_Split_Mp3_1.00_(Cracked).zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\WeightWare_3.4.0_Crack.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Windows_Live_Messenger_Now_Playing_Plugin_0.23.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\WorshipLeader_4.8.2.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Y!RabidStatter_2.1.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\Zinc 2.5.0.16.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\shared\ZPC demo.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\m\srvlist.oct
      c:\documents and settings\°Oo Antoine oO°\ravmonlog
      c:\documents and settings\°Oo Charlotte oO°\Application Data\addon.dat
      c:\documents and settings\°Oo Charlotte oO°\ravmonlog
      c:\documents and settings\°Oo PapOuneT oO°\Application Data\addon.dat
      c:\documents and settings\°Oo PapOuneT oO°\ravmonlog
      c:\windows\adober.exe
      c:\windows\system32\ban_list.txt
      c:\windows\system32\drivers\srosa.sys
      c:\windows\system32\drivers\winfilse.exe
      c:\windows\system32\mdelk.exe
      c:\windows\system32\msn.exe
      c:\windows\system32\tmp88.tmp
      c:\windows\system32\tmp89.tmp
      c:\windows\system32\wintems.exe

      .
      ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Service_SROSA
      -------\Legacy_SROSA
      -------\Legacy_BOONTY_GAMES
      -------\Service_Boonty Games


      ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-12 au 2008-11-12 ))))))))))))))))))))))))))))))))))))
      .

      2008-11-12 15:37 . 2008-11-12 16:26 <REP> d-------- c:\program files\FindyKill
      2008-11-09 12:25 . 2008-11-11 19:48 <REP> d-------- c:\documents and settings\All Users\Application Data\TrackMania
      2008-11-09 12:15 . 2008-11-09 12:22 <REP> d-------- c:\program files\TmUnitedForever
      2008-11-09 12:09 . 2008-11-09 12:09 <REP> d-------- c:\documents and settings\All Users\Application Data\TrackMania United
      2008-11-09 12:05 . 2008-11-09 12:07 <REP> d-------- c:\program files\TrackMania United
      2008-11-05 10:32 . 2008-11-05 16:31 <REP> d-------- c:\program files\Easy TM Forever
      2008-11-04 14:03 . 2008-11-04 14:03 <REP> d-------- c:\documents and settings\°Oo Antoine oO°\Application Data\Mostick
      2008-11-04 12:42 . 2008-04-28 15:53 805,400 -ra------ c:\windows\system32\tmpD6.tmp
      2008-11-04 12:42 . 2008-04-28 15:53 805,400 -ra------ c:\windows\system32\tmpD5.tmp
      2008-11-04 12:41 . 2008-11-12 17:36 8,912,896 --a------ c:\documents and settings\°Oo Antoine oO°\ntuser.dat
      2008-11-04 12:41 . 2008-11-12 17:36 8,912,896 --a------ c:\documents and settings\°Oo Antoine oO°\ntuser.dat
      2008-11-03 18:58 . 2008-07-16 22:35 9,728 --a------ c:\windows\system32\RtNicProp32.dll
      2008-11-03 18:42 . 2008-11-03 18:42 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
      2008-11-02 23:41 . 2008-11-03 10:29 <REP> d-------- c:\program files\WinPcap
      2008-11-01 12:44 . 2001-11-14 20:19 16,384 --a------ c:\windows\system32\FileOps.exe
      2008-10-30 09:12 . 2008-11-01 10:47 45 --a------ C:\TEST.XML
      2008-10-29 20:28 . 2004-03-29 16:23 90,112 --a------ c:\windows\unvise32.exe
      2008-10-29 20:26 . 2008-10-29 20:26 <REP> d-------- c:\program files\MAXON
      2008-10-29 08:46 . 2008-11-12 15:31 <REP> dr-h----- c:\documents and settings\°Oo Antoine oO°\Recent
      2008-10-29 08:46 . 2008-11-12 15:31 <REP> dr-h----- c:\documents and settings\°Oo Antoine oO°\Recent
      2008-10-28 16:54 . 2008-10-28 18:22 22,060 --a------ c:\windows\system32\msn
      2008-10-28 15:51 . 1999-09-18 09:54 180,224 --a------ c:\windows\system32\ijl11.dll
      2008-10-25 23:30 . 2008-10-25 23:30 <REP> d-------- c:\documents and settings\°Oo PapOuneT oO°\Application Data\EmailNotifier
      2008-10-25 20:43 . 2008-10-25 20:43 <REP> d-------- c:\program files\CA VMN Anti-Spyware
      2008-10-25 20:43 . 2008-10-25 20:43 <REP> d-------- c:\documents and settings\All Users\Application Data\EmailNotifier
      2008-10-25 20:43 . 2008-11-03 19:38 <REP> d-------- c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar
      2008-10-25 20:43 . 2008-10-25 20:43 <REP> d-------- c:\documents and settings\°Oo Antoine oO°\Application Data\EmailNotifier
      2008-10-25 20:02 . 2008-10-25 20:02 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
      2008-10-25 19:54 . 2007-02-20 15:04 2,463,976 --a------ c:\windows\system32\NPSWF32.dll
      2008-10-25 19:54 . 2007-02-20 15:04 190,696 --a------ c:\windows\system32\NPSWF32_FlashUtil.exe
      2008-10-25 19:40 . 2008-10-25 19:40 <REP> d-------- c:\program files\Bonjour
      2008-10-25 19:32 . 2008-10-25 19:32 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared
      2008-10-25 13:00 . 2008-10-25 13:00 <REP> d-------- c:\documents and settings\°Oo PapOuneT oO°\Application Data\Windows Search
      2008-10-25 09:43 . 2007-10-24 15:58 216 --ahs---- C:\BOOT.BKK
      2008-10-25 09:39 . 2008-10-25 09:39 <REP> d-------- c:\program files\TGTSoft
      2008-10-24 12:38 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
      2008-10-22 08:38 . 2008-10-22 08:38 <REP> d-------- c:\program files\IKEA HomePlanner
      2008-10-22 08:37 . 2008-10-22 08:37 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
      2008-10-21 13:04 . 2008-11-01 12:44 <REP> d-------- c:\windows\system32\Adobe
      2008-10-19 15:40 . 2008-10-19 15:40 <REP> d-------- c:\documents and settings\°Oo PapOuneT oO°\Application Data\Snapfish
      2008-10-15 22:10 . 2008-10-15 22:12 1,393 --a------ c:\windows\imsins.BAK
      2008-10-15 12:09 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
      2008-10-15 12:08 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
      2008-10-15 12:08 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
      2008-10-15 12:08 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
      2008-10-15 12:08 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
      2008-10-15 12:08 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-11-12 14:26 --------- d-----w c:\program files\Live for Speed S2
      2008-11-12 14:24 --------- d--h--w c:\program files\InstallShield Installation Information
      2008-11-12 09:49 --------- d-----w c:\program files\Spybot - Search & Destroy
      2008-11-12 09:00 --------- d-----w c:\program files\a-squared Free
      2008-11-12 08:17 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
      2008-11-09 15:22 19,554 ----a-w c:\documents and settings\°Oo PapOuneT oO°\Application Data\wklnhst.dat
      2008-11-06 19:19 --------- d-----w c:\program files\TrackMania Nations ESWC
      2008-11-06 19:10 --------- d-----w c:\program files\SpeedSim
      2008-11-06 19:03 --------- d-----w c:\program files\Button Studio
      2008-11-06 19:02 --------- d-----w c:\documents and settings\All Users\Application Data\Aquadelic GT
      2008-11-05 15:31 --------- d-----w c:\program files\WarRock
      2008-11-04 18:00 --------- d-----w c:\program files\Windows Live Safety Center
      2008-11-04 11:18 --------- d-----w c:\program files\OpenAL
      2008-11-01 11:44 --------- d-----w c:\program files\Fichiers communs\Adobe
      2008-10-21 12:02 --------- d-----w c:\program files\Microsoft Silverlight
      2008-10-19 15:24 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
      2008-10-10 07:12 159,992 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
      2008-10-09 14:20 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
      2008-10-08 18:37 --------- d-----w c:\program files\Alt WAV MP3 WMA OGG Converter
      2008-10-07 12:33 6,133,856 ----a-w c:\windows\system32\drivers\nv4_mini.sys
      2008-10-03 15:07 --------- d-----w c:\program files\Zylom Games
      2008-09-28 16:46 --------- d-----w c:\program files\Micro Application
      2008-09-28 16:15 --------- d-----w c:\documents and settings\°Oo PapOuneT oO°\Application Data\Zylom
      2008-09-28 16:11 --------- d-----w c:\program files\Java
      2008-09-26 17:19 --------- d-----w c:\program files\Lavalys
      2008-09-22 18:39 --------- d-----w c:\documents and settings\°Oo Antoine oO°\Application Data\teamspeak2
      2008-09-21 07:50 --------- d-----w c:\program files\OneStep
      2008-09-20 20:19 --------- d-----w c:\program files\TeamSpeak3
      2008-09-20 11:04 --------- d-----w c:\documents and settings\°Oo Antoine oO°\Application Data\Windows Search
      2008-09-19 19:39 --------- d-----w c:\program files\Vstplugins
      2008-09-19 19:39 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
      2008-09-19 19:38 --------- d-----w c:\program files\Sony
      2008-09-19 19:37 --------- d-----w c:\program files\Sony Setup
      2008-09-16 13:39 --------- d-----w c:\program files\Windows Desktop Search
      2008-09-16 13:39 --------- d-----w c:\documents and settings\°Oo PapOuneT oO°\Application Data\Windows Desktop Search
      2008-09-13 09:30 --------- d-----w c:\program files\ScanWizard 5
      2008-09-13 08:46 --------- d-----w c:\program files\EasyScan
      2008-09-13 08:35 --------- d-----w c:\program files\Documalis Free
      2008-03-07 19:06 4,328 ----a-w c:\documents and settings\°Oo Antoine oO°\Application Data\wklnhst.dat
      2007-11-17 09:23 3,022,242 ----a-w c:\documents and settings\°Oo PapOuneT oO°\TRACE_BOOT+DRIVERS_1_1.BIN
      2007-11-17 09:23 3,022,242 ----a-w c:\documents and settings\°Oo PapOuneT oO°\TRACE_BOOT+DRIVERS_1_1.BIN
      2007-10-22 02:49 867,848 ----a-w c:\program files\NOV2007_d3dx10_36_x64.cab
      2007-10-22 02:49 807,132 ----a-w c:\program files\NOV2007_d3dx10_36_x86.cab
      2007-10-22 02:49 49,392 ----a-w c:\program files\NOV2007_X3DAudio_x64.cab
      2007-10-22 02:49 44,850 ----a-w c:\program files\dxdllreg_x86.cab
      2007-10-22 02:49 21,744 ----a-w c:\program files\NOV2007_X3DAudio_x86.cab
      2007-10-22 02:49 200,010 ----a-w c:\program files\NOV2007_XACT_x64.cab
      2007-10-22 02:49 151,512 ----a-w c:\program files\NOV2007_XACT_x86.cab
      2007-10-22 02:49 1,805,306 ----a-w c:\program files\NOV2007_d3dx9_36_x64.cab
      2007-10-22 02:49 1,712,608 ----a-w c:\program files\NOV2007_d3dx9_36_x86.cab
      2004-07-09 03:08 2,242,560 ----a-w c:\documents and settings\°Oo Antoine oO°\dsetup32.dll
      2004-07-09 03:08 2,242,560 ----a-w c:\documents and settings\°Oo Antoine oO°\dsetup32.dll
      2004-07-09 02:03 62,976 ----a-w c:\documents and settings\°Oo Antoine oO°\DSETUP.dll
      2004-07-09 02:03 62,976 ----a-w c:\documents and settings\°Oo Antoine oO°\DSETUP.dll
      2008-06-06 14:44 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008060620080607\index.dat
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
      "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
      "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2006-07-12 237568]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
      "RemoteControl"="c:\program files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
      "PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2006-03-31 147456]
      "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
      "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 223232]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
      "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-25 185632]
      "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
      "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
      "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-12 78008]
      "RTHDCPL"="RTHDCPL.EXE" [2007-10-16 c:\windows\RTHDCPL.exe]
      "nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
      "CHotkey"="mHotkey.exe" [2004-06-03 c:\windows\mHotkey.exe]
      "ledpointer"="CNYHKey.exe" [2003-07-21 c:\windows\CNYHKey.exe]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
      "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

      c:\documents and settings\øOo Antoine oOø\Menu D‚marrer\Programmes\D‚marrage\
      Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 110592]

      c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 110592]
      Scanner Finder.lnk - c:\program files\ScanWizard 5\ScannerFinder.exe [2008-09-13 315392]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.mkdmp3enc"= c:\progra~1\HOMECI~1\POWERC~1\Kernel\Burner\MKDMP3Enc.ACM

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusDisableNotify"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "c:\\Program Files\\TrackMania United\\TmUnited.exe"=
      "c:\\Program Files\\DnD Networks\\Onyx\\lib\\Nadeo\\TMU\\TrackmaniaServer.exe"=
      "c:\\Program Files\\DnD Networks\\Onyx\\Onyx.exe"=
      "c:\\Program Files\\Cossacks 2 - Battle for Europe\\Run\\Data\\engine.exe"=
      "c:\\Program Files\\WYSIWYG Web Builder 4.0\\WebBuilder.exe"=
      "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
      "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
      "c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
      "c:\\Program Files\\eMule\\emule.exe"=
      "c:\\Program Files\\Metin2_France\\metin2.bin"=
      "c:\\Program Files\\TmUnitedForever\\TmForever.exe"=
      "c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
      "c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
      "c:\\WINDOWS\\system32\\ftp.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "c:\\WINDOWS\\system32\\sessmgr.exe"=
      "c:\\Program Files\\Home Cinema\\PowerCinema\\PowerCinema.exe"=
      "c:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe"=
      "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "5002:TCP"= 5002:TCP:tmu
      "5002:UDP"= 5002:UDP:tmu
      "21:UDP"= 21:UDP:site
      "16126:TCP"= 16126:TCP:*:Disabled:emule
      "3452:TCP"= 3452:TCP:tmu
      "3452:UDP"= 3452:UDP:tmu
      "2352:UDP"= 2352:UDP:tmu
      "2352:TCP"= 2352:TCP:tmu
      "13300:TCP"= 13300:TCP:NortonAV
      "13114:TCP"= 13114:TCP:NortonAV
      "12917:TCP"= 12917:TCP:NortonAV
      "13039:TCP"= 13039:TCP:NortonAV
      "15709:TCP"= 15709:TCP:NortonAV

      R2 OneStepSearch Service;OneStepSearch Service;c:\program files\OneStep\onestep.exe c:\program files\OneStep\onestep.dll Service [ ]
      R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2005-10-17 826112]
      R3 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;c:\windows\system32\DRIVERS\cmiucr.SYS [2007-01-05 93056]
      S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [ ]
      S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
      S3 maconfservice;Ma-Config Service;c:\documents and settings\°Oo Antoine oO°\Mes documents\maconfservice.exe [2008-11-02 195752]
      S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe [ ]
      S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld [ ]

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CE2A1958-4EAC-7237-F218-153CD75EFC12}]
      c:\windows\system32\msn.exe
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      BHO-{A057A204-BACC-4D26-8287-79A187E26987} - c:\progra~1\VMNTOO~1\VMNTOO~1.DLL
      Toolbar-{A057A204-BACC-4D26-8287-79A187E26987} - c:\progra~1\VMNTOO~1\VMNTOO~1.DLL
      WebBrowser-{A057A204-BACC-4D26-8287-79A187E26987} - c:\progra~1\VMNTOO~1\VMNTOO~1.DLL


      .
      ------- Examen supplémentaire -------
      .
      FireFox -: Profile - c:\documents and settings\°Oo PapOuneT oO°\Application Data\Mozilla\Firefox\Profiles\6ma9wxhy.default\
      FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      .

      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-11-12 17:49:47
      Windows 5.1.2600 Service Pack 3 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      ------------------------ Autres processus actifs ------------------------
      .
      c:\program files\TGTSoft\StyleXP\StyleXPService.exe
      c:\windows\system32\agrsmsvc.exe
      c:\program files\Bonjour\mDNSResponder.exe
      c:\program files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
      c:\program files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
      c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
      c:\windows\system32\nvsvc32.exe
      c:\program files\OneStep\onestep.exe
      c:\windows\system32\PnkBstrA.exe
      c:\program files\CyberLink\Shared Files\RichVideo.exe
      c:\progra~1\COMMON~1\X10\Common\X10nets.exe
      c:\windows\system32\searchindexer.exe
      c:\program files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
      c:\program files\OneStep\onestep.exe
      c:\windows\system32\rundll32.exe
      c:\program files\PC Connectivity Solution\ServiceLayer.exe
      c:\windows\system32\wscntfy.exe
      c:\windows\system32\searchprotocolhost.exe
      c:\windows\ALCFDRTM.EXE
      c:\windows\system32\searchfilterhost.exe
      .
      **************************************************************************
      .
      Heure de fin: 2008-11-12 18:07:53 - La machine a redémarré
      ComboFix-quarantined-files.txt 2008-11-12 17:07:46

      Avant-CF: 56,767,160,320 octets libres
      Après-CF: 56,469,618,688 octets libres

      406 --- E O F --- 2008-10-25 10:00:58
      0
      1. metalin > metalin
         
        voila le rapport Combo-fix, je pense qu'il s'est déroulé dans de bonne condition, le pc a redémarré normalement, j'ai remis mon pare-feu, mais j'ai l'impression que le problème est toujours existant puisque Avast ne veut pas s'ouvrir (...........win32 non valide), dis moi ce que tu en penses.
        0
  8. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Il est tard, je regarderai le rapport demain après-midi, il va rester une chose à faire avant de pouvoir remettre tes logiciels de protections en fonction.

    A demain.
    0
  9. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Toujours avec toutes les protections désactivées, fais ceci :

    Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
    Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

    ----------------------------------------------------------
    Folder::
    c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar

    Driver::
    Boonty Games
    SROSA

    ------------------------------------------------------------------

    - Enregistre ce fichier sur ton bureau (et pas ailleurs !) sous le nom CFScript.txt
    - Quitte le Bloc Notes

    · Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif

    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
    Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    Aussitôt après, sans redémarrer ton ordinateur, fais ceci :

    Télécharge et installe Malwarebytes' Anti-Malware
    - A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
    - Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
    - Puis va dans l'onglet "Recherche", coche "Exécuter un examen rapide" puis "Rechercher"
    - Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
    - A la fin du scan, clique sur Afficher les résultats
    - Coche tous les éléments détectés puis clique sur Supprimer la sélection
    - Enregistre le rapport
    - S'il t'est demandé de redémarrer, clique sur Yes

    Poste le rapport de scan après la suppression ici

    0
    1. metalin
       
      Bonjour, merci d'ètre là pour me guider, voila le rapport combo-fix
      ComboFix 08-11-11.01 - °Oo PapOuneT oO° 2008-11-13 17:18:28.2 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.586 [GMT 1:00]
      Lancé depuis: c:\documents and settings\°Oo PapOuneT oO°\Bureau\C-Fix.exe
      Commutateurs utilisés :: c:\documents and settings\°Oo PapOuneT oO°\Bureau\CFScript.txt
      * Un nouveau point de restauration a été créé

      [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\__slider.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\a.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\amazon.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\an.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\arrow.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\arrow_down.gif
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\arrow_up.gif
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\arrowB.gif
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\arrowT.gif
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\autofill.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\b.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\bg_pub.gif
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\bg_ttl.gif
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\bn.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\bottom.png
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\bottom_left.png
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\bottom_right.png
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\c.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\CAlogo.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\canalblog.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\cn.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\COMBOSEARCH.acs
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\d.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\dictionary2.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\dn.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\DownloadCOM.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\dropdown.css
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\email_b.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\equalizer_loading.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\equalizer_off.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\equalizer_on.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\ErrorLog.txt
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\ErrorPageTemplate.css
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\ErrorPageTemplate_search.css
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\f.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\fn.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\g.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\gaming.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\gn.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\graphred0.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\graphred0_5.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\graphred1.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\graphred1_5.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\graphred2.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\graphred2_5.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\graphred3.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\graphred3_5.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\graphred4.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\graphred4_5.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\graphred5.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\h.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\h_aquarius.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\h_aries.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\h_cancer.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\h_capricorn.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\h_gemini.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\h_leo.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\h_libra.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\h_pisces.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\h_sagittarius.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\h_scorpio.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\h_taurus.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\h_virgo.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\help.gif
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\hideremove.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\highlight.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\hn.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\i.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\IEtab1_8.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\images01.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\in.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\j.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\jn.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\k.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\kn.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\l.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\left.png
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\ln.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\loading.gif
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\logo.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\logo_facebook.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\minus.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\minus_on.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\music2.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\n.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\New York_NY_weather.txt
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\New York_NY_weather.txt15914000
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\New York_NY_weather.txt25104015
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\New York_NY_weather.txt3968015
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\New York_NY_weather.txt42643140
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\New York_NY_weather.txt5108015
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\news.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\news.html
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\newsb.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\nn.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\o.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\on.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\p.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\p_yahoo.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\p_yahoo_fr.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\pixsy.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\play.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\play_on.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\plus.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\plus_on.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\pn.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\popup_off.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\popup_on.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\popup_ona.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\q.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\qn.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\r.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\relatedlinks.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\report.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\right.png
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\rn.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\rss.xsl
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\rss1.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\rsslib.js
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\rssmenu1_7a.zip
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\s.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\search.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\search.gif
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\search_fr.gif
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\settings.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\shop2.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\sinfo.txt
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\sinfo.txt175484
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\sinfo.txt363812
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\siteinfo.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\slider.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\sn.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\spacer.gif
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\stars-red1.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\stars-red2.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\stars-red3.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\stars-red4.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\stars-red5.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\stop.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\stop_on.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\t.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\tab_icon.png
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\tabdataV3.js
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\tabwelcome_en.html
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\tabwelcome_fr.html
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\technorati.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\Thumbs.db
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\tn.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\tools.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\top.png
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\top_left.png
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\top_right.png
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\translate.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\u.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\un.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\utf8.js
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\v.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\vmlib.js
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\vmntoolbartb1501.cfg
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\vn.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\w.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\web_fr.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\wikipedia.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\wn.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\x.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\xp_close_small.gif
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\yahoo_search.gif
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\YouTube.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\z.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\zn.bmp
      c:\documents and settings\°Oo Antoine oO°\Application Data\vmntoolbar\zoom.bmp

      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-13 au 2008-11-13 ))))))))))))))))))))))))))))))))))))
      .

      2008-11-13 12:50 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
      2008-11-13 12:50 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
      2008-11-12 15:37 . 2008-11-12 16:26 <REP> d-------- c:\program files\FindyKill
      2008-11-09 12:25 . 2008-11-12 19:00 <REP> d-------- c:\documents and settings\All Users\Application Data\TrackMania
      2008-11-09 12:15 . 2008-11-09 12:22 <REP> d-------- c:\program files\TmUnitedForever
      2008-11-09 12:09 . 2008-11-09 12:09 <REP> d-------- c:\documents and settings\All Users\Application Data\TrackMania United
      2008-11-09 12:05 . 2008-11-09 12:07 <REP> d-------- c:\program files\TrackMania United
      2008-11-05 10:32 . 2008-11-05 16:31 <REP> d-------- c:\program files\Easy TM Forever
      2008-11-04 14:03 . 2008-11-04 14:03 <REP> d-------- c:\documents and settings\°Oo Antoine oO°\Application Data\Mostick
      2008-11-04 12:42 . 2008-04-28 15:53 805,400 -ra------ c:\windows\system32\tmpD6.tmp
      2008-11-04 12:42 . 2008-04-28 15:53 805,400 -ra------ c:\windows\system32\tmpD5.tmp
      2008-11-04 12:41 . 2008-11-12 22:44 8,912,896 --a------ c:\documents and settings\°Oo Antoine oO°\ntuser.dat
      2008-11-04 12:41 . 2008-11-12 22:44 8,912,896 --a------ c:\documents and settings\°Oo Antoine oO°\ntuser.dat
      2008-11-03 18:58 . 2008-07-16 22:35 9,728 --a------ c:\windows\system32\RtNicProp32.dll
      2008-11-03 18:42 . 2008-11-03 18:42 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
      2008-11-02 23:41 . 2008-11-03 10:29 <REP> d-------- c:\program files\WinPcap
      2008-11-01 12:44 . 2001-11-14 20:19 16,384 --a------ c:\windows\system32\FileOps.exe
      2008-10-30 09:12 . 2008-11-01 10:47 45 --a------ C:\TEST.XML
      2008-10-29 20:28 . 2004-03-29 16:23 90,112 --a------ c:\windows\unvise32.exe
      2008-10-29 20:26 . 2008-10-29 20:26 <REP> d-------- c:\program files\MAXON
      2008-10-29 08:46 . 2008-11-12 19:05 <REP> dr-h----- c:\documents and settings\°Oo Antoine oO°\Recent
      2008-10-29 08:46 . 2008-11-12 19:05 <REP> dr-h----- c:\documents and settings\°Oo Antoine oO°\Recent
      2008-10-28 16:54 . 2008-10-28 18:22 22,060 --a------ c:\windows\system32\msn
      2008-10-28 15:51 . 1999-09-18 09:54 180,224 --a------ c:\windows\system32\ijl11.dll
      2008-10-25 23:30 . 2008-10-25 23:30 <REP> d-------- c:\documents and settings\°Oo PapOuneT oO°\Application Data\EmailNotifier
      2008-10-25 20:43 . 2008-10-25 20:43 <REP> d-------- c:\program files\CA VMN Anti-Spyware
      2008-10-25 20:43 . 2008-10-25 20:43 <REP> d-------- c:\documents and settings\All Users\Application Data\EmailNotifier
      2008-10-25 20:43 . 2008-10-25 20:43 <REP> d-------- c:\documents and settings\°Oo Antoine oO°\Application Data\EmailNotifier
      2008-10-25 20:02 . 2008-10-25 20:02 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
      2008-10-25 19:54 . 2007-02-20 15:04 2,463,976 --a------ c:\windows\system32\NPSWF32.dll
      2008-10-25 19:54 . 2007-02-20 15:04 190,696 --a------ c:\windows\system32\NPSWF32_FlashUtil.exe
      2008-10-25 19:40 . 2008-10-25 19:40 <REP> d-------- c:\program files\Bonjour
      2008-10-25 19:32 . 2008-10-25 19:32 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared
      2008-10-25 13:00 . 2008-10-25 13:00 <REP> d-------- c:\documents and settings\°Oo PapOuneT oO°\Application Data\Windows Search
      2008-10-25 09:43 . 2007-10-24 15:58 216 --ahs---- C:\BOOT.BKK
      2008-10-25 09:39 . 2008-10-25 09:39 <REP> d-------- c:\program files\TGTSoft
      2008-10-24 12:38 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
      2008-10-22 08:38 . 2008-10-22 08:38 <REP> d-------- c:\program files\IKEA HomePlanner
      2008-10-22 08:37 . 2008-10-22 08:37 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
      2008-10-21 13:04 . 2008-11-01 12:44 <REP> d-------- c:\windows\system32\Adobe
      2008-10-19 15:40 . 2008-10-19 15:40 <REP> d-------- c:\documents and settings\°Oo PapOuneT oO°\Application Data\Snapfish
      2008-10-15 22:10 . 2008-11-13 14:10 1,393 --a------ c:\windows\imsins.BAK
      2008-10-15 12:09 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
      2008-10-15 12:08 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
      2008-10-15 12:08 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
      2008-10-15 12:08 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
      2008-10-15 12:08 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
      2008-10-15 12:08 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-11-12 14:26 --------- d-----w c:\program files\Live for Speed S2
      2008-11-12 14:24 --------- d--h--w c:\program files\InstallShield Installation Information
      2008-11-12 09:49 --------- d-----w c:\program files\Spybot - Search & Destroy
      2008-11-12 09:00 --------- d-----w c:\program files\a-squared Free
      2008-11-12 08:17 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
      2008-11-09 15:22 19,554 ----a-w c:\documents and settings\°Oo PapOuneT oO°\Application Data\wklnhst.dat
      2008-11-06 19:19 --------- d-----w c:\program files\TrackMania Nations ESWC
      2008-11-06 19:10 --------- d-----w c:\program files\SpeedSim
      2008-11-06 19:03 --------- d-----w c:\program files\Button Studio
      2008-11-06 19:02 --------- d-----w c:\documents and settings\All Users\Application Data\Aquadelic GT
      2008-11-05 15:31 --------- d-----w c:\program files\WarRock
      2008-11-04 18:00 --------- d-----w c:\program files\Windows Live Safety Center
      2008-11-04 11:20 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
      2008-11-04 11:18 444,952 ----a-w c:\windows\system32\wrap_oal.dll
      2008-11-04 11:18 109,080 ----a-w c:\windows\system32\OpenAL32.dll
      2008-11-04 11:18 --------- d-----w c:\program files\OpenAL
      2008-11-01 11:44 --------- d-----w c:\program files\Fichiers communs\Adobe
      2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
      2008-10-21 18:44 188,909 ----a-w c:\windows\Fonts\petbone.zip
      2008-10-21 12:02 --------- d-----w c:\program files\Microsoft Silverlight
      2008-10-19 15:24 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
      2008-10-10 07:12 159,992 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
      2008-10-10 07:11 182,928 ----a-w c:\windows\system32\PnkBstrB.exe
      2008-10-09 14:20 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
      2008-10-08 18:37 --------- d-----w c:\program files\Alt WAV MP3 WMA OGG Converter
      2008-10-03 15:07 --------- d-----w c:\program files\Zylom Games
      2008-10-02 09:07 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
      2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
      2008-09-28 16:46 --------- d-----w c:\program files\Micro Application
      2008-09-28 16:15 --------- d-----w c:\documents and settings\°Oo PapOuneT oO°\Application Data\Zylom
      2008-09-28 16:11 --------- d-----w c:\program files\Java
      2008-09-26 17:19 --------- d-----w c:\program files\Lavalys
      2008-09-22 18:39 --------- d-----w c:\documents and settings\°Oo Antoine oO°\Application Data\teamspeak2
      2008-09-21 07:50 --------- d-----w c:\program files\OneStep
      2008-09-20 20:19 --------- d-----w c:\program files\TeamSpeak3
      2008-09-20 11:04 --------- d-----w c:\documents and settings\°Oo Antoine oO°\Application Data\Windows Search
      2008-09-19 19:39 --------- d-----w c:\program files\Vstplugins
      2008-09-19 19:39 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
      2008-09-19 19:38 --------- d-----w c:\program files\Sony
      2008-09-19 19:37 --------- d-----w c:\program files\Sony Setup
      2008-09-16 13:39 --------- d-----w c:\program files\Windows Desktop Search
      2008-09-16 13:39 --------- d-----w c:\documents and settings\°Oo PapOuneT oO°\Application Data\Windows Desktop Search
      2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
      2008-09-13 09:30 --------- d-----w c:\program files\ScanWizard 5
      2008-09-13 08:46 --------- d-----w c:\program files\EasyScan
      2008-09-13 08:35 --------- d-----w c:\program files\Documalis Free
      2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll
      2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
      2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll
      2008-08-14 13:23 2,147,328 ----a-w c:\windows\system32\ntoskrnl.exe
      2008-08-14 13:23 2,025,984 ----a-w c:\windows\system32\ntkrnlpa.exe
      2008-03-07 19:06 4,328 ----a-w c:\documents and settings\°Oo Antoine oO°\Application Data\wklnhst.dat
      2007-11-17 09:23 3,022,242 ----a-w c:\documents and settings\°Oo PapOuneT oO°\TRACE_BOOT+DRIVERS_1_1.BIN
      2007-11-17 09:23 3,022,242 ----a-w c:\documents and settings\°Oo PapOuneT oO°\TRACE_BOOT+DRIVERS_1_1.BIN
      2007-10-22 02:49 867,848 ----a-w c:\program files\NOV2007_d3dx10_36_x64.cab
      2007-10-22 02:49 807,132 ----a-w c:\program files\NOV2007_d3dx10_36_x86.cab
      2007-10-22 02:49 49,392 ----a-w c:\program files\NOV2007_X3DAudio_x64.cab
      2007-10-22 02:49 44,850 ----a-w c:\program files\dxdllreg_x86.cab
      2007-10-22 02:49 21,744 ----a-w c:\program files\NOV2007_X3DAudio_x86.cab
      2007-10-22 02:49 200,010 ----a-w c:\program files\NOV2007_XACT_x64.cab
      2007-10-22 02:49 151,512 ----a-w c:\program files\NOV2007_XACT_x86.cab
      2007-10-22 02:49 1,805,306 ----a-w c:\program files\NOV2007_d3dx9_36_x64.cab
      2007-10-22 02:49 1,712,608 ----a-w c:\program files\NOV2007_d3dx9_36_x86.cab
      2004-07-09 03:08 2,242,560 ----a-w c:\documents and settings\°Oo Antoine oO°\dsetup32.dll
      2004-07-09 03:08 2,242,560 ----a-w c:\documents and settings\°Oo Antoine oO°\dsetup32.dll
      2004-07-09 02:03 62,976 ----a-w c:\documents and settings\°Oo Antoine oO°\DSETUP.dll
      2004-07-09 02:03 62,976 ----a-w c:\documents and settings\°Oo Antoine oO°\DSETUP.dll
      2008-06-06 14:44 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008060620080607\index.dat
      .

      ((((((((((((((((((((((((((((( snapshot@2008-11-12_17.56.22.21 )))))))))))))))))))))))))))))))))))))))))
      .
      + 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
      + 2008-11-12 21:40:46 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
      - 2008-10-15 21:11:14 593,920 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
      + 2008-11-12 21:41:38 593,920 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
      - 2008-10-15 21:11:14 12,288 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
      + 2008-11-12 21:41:38 12,288 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
      - 2008-10-15 21:11:14 86,016 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
      + 2008-11-12 21:41:38 86,016 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
      - 2008-10-15 21:11:14 135,168 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
      + 2008-11-12 21:41:38 135,168 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
      - 2008-10-15 21:11:14 11,264 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
      + 2008-11-12 21:41:38 11,264 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
      - 2008-10-15 21:11:14 27,136 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
      + 2008-11-12 21:41:38 27,136 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
      - 2008-10-15 21:11:14 4,096 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
      + 2008-11-12 21:41:38 4,096 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
      - 2008-10-15 21:11:14 794,624 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
      + 2008-11-12 21:41:38 794,624 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
      - 2008-10-15 21:11:14 249,856 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
      + 2008-11-12 21:41:38 249,856 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
      - 2008-10-15 21:11:14 61,440 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
      + 2008-11-12 21:41:38 61,440 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
      - 2008-10-15 21:11:14 23,040 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
      + 2008-11-12 21:41:38 23,040 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
      - 2008-10-15 21:11:14 286,720 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
      + 2008-11-12 21:41:38 286,720 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
      - 2008-10-15 21:11:13 409,600 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
      + 2008-11-12 21:41:37 409,600 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
      - 2008-09-11 14:50:11 12,288 ----a-r c:\windows\Installer\{9051040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
      + 2008-11-12 21:41:52 12,288 ----a-r c:\windows\Installer\{9051040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
      - 2008-09-11 14:50:11 135,168 ----a-r c:\windows\Installer\{9051040C-6000-11D3-8CFE-0150048383C9}\misc.exe
      + 2008-11-12 21:41:52 135,168 ----a-r c:\windows\Installer\{9051040C-6000-11D3-8CFE-0150048383C9}\misc.exe
      - 2008-09-11 14:50:11 4,096 ----a-r c:\windows\Installer\{9051040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
      + 2008-11-12 21:41:52 4,096 ----a-r c:\windows\Installer\{9051040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
      - 2008-09-11 14:50:11 176,128 ----a-r c:\windows\Installer\{9051040C-6000-11D3-8CFE-0150048383C9}\visicon.exe
      + 2008-11-12 21:41:52 176,128 ----a-r c:\windows\Installer\{9051040C-6000-11D3-8CFE-0150048383C9}\visicon.exe
      - 2008-11-12 15:34:05 5,860 ----a-w c:\windows\SoftwareDistribution\EventCache\{23D5DA61-6E1E-49D8-AE43-852B44ADAAEA}.bin
      + 2008-11-13 13:11:02 2,642 ----a-w c:\windows\SoftwareDistribution\EventCache\{23D5DA61-6E1E-49D8-AE43-852B44ADAAEA}.bin
      - 2008-04-14 02:33:34 1,306,624 -c----w c:\windows\system32\dllcache\msxml6.dll
      + 2008-09-10 01:15:15 1,307,648 -c----w c:\windows\system32\dllcache\msxml6.dll
      - 2008-10-07 19:19:40 16,721,856 ----a-w c:\windows\system32\MRT.exe
      + 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
      - 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
      + 2008-07-08 13:03:54 18,296 ------w c:\windows\system32\spmsg.dll
      + 2008-09-30 15:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
      + 2008-09-30 15:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
      .
      -- Instantané actualisé --
      .
      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
      "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
      "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2006-07-12 237568]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
      "RemoteControl"="c:\program files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
      "PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2006-03-31 147456]
      "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
      "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 223232]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
      "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-25 185632]
      "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
      "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
      "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-12 78008]
      "RTHDCPL"="RTHDCPL.EXE" [2007-10-16 c:\windows\RTHDCPL.exe]
      "nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
      "CHotkey"="mHotkey.exe" [2004-06-03 c:\windows\mHotkey.exe]
      "ledpointer"="CNYHKey.exe" [2003-07-21 c:\windows\CNYHKey.exe]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
      "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

      c:\documents and settings\øOo Antoine oOø\Menu D‚marrer\Programmes\D‚marrage\
      Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 110592]

      c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 110592]
      Scanner Finder.lnk - c:\program files\ScanWizard 5\ScannerFinder.exe [2008-09-13 315392]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.mkdmp3enc"= c:\progra~1\HOMECI~1\POWERC~1\Kernel\Burner\MKDMP3Enc.ACM

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusDisableNotify"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "c:\\Program Files\\TrackMania United\\TmUnited.exe"=
      "c:\\Program Files\\DnD Networks\\Onyx\\lib\\Nadeo\\TMU\\TrackmaniaServer.exe"=
      "c:\\Program Files\\DnD Networks\\Onyx\\Onyx.exe"=
      "c:\\Program Files\\Cossacks 2 - Battle for Europe\\Run\\Data\\engine.exe"=
      "c:\\Program Files\\WYSIWYG Web Builder 4.0\\WebBuilder.exe"=
      "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
      "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
      "c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
      "c:\\Program Files\\eMule\\emule.exe"=
      "c:\\Program Files\\Metin2_France\\metin2.bin"=
      "c:\\Program Files\\TmUnitedForever\\TmForever.exe"=
      "c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
      "c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
      "c:\\WINDOWS\\system32\\ftp.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "c:\\WINDOWS\\system32\\sessmgr.exe"=
      "c:\\Program Files\\Home Cinema\\PowerCinema\\PowerCinema.exe"=
      "c:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe"=
      "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "5002:TCP"= 5002:TCP:tmu
      "5002:UDP"= 5002:UDP:tmu
      "21:UDP"= 21:UDP:site
      "16126:TCP"= 16126:TCP:*:Disabled:emule
      "3452:TCP"= 3452:TCP:tmu
      "3452:UDP"= 3452:UDP:tmu
      "2352:UDP"= 2352:UDP:tmu
      "2352:TCP"= 2352:TCP:tmu
      "13300:TCP"= 13300:TCP:NortonAV
      "13114:TCP"= 13114:TCP:NortonAV
      "12917:TCP"= 12917:TCP:NortonAV
      "13039:TCP"= 13039:TCP:NortonAV
      "15709:TCP"= 15709:TCP:NortonAV

      R2 OneStepSearch Service;OneStepSearch Service;c:\program files\OneStep\onestep.exe c:\program files\OneStep\onestep.dll Service [ ]
      R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2005-10-17 826112]
      R3 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;c:\windows\system32\DRIVERS\cmiucr.SYS [2007-01-05 93056]
      S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [ ]
      S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
      S3 maconfservice;Ma-Config Service;c:\documents and settings\°Oo Antoine oO°\Mes documents\maconfservice.exe [2008-11-02 195752]
      S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe [ ]
      S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld [ ]

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CE2A1958-4EAC-7237-F218-153CD75EFC12}]
      c:\windows\system32\msn.exe
      .

      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-11-13 17:23:41
      Windows 5.1.2600 Service Pack 3 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      Heure de fin: 2008-11-13 17:26:06
      ComboFix-quarantined-files.txt 2008-11-13 16:25:44
      ComboFix2.txt 2008-11-12 17:07:54

      Avant-CF: 58 049 458 176 octets libres
      Après-CF: 58,073,399,296 octets libres

      459 --- E O F --- 2008-11-13 13:10:56
      0
    2. metalin
       
      voila le rapport anti-malware

      Malwarebytes' Anti-Malware 1.30
      Version de la base de données: 1395
      Windows 5.1.2600 Service Pack 3

      13/11/2008 17:41:13
      mbam-log-2008-11-13 (17-41-13).txt

      Type de recherche: Examen rapide
      Eléments examinés: 58833
      Temps écoulé: 4 minute(s), 34 second(s)

      Processus mémoire infecté(s): 1
      Module(s) mémoire infecté(s): 1
      Clé(s) du Registre infectée(s): 4
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 1
      Fichier(s) infecté(s): 6

      Processus mémoire infecté(s):
      C:\Program Files\OneStep\onestep.exe (Adware.OneStepSearch) -> Unloaded process successfully.

      Module(s) mémoire infecté(s):
      C:\Program Files\OneStep\onestep.dll (Adware.OneStepSearch) -> Delete on reboot.

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\onestep (Adware.OneStepSearch) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      C:\Program Files\OneStep (Adware.OneStepSearch) -> Delete on reboot.

      Fichier(s) infecté(s):
      C:\Program Files\OneStep\home.js (Adware.OneStepSearch) -> Quarantined and deleted successfully.
      C:\Program Files\OneStep\onestep.dll (Adware.OneStepSearch) -> Delete on reboot.
      C:\Program Files\OneStep\onestep.exe (Adware.OneStepSearch) -> Delete on reboot.
      C:\Program Files\OneStep\osopt.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully.
      C:\Program Files\OneStep\readme.html (Adware.OneStepSearch) -> Quarantined and deleted successfully.
      C:\Program Files\OneStep\uninstall.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully.
      oila le rapport anti-malware
      0
  10. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    OK, l'infection Bagle a été supprimée.

    Télécharge hijackthis (logiciel de diagnostique) sur ton bureau : https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/

    Installe le, lance le et clique sur "Do a system scan and save a logfile".
    Fais un copier-coller du rapport entier sur le forum

    0
    1. metalin
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:37:39, on 13/11/2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\agrsmsvc.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      C:\WINDOWS\system32\SearchIndexer.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\CmUCReye.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\mHotkey.exe
      C:\WINDOWS\CNYHKey.exe
      C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
      C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\Program Files\RocketDock\RocketDock.exe
      C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
      C:\Program Files\ScanWizard 5\ScannerFinder.exe
      C:\WINDOWS\ALCFDRTM.EXE
      C:\PROGRA~1\INCRED~1\bin\IMApp.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\WINDOWS\system32\SearchProtocolHost.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
      O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
      O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
      O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
      O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
      O4 - HKCU\..\Run: [connectiv32] C:\backup\connectiv32.exe
      O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
      O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\winfilse.exe
      O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
      O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\°Oo Antoine oO°\Application Data\m\flec006.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
      O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
      O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
      O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
      O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Documents and Settings\°Oo Antoine oO°\Mes documents\maconfservice.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: OneStepSearch Service - Unknown owner - C:\Program Files\OneStep\onestep.exe (file missing)
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
      O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe (file missing)
      O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe (file missing)
      O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      0
  11. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    J'ai parlé trop vite, Bagle n'a pas été supprimé complètement on dirait :(

    # Ouvre le bloc-notes (fais un clic droit sur le bureau > dans l´arborescence choisis nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(x)) :

    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "connectiv32"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "drvsyskit"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "german.exe"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "mule_st_key"=-

    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    Note : Il ne faut pas de ligne vide au début du doc

    Puis clique sur "fichier" --> "enregistrer sous" --> choisis le Bureau comme destination --> nomme le « fix.reg ».

    Ca doit ressembler à ça une fois enregistré : http://img520.imageshack.us/img520/4251/screenshot005ps2.png

    # Double clique sur le fichier fix.reg que tu viens de créer => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
    Si c'est bien le cas, clique sur "oui"

    ---> Télécharge OTMoveIt3 (de OldTimer) sur ton Bureau : http://oldtimer.geekstogo.com/OTMoveIt3.exe
    ---> Double-clique sur OTMoveIt3.exe afin de le lancer.
    ---> Copie/colle le texte suivant dans le cadre « Paste Instructions for Items to be Moved » et clique sur Moveit :

    :processes
    explorer.exe

    :files
    c:\backup\connectiv32.exe
    c:\windows\system32\drivers\winfilse.exe
    c:\windows\system32\wintems.exe
    c:\documents and settings\°oo antoine oo°\application data\m

    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]

    Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.

    ---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles
    Le nom du rapport correspond au moment de sa création : date_heure.log

    0
    1. metalin
       
      Voila

      ========== PROCESSES ==========
      Process explorer.exe killed successfully.
      ========== FILES ==========
      File/Folder c:\backup\connectiv32.exe not found.
      File/Folder c:\windows\system32\drivers\winfilse.exe not found.
      File/Folder c:\windows\system32\wintems.exe not found.
      File/Folder c:\documents and settings\°oo antoine oo°\application data\m not found.
      ========== COMMANDS ==========
      File delete failed. C:\DOCUME~1\OOANTO~1\LOCALS~1\Temp\~DF1A18.tmp scheduled to be deleted on reboot.
      File delete failed. C:\DOCUME~1\OOANTO~1\LOCALS~1\Temp\~DF284E.tmp scheduled to be deleted on reboot.
      File delete failed. C:\DOCUME~1\OOANTO~1\LOCALS~1\Temp\~DF285B.tmp scheduled to be deleted on reboot.
      File delete failed. C:\DOCUME~1\OOANTO~1\LOCALS~1\Temp\~DFD66B.tmp scheduled to be deleted on reboot.
      File delete failed. C:\DOCUME~1\OOANTO~1\LOCALS~1\Temp\~DFD67B.tmp scheduled to be deleted on reboot.
      User's Temp folder emptied.
      User's Temporary Internet Files folder emptied.
      User's Internet Explorer cache folder emptied.
      Local Service Temp folder emptied.
      File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      Local Service Temporary Internet Files folder emptied.
      File delete failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be deleted on reboot.
      File delete failed. C:\WINDOWS\temp\sqlite_CcHfD9eK1dEoB3e scheduled to be deleted on reboot.
      Windows Temp folder emptied.
      Java cache emptied.
      FireFox cache emptied.
      Temp folders emptied.
      Explorer started successfully

      OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11132008_200829

      Files moved on Reboot...
      C:\DOCUME~1\OOANTO~1\LOCALS~1\Temp\~DF1A18.tmp moved successfully.
      File C:\DOCUME~1\OOANTO~1\LOCALS~1\Temp\~DF284E.tmp not found!
      File C:\DOCUME~1\OOANTO~1\LOCALS~1\Temp\~DF285B.tmp not found!
      File C:\DOCUME~1\OOANTO~1\LOCALS~1\Temp\~DFD66B.tmp not found!
      File C:\DOCUME~1\OOANTO~1\LOCALS~1\Temp\~DFD67B.tmp not found!
      File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
      File move failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be moved on reboot.
      File C:\WINDOWS\temp\sqlite_CcHfD9eK1dEoB3e not found!
      0
  12. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    OTMoveIt n'a trouvé aucun des fichiers... C'est bizarre.

    Reposte un hijackthis stp
    Et relance FindyKill avec l'option 1 (Recherche) (voir message 1)

    0
    1. metalin
       
      Bonjour Anthony5151, moi qui pensais que ce serait bientot résolu, voila que Hijackthis ne veut pas s'ouvrir (....win32 pas valide ! ), je poste quand même le rapport Findy Kill
      A+

      ----------------- FindyKill V4.500 ------------------

      * User : øOo PapOuneT oOø - LIFETEC
      * Emplacement : C:\Program Files\FindyKill
      * Outils Mis a jours le 12/11/08 par Chiquitine29
      * Recherche effectuée à 13:01:31 le 14/11/2008
      * Windows XP - Internet Explorer 7.0.5730.13

      ((((((((((((((((( *** Recherche *** ))))))))))))))))))


      --------------- [ Processus actifs ] ----------------


      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\agrsmsvc.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      C:\WINDOWS\system32\SearchIndexer.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\CmUCReye.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\mHotkey.exe
      C:\WINDOWS\CNYHKey.exe
      C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
      C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      C:\Program Files\ScanWizard 5\ScannerFinder.exe
      C:\WINDOWS\ALCFDRTM.EXE
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

      --------------- [ Fichiers/Dossiers infectieux ] ----------------


      »»»» Presence des fichiers dans C:


      »»»» Presence des fichiers dans C:\WINDOWS


      »»»» Presence des fichiers dans C:\WINDOWS\Prefetch


      »»»» Presence des fichiers dans C:\WINDOWS\system32


      »»»» Presence des fichiers dans C:\WINDOWS\system32\drivers


      »»»» Presence des fichiers dans C:\Documents and Settings\øOo PapOuneT oOø\Application Data


      »»»» Presence des fichiers dans C:\DOCUME~1\OOPAPO~1\LOCALS~1\Temp


      »»»» Presence des fichiers dans C:\Documents and Settings\øOo PapOuneT oOø\Local Settings\Temporary Internet Files\Content.IE5

      Found ! - C:\Documents and Settings\øOo PapOuneT oOø\Local Settings\Temporary Internet Files\Content.IE5\FPZS39EX\D36439BF6AFB645FD2B2F5627D57B[1].jpg

      --------------- [ Registre / Startup ] ----------------


      ! REG.EXE VERSION 3.0

      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
      CmUCRRun REG_SZ C:\WINDOWS\system32\CmUCReye.exe
      RTHDCPL REG_SZ RTHDCPL.EXE
      NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      nwiz REG_SZ nwiz.exe /install
      CHotkey REG_SZ mHotkey.exe
      ledpointer REG_SZ CNYHKey.exe
      RemoteControl REG_SZ "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
      PCMService REG_SZ "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
      NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
      PCSuiteTrayApplication REG_SZ C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
      QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
      TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

      ! REG.EXE VERSION 3.0

      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
      CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
      RocketDock REG_SZ "C:\Program Files\RocketDock\RocketDock.exe"
      msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

      --------------- [ Registre / Clés infectieuses ] ----------------



      --------------- [ Etat / Services ] ----------------



      +- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

      Ndisuio - Type de démarrage = 3

      EapHost - Type de démarrage = 2

      Ip6Fw - Type de démarrage = 2

      SharedAccess - Type de démarrage = 2

      wuauserv - Type de démarrage = 2

      wscsvc - Type de démarrage = 2



      --------------- [ Recherche dans supports amovibles] ----------------


      +- Informations :

      C: - Lecteur fixe


      +- presence des fichiers :



      --------------- [ Registre / Mountpoint2 ] ----------------


      -> Not found !


      ------------------- ! Fin du rapport ! --------------------
      0
  13. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Je ne comprends pas, FindyKill ne trouve plus rien non plus...
    Peux-tu supprimer Combofix et le re-télécharger (en suivant les conseils donnés plus haut), puis refaire un scan avec stp ?

    0
    1. metalin
       
      voila combo

      ComboFix 08-11-12.02 - °Oo PapOuneT oO° 2008-11-14 18:19:44.3 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.532 [GMT 1:00]
      Lancé depuis: c:\documents and settings\°Oo PapOuneT oO°\Bureau\C-Fix.exe
      * Un nouveau point de restauration a été créé

      [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
      .

      ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-14 au 2008-11-14 ))))))))))))))))))))))))))))))))))))
      .

      2008-11-13 20:11 . 2008-11-13 20:11 <REP> dr-h----- c:\documents and settings\°Oo Antoine oO°\Recent
      2008-11-13 20:11 . 2008-11-13 20:11 <REP> dr-h----- c:\documents and settings\°Oo Antoine oO°\Recent
      2008-11-13 20:08 . 2008-11-13 20:08 <REP> d-------- C:\_OTMoveIt
      2008-11-13 18:37 . 2008-11-13 18:37 <REP> d-------- c:\program files\Trend Micro
      2008-11-13 17:34 . 2008-11-13 17:34 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
      2008-11-13 17:34 . 2008-11-13 17:34 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
      2008-11-13 17:34 . 2008-11-13 17:34 <REP> d-------- c:\documents and settings\°Oo PapOuneT oO°\Application Data\Malwarebytes
      2008-11-13 17:34 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
      2008-11-13 17:34 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
      2008-11-13 12:50 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
      2008-11-13 12:50 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
      2008-11-12 15:37 . 2008-11-14 13:02 <REP> d-------- c:\program files\FindyKill
      2008-11-09 12:25 . 2008-11-13 20:24 <REP> d-------- c:\documents and settings\All Users\Application Data\TrackMania
      2008-11-09 12:15 . 2008-11-09 12:22 <REP> d-------- c:\program files\TmUnitedForever
      2008-11-09 12:09 . 2008-11-09 12:09 <REP> d-------- c:\documents and settings\All Users\Application Data\TrackMania United
      2008-11-09 12:05 . 2008-11-09 12:07 <REP> d-------- c:\program files\TrackMania United
      2008-11-05 10:32 . 2008-11-05 16:31 <REP> d-------- c:\program files\Easy TM Forever
      2008-11-04 14:03 . 2008-11-04 14:03 <REP> d-------- c:\documents and settings\°Oo Antoine oO°\Application Data\Mostick
      2008-11-04 12:42 . 2008-04-28 15:53 805,400 -ra------ c:\windows\system32\tmpD6.tmp
      2008-11-04 12:42 . 2008-04-28 15:53 805,400 -ra------ c:\windows\system32\tmpD5.tmp
      2008-11-04 12:41 . 2008-11-13 20:52 8,912,896 --a------ c:\documents and settings\°Oo Antoine oO°\ntuser.dat
      2008-11-04 12:41 . 2008-11-13 20:52 8,912,896 --a------ c:\documents and settings\°Oo Antoine oO°\ntuser.dat
      2008-11-03 18:58 . 2008-07-16 22:35 9,728 --a------ c:\windows\system32\RtNicProp32.dll
      2008-11-03 18:42 . 2008-11-03 18:42 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
      2008-11-02 23:41 . 2008-11-03 10:29 <REP> d-------- c:\program files\WinPcap
      2008-11-01 12:44 . 2001-11-14 20:19 16,384 --a------ c:\windows\system32\FileOps.exe
      2008-10-30 09:12 . 2008-11-01 10:47 45 --a------ C:\TEST.XML
      2008-10-29 20:28 . 2004-03-29 16:23 90,112 --a------ c:\windows\unvise32.exe
      2008-10-29 20:26 . 2008-10-29 20:26 <REP> d-------- c:\program files\MAXON
      2008-10-28 16:54 . 2008-10-28 18:22 22,060 --a------ c:\windows\system32\msn
      2008-10-28 15:51 . 1999-09-18 09:54 180,224 --a------ c:\windows\system32\ijl11.dll
      2008-10-25 23:30 . 2008-10-25 23:30 <REP> d-------- c:\documents and settings\°Oo PapOuneT oO°\Application Data\EmailNotifier
      2008-10-25 20:43 . 2008-10-25 20:43 <REP> d-------- c:\program files\CA VMN Anti-Spyware
      2008-10-25 20:43 . 2008-10-25 20:43 <REP> d-------- c:\documents and settings\All Users\Application Data\EmailNotifier
      2008-10-25 20:43 . 2008-10-25 20:43 <REP> d-------- c:\documents and settings\°Oo Antoine oO°\Application Data\EmailNotifier
      2008-10-25 20:02 . 2008-10-25 20:02 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
      2008-10-25 19:54 . 2007-02-20 15:04 2,463,976 --a------ c:\windows\system32\NPSWF32.dll
      2008-10-25 19:54 . 2007-02-20 15:04 190,696 --a------ c:\windows\system32\NPSWF32_FlashUtil.exe
      2008-10-25 19:40 . 2008-10-25 19:40 <REP> d-------- c:\program files\Bonjour
      2008-10-25 19:32 . 2008-10-25 19:32 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared
      2008-10-25 13:00 . 2008-10-25 13:00 <REP> d-------- c:\documents and settings\°Oo PapOuneT oO°\Application Data\Windows Search
      2008-10-25 09:43 . 2007-10-24 15:58 216 --ahs---- C:\BOOT.BKK
      2008-10-25 09:39 . 2008-10-25 09:39 <REP> d-------- c:\program files\TGTSoft
      2008-10-24 12:38 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
      2008-10-22 08:38 . 2008-10-22 08:38 <REP> d-------- c:\program files\IKEA HomePlanner
      2008-10-22 08:37 . 2008-10-22 08:37 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
      2008-10-21 13:04 . 2008-11-01 12:44 <REP> d-------- c:\windows\system32\Adobe
      2008-10-19 15:40 . 2008-10-19 15:40 <REP> d-------- c:\documents and settings\°Oo PapOuneT oO°\Application Data\Snapfish
      2008-10-15 12:09 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
      2008-10-15 12:08 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
      2008-10-15 12:08 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
      2008-10-15 12:08 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
      2008-10-15 12:08 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
      2008-10-15 12:08 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-11-14 16:41 19,932 ----a-w c:\documents and settings\°Oo PapOuneT oO°\Application Data\wklnhst.dat
      2008-11-12 14:26 --------- d-----w c:\program files\Live for Speed S2
      2008-11-12 14:24 --------- d--h--w c:\program files\InstallShield Installation Information
      2008-11-12 09:49 --------- d-----w c:\program files\Spybot - Search & Destroy
      2008-11-12 09:00 --------- d-----w c:\program files\a-squared Free
      2008-11-12 08:17 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
      2008-11-06 19:19 --------- d-----w c:\program files\TrackMania Nations ESWC
      2008-11-06 19:10 --------- d-----w c:\program files\SpeedSim
      2008-11-06 19:03 --------- d-----w c:\program files\Button Studio
      2008-11-06 19:02 --------- d-----w c:\documents and settings\All Users\Application Data\Aquadelic GT
      2008-11-05 15:31 --------- d-----w c:\program files\WarRock
      2008-11-04 18:00 --------- d-----w c:\program files\Windows Live Safety Center
      2008-11-04 11:20 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
      2008-11-04 11:18 444,952 ----a-w c:\windows\system32\wrap_oal.dll
      2008-11-04 11:18 109,080 ----a-w c:\windows\system32\OpenAL32.dll
      2008-11-04 11:18 --------- d-----w c:\program files\OpenAL
      2008-11-01 11:44 --------- d-----w c:\program files\Fichiers communs\Adobe
      2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
      2008-10-21 18:44 188,909 ----a-w c:\windows\Fonts\petbone.zip
      2008-10-21 12:02 --------- d-----w c:\program files\Microsoft Silverlight
      2008-10-19 15:24 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
      2008-10-10 07:12 159,992 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
      2008-10-10 07:11 182,928 ----a-w c:\windows\system32\PnkBstrB.exe
      2008-10-09 14:20 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
      2008-10-08 18:37 --------- d-----w c:\program files\Alt WAV MP3 WMA OGG Converter
      2008-10-03 15:07 --------- d-----w c:\program files\Zylom Games
      2008-10-02 09:07 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
      2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
      2008-09-28 16:46 --------- d-----w c:\program files\Micro Application
      2008-09-28 16:15 --------- d-----w c:\documents and settings\°Oo PapOuneT oO°\Application Data\Zylom
      2008-09-28 16:11 --------- d-----w c:\program files\Java
      2008-09-26 17:19 --------- d-----w c:\program files\Lavalys
      2008-09-22 18:39 --------- d-----w c:\documents and settings\°Oo Antoine oO°\Application Data\teamspeak2
      2008-09-20 20:19 --------- d-----w c:\program files\TeamSpeak3
      2008-09-20 11:04 --------- d-----w c:\documents and settings\°Oo Antoine oO°\Application Data\Windows Search
      2008-09-19 19:39 --------- d-----w c:\program files\Vstplugins
      2008-09-19 19:39 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
      2008-09-19 19:38 --------- d-----w c:\program files\Sony
      2008-09-19 19:37 --------- d-----w c:\program files\Sony Setup
      2008-09-16 13:39 --------- d-----w c:\program files\Windows Desktop Search
      2008-09-16 13:39 --------- d-----w c:\documents and settings\°Oo PapOuneT oO°\Application Data\Windows Desktop Search
      2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
      2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll
      2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
      2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll
      2008-08-14 13:23 2,147,328 ----a-w c:\windows\system32\ntoskrnl.exe
      2008-08-14 13:23 2,025,984 ----a-w c:\windows\system32\ntkrnlpa.exe
      2008-03-07 19:06 4,328 ----a-w c:\documents and settings\°Oo Antoine oO°\Application Data\wklnhst.dat
      2007-11-17 09:23 3,022,242 ----a-w c:\documents and settings\°Oo PapOuneT oO°\TRACE_BOOT+DRIVERS_1_1.BIN
      2007-11-17 09:23 3,022,242 ----a-w c:\documents and settings\°Oo PapOuneT oO°\TRACE_BOOT+DRIVERS_1_1.BIN
      2007-10-22 02:49 867,848 ----a-w c:\program files\NOV2007_d3dx10_36_x64.cab
      2007-10-22 02:49 807,132 ----a-w c:\program files\NOV2007_d3dx10_36_x86.cab
      2007-10-22 02:49 49,392 ----a-w c:\program files\NOV2007_X3DAudio_x64.cab
      2007-10-22 02:49 44,850 ----a-w c:\program files\dxdllreg_x86.cab
      2007-10-22 02:49 21,744 ----a-w c:\program files\NOV2007_X3DAudio_x86.cab
      2007-10-22 02:49 200,010 ----a-w c:\program files\NOV2007_XACT_x64.cab
      2007-10-22 02:49 151,512 ----a-w c:\program files\NOV2007_XACT_x86.cab
      2007-10-22 02:49 1,805,306 ----a-w c:\program files\NOV2007_d3dx9_36_x64.cab
      2007-10-22 02:49 1,712,608 ----a-w c:\program files\NOV2007_d3dx9_36_x86.cab
      2004-07-09 03:08 2,242,560 ----a-w c:\documents and settings\°Oo Antoine oO°\dsetup32.dll
      2004-07-09 03:08 2,242,560 ----a-w c:\documents and settings\°Oo Antoine oO°\dsetup32.dll
      2004-07-09 02:03 62,976 ----a-w c:\documents and settings\°Oo Antoine oO°\DSETUP.dll
      2004-07-09 02:03 62,976 ----a-w c:\documents and settings\°Oo Antoine oO°\DSETUP.dll
      2008-06-06 14:44 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008060620080607\index.dat
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
      "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
      "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2006-07-12 237568]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
      "RemoteControl"="c:\program files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
      "PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2006-03-31 147456]
      "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
      "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 223232]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
      "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-25 185632]
      "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
      "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
      "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-12 78008]
      "RTHDCPL"="RTHDCPL.EXE" [2007-10-16 c:\windows\RTHDCPL.exe]
      "nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
      "CHotkey"="mHotkey.exe" [2004-06-03 c:\windows\mHotkey.exe]
      "ledpointer"="CNYHKey.exe" [2003-07-21 c:\windows\CNYHKey.exe]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
      "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

      c:\documents and settings\øOo Antoine oOø\Menu D‚marrer\Programmes\D‚marrage\
      Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 110592]

      c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 110592]
      Scanner Finder.lnk - c:\program files\ScanWizard 5\ScannerFinder.exe [2008-09-13 315392]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.mkdmp3enc"= c:\progra~1\HOMECI~1\POWERC~1\Kernel\Burner\MKDMP3Enc.ACM

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusDisableNotify"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "c:\\Program Files\\TrackMania United\\TmUnited.exe"=
      "c:\\Program Files\\DnD Networks\\Onyx\\lib\\Nadeo\\TMU\\TrackmaniaServer.exe"=
      "c:\\Program Files\\DnD Networks\\Onyx\\Onyx.exe"=
      "c:\\Program Files\\Cossacks 2 - Battle for Europe\\Run\\Data\\engine.exe"=
      "c:\\Program Files\\WYSIWYG Web Builder 4.0\\WebBuilder.exe"=
      "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
      "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
      "c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
      "c:\\Program Files\\eMule\\emule.exe"=
      "c:\\Program Files\\Metin2_France\\metin2.bin"=
      "c:\\Program Files\\TmUnitedForever\\TmForever.exe"=
      "c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
      "c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
      "c:\\WINDOWS\\system32\\ftp.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "c:\\WINDOWS\\system32\\sessmgr.exe"=
      "c:\\Program Files\\Home Cinema\\PowerCinema\\PowerCinema.exe"=
      "c:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe"=
      "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "5002:TCP"= 5002:TCP:tmu
      "5002:UDP"= 5002:UDP:tmu
      "21:UDP"= 21:UDP:site
      "16126:TCP"= 16126:TCP:*:Disabled:emule
      "3452:TCP"= 3452:TCP:tmu
      "3452:UDP"= 3452:UDP:tmu
      "2352:UDP"= 2352:UDP:tmu
      "2352:TCP"= 2352:TCP:tmu
      "13300:TCP"= 13300:TCP:NortonAV
      "13114:TCP"= 13114:TCP:NortonAV
      "12917:TCP"= 12917:TCP:NortonAV
      "13039:TCP"= 13039:TCP:NortonAV
      "15709:TCP"= 15709:TCP:NortonAV

      R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2005-10-17 826112]
      R3 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;c:\windows\system32\DRIVERS\cmiucr.SYS [2007-01-05 93056]
      S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [ ]
      S2 OneStepSearch Service;OneStepSearch Service;c:\program files\OneStep\onestep.exe c:\program files\OneStep\onestep.dll Service [ ]
      S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
      S3 maconfservice;Ma-Config Service;c:\documents and settings\°Oo Antoine oO°\Mes documents\maconfservice.exe [2008-11-02 195752]
      S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe [ ]
      S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld [ ]

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CE2A1958-4EAC-7237-F218-153CD75EFC12}]
      c:\windows\system32\msn.exe
      .
      .
      ------- Examen supplémentaire -------
      .
      FireFox -: Profile - c:\documents and settings\°Oo PapOuneT oO°\Application Data\Mozilla\Firefox\Profiles\6ma9wxhy.default\
      FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      .

      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-11-14 18:24:55
      Windows 5.1.2600 Service Pack 3 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      Heure de fin: 2008-11-14 18:28:10
      ComboFix-quarantined-files.txt 2008-11-14 17:27:35
      ComboFix2.txt 2008-11-13 16:26:07
      ComboFix3.txt 2008-11-12 17:07:54

      Avant-CF: 53 415 317 504 octets libres
      Après-CF: 53,456,543,744 octets libres

      241 --- E O F --- 2008-11-13 13:10:56
      0
      1. metalin > metalin
         
        Bonjour

        J'ai trouvé Bagle avec a-squared et je l'ai mit en quarentaine, est-ce que cela pose probléme pour la suite??
        0
      2. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790 > metalin
         
        Est-ce qu'il y a un rapport ? Où a été trouvée l'infection ?

        0
      3. metalin > anthony5151 Messages postés 10927 Statut Contributeur sécurité
         
        il n'y a pas de rapport, par contre je te donne l'emplacement ou il l'a trouvé:

        C:\Documents and Settings\Antoine\local settings\temporary internet Files\content IE5\AZ61534\b64_2 [1].jpg
        0
      4. metalin > anthony5151 Messages postés 10927 Statut Contributeur sécurité
         
        Bonjour
        j'ai installé Antivir et fais un rapport; bonjour les dégats !
        je poste ce rapport



        Avira AntiVir Personal
        Report file date: dimanche 16 novembre 2008 00:58

        Scanning for 1035635 virus strains and unwanted programs.

        Licensed to: Avira AntiVir PersonalEdition Classic
        Serial number: 0000149996-ADJIE-0001
        Platform: Windows XP
        Windows version: (Service Pack 3) [5.1.2600]
        Boot mode: Normally booted
        Username: SYSTEM
        Computer name: LIFETEC

        Version information:
        BUILD.DAT : 8.2.0.336 16933 Bytes 30/10/2008 11:40:00
        AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53
        AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
        LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
        LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
        ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 23:57:38
        ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 23:57:40
        ANTIVIR2.VDF : 7.1.0.57 2048 Bytes 09/11/2008 23:57:40
        ANTIVIR3.VDF : 7.1.0.88 210944 Bytes 14/11/2008 23:57:41
        Engineversion : 8.2.0.31
        AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56
        AESCRIPT.DLL : 8.1.1.15 332156 Bytes 15/11/2008 23:57:51
        AESCN.DLL : 8.1.1.5 123251 Bytes 15/11/2008 23:57:50
        AERDL.DLL : 8.1.1.3 438645 Bytes 15/11/2008 23:57:49
        AEPACK.DLL : 8.1.3.4 393591 Bytes 15/11/2008 23:57:48
        AEOFFICE.DLL : 8.1.0.30 196986 Bytes 15/11/2008 23:57:47
        AEHEUR.DLL : 8.1.0.71 1487222 Bytes 15/11/2008 23:57:46
        AEHELP.DLL : 8.1.1.3 119157 Bytes 15/11/2008 23:57:44
        AEGEN.DLL : 8.1.1.0 319859 Bytes 15/11/2008 23:57:43
        AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56
        AECORE.DLL : 8.1.4.1 172405 Bytes 15/11/2008 23:57:42
        AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56
        AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
        AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
        AVREP.DLL : 8.0.0.2 98344 Bytes 15/11/2008 23:57:42
        AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
        AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
        AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
        SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
        SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
        NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
        RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
        RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37

        Configuration settings for the scan:
        Jobname..........................: Complete system scan
        Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
        Logging..........................: low
        Primary action...................: interactive
        Secondary action.................: ignore
        Scan master boot sector..........: on
        Scan boot sector.................: on
        Boot sectors.....................: C:,
        Process scan.....................: on
        Scan registry....................: on
        Search for rootkits..............: off
        Scan all files...................: Intelligent file selection
        Scan archives....................: on
        Recursion depth..................: 20
        Smart extensions.................: on
        Macro heuristic..................: on
        File heuristic...................: medium

        Start of the scan: dimanche 16 novembre 2008 00:58

        The scan of running processes will be started
        Scan process 'avscan.exe' - '1' Module(s) have been scanned
        Scan process 'avcenter.exe' - '1' Module(s) have been scanned
        Scan process 'avgnt.exe' - '1' Module(s) have been scanned
        Scan process 'avguard.exe' - '1' Module(s) have been scanned
        Scan process 'sched.exe' - '1' Module(s) have been scanned
        Scan process 'ScannerFinder.exe' - '1' Module(s) have been scanned
        Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
        Scan process 'rundll32.exe' - '1' Module(s) have been scanned
        Scan process 'jusched.exe' - '1' Module(s) have been scanned
        Scan process 'realsched.exe' - '1' Module(s) have been scanned
        Scan process 'LaunchApplication.exe' - '1' Module(s) have been scanned
        Scan process 'PCMService.exe' - '1' Module(s) have been scanned
        Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
        Scan process 'CNYHKey.exe' - '1' Module(s) have been scanned
        Scan process 'mHotkey.exe' - '1' Module(s) have been scanned
        Scan process 'ALCFDRTM.EXE' - '1' Module(s) have been scanned
        Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
        Scan process 'CmUCREye.exe' - '1' Module(s) have been scanned
        Scan process 'explorer.exe' - '1' Module(s) have been scanned
        Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
        Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
        Scan process 'alg.exe' - '1' Module(s) have been scanned
        Scan process 'CLSched.exe' - '1' Module(s) have been scanned
        Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
        Scan process 'X10nets.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
        Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
        Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
        Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
        Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
        Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
        Scan process 'agrsmsvc.exe' - '1' Module(s) have been scanned
        Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'lsass.exe' - '1' Module(s) have been scanned
        Scan process 'services.exe' - '1' Module(s) have been scanned
        Scan process 'winlogon.exe' - '1' Module(s) have been scanned
        Scan process 'csrss.exe' - '1' Module(s) have been scanned
        Scan process 'smss.exe' - '1' Module(s) have been scanned
        47 processes with 47 modules were scanned

        Starting master boot sector scan:
        Master boot sector HD0
        [INFO] No virus was found!
        Master boot sector HD1
        [INFO] No virus was found!
        [WARNING] System error [21]: Le périphérique n'est pas prêt.
        Master boot sector HD2
        [INFO] No virus was found!
        [WARNING] System error [21]: Le périphérique n'est pas prêt.
        Master boot sector HD3
        [INFO] No virus was found!
        [WARNING] System error [21]: Le périphérique n'est pas prêt.

        Start scanning boot sectors:
        Boot sector 'C:\'
        [INFO] No virus was found!

        Starting to scan the registry.
        The registry was scanned ( '64' files ).


        Starting the file scan:

        Begin scan in 'C:\' <systeme>
        C:\hiberfil.sys
        [WARNING] The file could not be opened!
        C:\pagefile.sys
        [WARNING] The file could not be opened!
        C:\Documents and Settings\°Oo Antoine oO°\Mes documents\Downloads\NOCD The Sims 2 Deluxe crack.exe
        [DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
        [NOTE] The file was moved to '49626638.qua'!
        C:\Documents and Settings\°Oo Antoine oO°\Mes documents\eMule Downloads\Incoming\Adobe Crack Serial Keygen All Versions Cs2 Cs3 All Cs3 Progarms Photoshop Premie
        [0] Archive type: ZIP
        --> adobecs3crack.exe
        [DETECTION] Is the TR/WinLdr.A Trojan
        [NOTE] The file was moved to '498e66a2.qua'!
        C:\Documents and Settings\°Oo Antoine oO°\Mes documents\eMule Downloads\Incoming\Adobe Photoshop CS3 Premium French.rar
        [0] Archive type: RAR
        --> Adobe Photoshop CS3 Premium French\Adobe Photoshop CS3 Premium French\Crack\Keygen.exe
        [DETECTION] Contains a recognition pattern of the (harmful) BDS/Pcclient.581 back-door program
        [WARNING] An error has occurred and the file was not deleted. ErrorID: 26001
        [WARNING] Failed!
        [NOTE] Attempting to perform action using the ARK lib.
        [NOTE] The file was moved to '4bd8f255.qua'!
        C:\Documents and Settings\°Oo Antoine oO°\Mes documents\eMule Downloads\Temp\008.part
        [0] Archive type: RAR
        --> SoftImage_XSI_Advanced_v6.0\setup_XSI_6.0_windows32.exe
        [1] Archive type: CAB SFX (self extracting)
        --> \msivc8rt.exe
        [WARNING] No further files can be extracted from this archive. The archive will be closed
        C:\Documents and Settings\°Oo Antoine oO°\Mes documents\logiciel\Cinema 4D\CINEMA_4D_R9.603.zip
        [0] Archive type: ZIP
        --> keygen.exe
        [DETECTION] Is the TR/Dldr.Bagle.aeu Trojan
        [NOTE] The file was moved to '496d6eb0.qua'!
        C:\Documents and Settings\°Oo Antoine oO°\Mes documents\logiciel\log msn\messenger recovery\MessengerRecovery.rar
        [0] Archive type: RAR
        --> MessengerRecovery.exe
        [1] Archive type: RSRC
        --> Object
        [DETECTION] Is the TR/Agent.xtc Trojan
        --> stealer-msn.exe
        [DETECTION] Is the TR/Drop.VB.ckq Trojan
        [NOTE] The file was moved to '49926f24.qua'!
        C:\Documents and Settings\°Oo Antoine oO°\Mes documents\Mes fichiers reçus\encul de virus msn.zip
        [0] Archive type: ZIP
        --> yu2008setup.exe
        [1] Archive type: RSRC
        --> Object
        [2] Archive type: CAB (Microsoft)
        --> EMU.exe
        [3] Archive type: NSIS
        --> ProgramFilesDir/connector.exe
        [DETECTION] Is the TR/Dldr.Ftp.DM Trojan
        [NOTE] The file was moved to '49826f72.qua'!
        C:\Documents and Settings\°Oo Antoine oO°\Mes documents\Mes fichiers reçus\Nouveau Archive WinRAR.rar
        [0] Archive type: RAR
        --> PhotoShop CS3 Extended.exe
        [DETECTION] Is the TR/Proxy.Horst.aae.3 Trojan
        [NOTE] The file was moved to '49946f79.qua'!
        C:\Documents and Settings\°Oo PapOuneT oO°\Mes documents\protection et contrôle\aswclnr.exe
        [DETECTION] Contains recognition pattern of the WORM/NetworkWorm/.KN worm
        [NOTE] The file was moved to '4996723e.qua'!
        C:\Documents and Settings\°Oo PapOuneT oO°\Mes documents\téléchargements\jeu Colette\SetupCasino.exe
        [DETECTION] Is the TR/Dloader.DZNY Trojan
        [NOTE] The file was moved to '49937269.qua'!
        C:\Lop SD\osVer.exe
        [DETECTION] Contains a recognition pattern of the (harmful) BDS/Small.gov back-door program
        [NOTE] The file was moved to '4975728d.qua'!
        C:\Lop SD\Backup-Lop\DOCUME~1\OOANTO~1\APPLIC~1\FINDAI~1\datatoolamen.exe
        [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
        [NOTE] The file was moved to '49937286.qua'!
        C:\Lop SD\Backup-Lop\DOCUME~1\OOANTO~1\APPLIC~1\FINDAI~1\fyztkary.exe
        [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
        [NOTE] The file was moved to '499972a2.qua'!
        C:\Lop SD\Backup-Lop\DOCUME~1\OOANTO~1\APPLIC~1\FINDAI~1\kemdochw.exe
        [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
        [NOTE] The file was moved to '498c7291.qua'!
        C:\Lop SD\Backup-Lop\DOCUME~1\OOANTO~1\APPLIC~1\FINDAI~1\mcpnffby.exe
        [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
        [NOTE] The file was moved to '498f7292.qua'!
        C:\Lop SD\Backup-Lop\DOCUME~1\OOANTO~1\APPLIC~1\FINDAI~1\MIXCORNFORLESS.exe
        [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
        [NOTE] The file was moved to '4977727b.qua'!
        C:\Lop SD\Backup-Lop\DOCUME~1\OOANTO~1\APPLIC~1\FINDAI~1\pcvggmvi.exe
        [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
        [NOTE] The file was moved to '49957299.qua'!
        C:\Lop SD\Backup-Lop\DOCUME~1\OOANTO~1\APPLIC~1\FINDAI~1\qlftkjyt.exe
        [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
        [NOTE] The file was moved to '498572a5.qua'!
        C:\Lop SD\Backup-Lop\DOCUME~1\OOANTO~1\APPLIC~1\FINDAI~1\RoadStore.exe
        [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
        [NOTE] The file was moved to '498072aa.qua'!
        C:\Lop SD\Backup-Lop\DOCUME~1\OOANTO~1\APPLIC~1\FINDAI~1\vwkvpgoq.exe
        [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
        [NOTE] The file was moved to '498a72b4.qua'!
        C:\Lop SD\Backup-Lop\DOCUME~1\OOCHAR~1\APPLIC~1\FINDAI~1\RoadStore.exe
        [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
        [NOTE] The file was moved to '498072ae.qua'!
        C:\Lop SD\Backup-Lop\DOCUME~1\OOPAPO~1\APPLIC~1\FINDAI~1\acyallxz.exe
        [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
        [NOTE] The file was moved to '499872a9.qua'!
        C:\Lop SD\Backup-Lop\DOCUME~1\OOPAPO~1\APPLIC~1\FINDAI~1\datatoolamen.exe
        [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
        [NOTE] The file was moved to '499372aa.qua'!
        C:\Lop SD\Backup-Lop\DOCUME~1\OOPAPO~1\APPLIC~1\FINDAI~1\fcdvlmvi.exe
        [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
        [NOTE] The file was moved to '498372af.qua'!
        C:\Lop SD\Backup-Lop\DOCUME~1\OOPAPO~1\APPLIC~1\FINDAI~1\izoelicr.exe
        [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
        [NOTE] The file was moved to '498e72c8.qua'!
        C:\Lop SD\Backup-Lop\DOCUME~1\OOPAPO~1\APPLIC~1\FINDAI~1\jmxlfcnv.exe
        [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
        [NOTE] The file was moved to '499772bd.qua'!
        C:\Lop SD\Backup-Lop\DOCUME~1\OOPAPO~1\APPLIC~1\FINDAI~1\MIXCORNFORLESS.exe
        [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
        [NOTE] The file was moved to '4977729a.qua'!
        C:\Lop SD\Backup-Lop\DOCUME~1\OOPAPO~1\APPLIC~1\FINDAI~1\RoadStore.exe
        [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
        [NOTE] The file was moved to '498072c3.qua'!
        C:\Lop SD\Backup-Lop\DOCUME~1\OOPAPO~1\APPLIC~1\FINDAI~1\swjmvrat.exe
        [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
        [NOTE] The file was moved to '498972cd.qua'!
        C:\Program Files\eMule\Incoming\NOCD The Sims 2 Deluxe crack.exe
        [DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
        [NOTE] The file was moved to '49627547.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\data.oct.vir
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49937a58.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\flec006.exe.vir
        [DETECTION] Is the TR/Bagle.Gen.B Trojan
        [NOTE] The file was moved to '49847a65.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\2X ApplicationServer 3.zip.vir
        [0] Archive type: ZIP
        --> serial.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '493f7a54.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\7tools_Partition_Manager_2005_6.02.01.zip.vir
        [0] Archive type: ZIP
        --> key_generator.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498e7a72.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\abcAVI_Tag_Editor_1.8.1.129.zip.vir
        [0] Archive type: ZIP
        --> patch.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49827a62.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Advanced_Page_Rank_Analyzer_2.0_[Crack].zip.vir
        [0] Archive type: ZIP
        --> keygen.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49957a67.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\AJet_3.zip.vir
        [0] Archive type: ZIP
        --> setup.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49847a4f.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\All_Stats_Hockey_Coach_6.0.zip.vir
        [0] Archive type: ZIP
        --> patch.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498b7a74.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Altdo_Convert_MP3_Master_2.1.zip.vir
        [0] Archive type: ZIP
        --> keygen.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49937a76.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Apple_FireWire_Drivers_2.5.zip.vir
        [0] Archive type: ZIP
        --> serial.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498f7a7d.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Asf_Seek_Maker_1.5_KeyGen.zip.vir
        [0] Archive type: ZIP
        --> install.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49857a82.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\AtleX CPU Speed 1.0.zip.vir
        [0] Archive type: ZIP
        --> run.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498b7a85.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Autumn Leaves Fall Foliage Collection 2.0.zip.vir
        [0] Archive type: ZIP
        --> patch.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49937a88.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Avast.Pro.v4.7.871.Incl.Keymaker-CORE.czip.zip.vir
        [0] Archive type: ZIP
        --> crac.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49807a8c.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\A_Haunted_Halloween_ScreenSaver_1.00.zip.vir
        [0] Archive type: ZIP
        --> key_gen.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49677a77.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Backup2Net_1.1.zip.vir
        [0] Archive type: ZIP
        --> install_patch.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49827a7b.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\BatteryMon_2.1_Build_1000_Cracked.zip.vir
        [0] Archive type: ZIP
        --> serial.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49937a7f.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Beautiful Britain winter screensaver 1.zip.vir
        [0] Archive type: ZIP
        --> install_patch.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49807a85.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Beyond_Media_1.0_Key.zip.vir
        [0] Archive type: ZIP
        --> run.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49987a88.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\BFG_Chat_Client_1.17.zip.vir
        [0] Archive type: ZIP
        --> key_gen.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49667a6b.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Bid-n-Invoice Basic Invoice 2.1.zip.vir
        [0] Archive type: ZIP
        --> key_gen.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49837a90.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Butterfly Jungle 3D Screensaver 1.0.zip.vir
        [0] Archive type: ZIP
        --> install_crack.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49937a9e.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Car_Logbook_2.3.zip.vir
        [0] Archive type: ZIP
        --> run.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49917a8d.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Chronilist 5.9.zip.vir
        [0] Archive type: ZIP
        --> install.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49917a96.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Claves.Bitdefender.zip.vir
        [0] Archive type: ZIP
        --> keygen.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49807a9c.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Copy+ 2.01.01.zip.vir
        [0] Archive type: ZIP
        --> serial.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498f7aa1.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\CryptoSystem Personal 1.2.zip.vir
        [0] Archive type: ZIP
        --> crac.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49987aa6.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Custom Shapes Pack 12 'Torus' 1.0.0 Patch.zip.vir
        [0] Archive type: ZIP
        --> crac.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49927aac.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Data Export - DB22DBF 1.0.zip.vir
        [0] Archive type: ZIP
        --> key_generator.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49937a9a.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\DB-HTML_Converter_PRO_1.4.zip.vir
        [0] Archive type: ZIP
        --> serial.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '494c7a7d.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Demo Builder 6.00.zip.vir
        [0] Archive type: ZIP
        --> serial.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498c7aa2.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Desktop FLV Player 1.0.zip.vir
        [0] Archive type: ZIP
        --> run.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49927aa4.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Desktop Organizer & Arranger 1.1.7.zip.vir
        [0] Archive type: ZIP
        --> crac.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49927aa6.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Digital Photo Fixer 2004.zip.vir
        [0] Archive type: ZIP
        --> install_crack.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49867aac.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Diskasizer 1.2.zip.vir
        [0] Archive type: ZIP
        --> install.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49927aae.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Dmouse 1.0.0.zip.vir
        [0] Archive type: ZIP
        --> install_crack.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498e7ab4.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\DocsToBox 1.1.1 Build 195.zip.vir
        [0] Archive type: ZIP
        --> install_crack.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49827ab8.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\DVDCommander_Free_2006_2.5.zip.vir
        [0] Archive type: ZIP
        --> key_gen.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49637aa2.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\EasyHex Hex Editor 1.13.zip.vir
        [0] Archive type: ZIP
        --> keygen.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '4dcad1ff.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Easy_Pocket_PC_Installer_1.21.zip.vir
        [0] Archive type: ZIP
        --> key_gen.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49927ab1.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\EDIdEv_SEF_Reader_1.0.zip.vir
        [0] Archive type: ZIP
        --> patch.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49687a96.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\EMS_Data_Import_2005_for_MySQL_2.1.0.2.zip.vir
        [0] Archive type: ZIP
        --> serial.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49727aa1.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Energize 2.0 Beta 2.zip.vir
        [0] Archive type: ZIP
        --> install_crack.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49847ac4.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Enigma_0.92.zip.vir
        [0] Archive type: ZIP
        --> keygen.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49887ac6.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Ewido.antimalware.4.0.Beta.keygen.Serial.czip.zip.vir
        [0] Archive type: ZIP
        --> patch.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49887ad2.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Extra DVD Ripper Express 4.52.zip.vir
        [0] Archive type: ZIP
        --> install_crack.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49937ad5.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Eye_Candy_5_Impact_[KeyGen].zip.vir
        [0] Archive type: ZIP
        --> crac.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49847ad8.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\EzLink NG 2005.10.21.zip.vir
        [0] Archive type: ZIP
        --> install.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '496b7adb.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\File Data Viewer 1.0.zip.vir
        [0] Archive type: ZIP
        --> patch.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498b7acd.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Fitness Assistant 1.99.zip.vir
        [0] Archive type: ZIP
        --> setup.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49937acf.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Flash_Projector_1.zip.vir
        [0] Archive type: ZIP
        --> run.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49807ad4.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\FlowChartX_control_4.1.4.zip.vir
        [0] Archive type: ZIP
        --> patch.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498e7ad7.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\FMF Skin Creator 1.0.zip.vir
        [0] Archive type: ZIP
        --> run.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49657aba.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Fontonizer_1.02_build_105.zip.vir
        [0] Archive type: ZIP
        --> setup.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498d7ade.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\FotoTagger 2.10.0.1.zip.vir
        [0] Archive type: ZIP
        --> key_gen.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49937ae0.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\FoxNotes 2.5.4.zip.vir
        [0] Archive type: ZIP
        --> run.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49977ae2.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\FrameSolver 2D 1.0 Key.zip.vir
        [0] Archive type: ZIP
        --> keygen.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49807ae7.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Frobisher Font TrueType 1.51.zip.vir
        [0] Archive type: ZIP
        --> serial.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498e7aeb.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\FullShot_9.5.1.1_(Key+Serial).zip.vir
        [0] Archive type: ZIP
        --> key_gen.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498b7af2.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\GameSelect_2.1.1.zip.vir
        [0] Archive type: ZIP
        --> install.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498c7ae1.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\genesisseeds_toolbar_for_IE_4.5.132.0.zip.vir
        [0] Archive type: ZIP
        --> setup.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498d7ae7.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Goal.Com - Live News 1.0.0.0.zip.vir
        [0] Archive type: ZIP
        --> install.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49807af3.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Google Pack 2.2.969.23408 Beta.zip.vir
        [0] Archive type: ZIP
        --> serial.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498e7af5.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Green Saver 3.10.0510.zip.vir
        [0] Archive type: ZIP
        --> crac.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49847afa.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Half-Life_Natural_Selection_4_client_3.0_beta.zip.vir
        [0] Archive type: ZIP
        --> setup.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498b7aeb.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Halo_Dedicated_Server_Init_File_Builder_2.1.zip.vir
        [0] Archive type: ZIP
        --> keygen.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498b7aed.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Hot Video to iPod Converter 2.0 Crack.zip.vir
        [0] Archive type: ZIP
        --> install_crack.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49937afd.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Human Resource Manager 2.0.zip.vir
        [0] Archive type: ZIP
        --> run.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498c7b05.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Inhabitants of Wood Screensaver 1.0.zip.vir
        [0] Archive type: ZIP
        --> setup.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49877b00.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\JobOrder 12.9.zip.vir
        [0] Archive type: ZIP
        --> install_crack.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49817b03.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Kalvyn_Workgroup_Software_Access_Edition_2006_1.0.zip.vir
        [0] Archive type: ZIP
        --> install_crack.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498b7af8.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Karamasoft_UltimateEditor_2.3_(Serial).zip.vir
        [0] Archive type: ZIP
        --> keygen.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49917afa.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\KFI am 640 2.00.zip.vir
        [0] Archive type: ZIP
        --> key_gen.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49687ae1.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\KingConvert For Data Burn 5.0.zip.vir
        [0] Archive type: ZIP
        --> install.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498d7b07.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\LingvoSoft_Dictionary_2007_Russian_-_Armenian_4.0.22_[Key].zip.vir
        [0] Archive type: ZIP
        --> patch.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498d7b0c.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\ListGrabber Standard 4.0.0.39.zip.vir
        [0] Archive type: ZIP
        --> setup.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49927b14.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Lookup Unlisted Phone Number 1.0.zip.vir
        [0] Archive type: ZIP
        --> setup.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498e7b20.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\LuckyPhoto 1.0.zip.vir
        [0] Archive type: ZIP
        --> keygen.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49827b28.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Magic_Audio_Recorder_5.4.0.zip.vir
        [0] Archive type: ZIP
        --> install.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49867b17.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\MCE Controller 1.1.0.zip.vir
        [0] Archive type: ZIP
        --> install.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49647afa.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Microsoft Phishing Filter Add-in for MSN Search Toolbar 3.0.4702.0.zip.vir
        [0] Archive type: ZIP
        --> key_generator.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49827b23.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Millions_of_Light_Years_1.6_Cracked.zip.vir
        [0] Archive type: ZIP
        --> serial.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498b7b27.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\MindChimes 1.3.0.zip.vir
        [0] Archive type: ZIP
        --> run.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498d7b29.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Ministry Assistant 1.4.3.4.zip.vir
        [0] Archive type: ZIP
        --> install.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498d7b2e.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\MSN UK Movies 1.0.zip.vir
        [0] Archive type: ZIP
        --> install_patch.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '496d7b1a.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Nawras PC Supervisor 1.0.0.0.zip.vir
        [0] Archive type: ZIP
        --> keygen.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49967b2a.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\NOD32.Antivirus.v2.51.30.FR.(Version.Windows_XP_2000_2003_NT_32-bit_64-bit).Incl-Crack.zip.vir
        [0] Archive type: ZIP
        --> keygen.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49637b1a.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\NotepadEx 1.7.4.4.zip.vir
        [0] Archive type: ZIP
        --> install_patch.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49937b3c.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\PalTalkScene 9.2.221.zip.vir
        [0] Archive type: ZIP
        --> key_generator.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498b7b30.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Parnian_for_Freehand_3.0.zip.vir
        [0] Archive type: ZIP
        --> key_gen.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49917b32.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Paving Design Expert 1.3.0.135.zip.vir
        [0] Archive type: ZIP
        --> install_patch.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49957b34.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\PDF Suite .NET 3.0.zip.vir
        [0] Archive type: ZIP
        --> crac.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49657b19.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\PDF_album_maker_1.01_[Cracked].zip.vir
        [0] Archive type: ZIP
        --> run.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49657b1b.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Phone Deck 1.3.zip.vir
        [0] Archive type: ZIP
        --> install_patch.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498e7b41.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Play_Guitar_2.0.zip.vir
        [0] Archive type: ZIP
        --> install.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49807b47.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\PLC Training - RSlogix Simulator 3.0.zip.vir
        [0] Archive type: ZIP
        --> install_patch.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49627b29.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Pluto_3D_ScreenSaver_1.zip.vir
        [0] Archive type: ZIP
        --> run.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49947b4b.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\PrePromote v4.05.zip.vir
        [0] Archive type: ZIP
        --> install.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49847b53.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\PSD2FLA_1.0.3_r031_Key+Serial.zip.vir
        [0] Archive type: ZIP
        --> install.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49637b36.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Qurb_3.0.zip.vir
        [0] Archive type: ZIP
        --> install.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49917b5a.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\RICECAKES 1.5.zip.vir
        [0] Archive type: ZIP
        --> install.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49627b30.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\ServersCheck_VNCAdministrator_1.0_[Serial].zip.vir
        [0] Archive type: ZIP
        --> patch.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49917b4f.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\SetPwd 1.5.0.zip.vir
        [0] Archive type: ZIP
        --> serial.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49937b53.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\SetupTIE2007 1.0.3.4.zip.vir
        [0] Archive type: ZIP
        --> setup.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49937b55.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Simple_Home_Money_Management_2006.4.zip.vir
        [0] Archive type: ZIP
        --> keygen.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498c7b5b.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Softinabox_Remind_Me!_1.0.0_Build_38.zip.vir
        [0] Archive type: ZIP
        --> keygen.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49857b64.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Sprinkle Clock ScreenSaver 2.3.zip.vir
        [0] Archive type: ZIP
        --> install_crack.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49917b67.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\SSW_Property_and_Event_Pro_2000_2.3_[KeyGen].zip.vir
        [0] Archive type: ZIP
        --> install_patch.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49767b4c.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Stay with me toolbar for IE 4.5.132.0.zip.vir
        [0] Archive type: ZIP
        --> install_patch.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49807b6f.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Streams 1.53.zip.vir
        [0] Archive type: ZIP
        --> run.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49917b71.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Sudoku_Puzzle_Game_1.0.zip.vir
        [0] Archive type: ZIP
        --> run.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49837b74.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Summertime_Skies_1.00.zip.vir
        [0] Archive type: ZIP
        --> install_patch.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498c7b76.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\SysImage_HTML2Image_1.5_Crack.zip.vir
        [0] Archive type: ZIP
        --> key_generator.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49927b7c.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\TechSmith_Screen_Capture_Codec_1.0.zip.vir
        [0] Archive type: ZIP
        --> key_gen.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49827b6a.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\The Hubble Space Telescope Part 2 1.0.zip.vir
        [0] Archive type: ZIP
        --> key_gen.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49847b6f.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\True_Conception_of_Sri_Guru_Tattva_1.08.zip.vir
        [0] Archive type: ZIP
        --> patch.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49947b7b.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\UControls GlassButton 1.zip.vir
        [0] Archive type: ZIP
        --> keygen.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498e7b4e.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\VCW VicMan's Submass 5.2 Key+Serial.zip.vir
        [0] Archive type: ZIP
        --> install.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49767b50.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\VeriTime Time Tracker 5.0.4.16.zip.vir
        [0] Archive type: ZIP
        --> install.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49917b74.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\ViruScape_2006.zip.vir
        [0] Archive type: ZIP
        --> serial.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49917b7a.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Voxengo_Marquis_Compressor_1.4_(Key).zip.vir
        [0] Archive type: ZIP
        --> install.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49977b84.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\WannaChat 0.50804.zip.vir
        [0] Archive type: ZIP
        --> install_patch.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498d7b79.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Wav_Split_Mp3_1.00_(Cracked).zip.vir
        [0] Archive type: ZIP
        --> crac.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49957b7b.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\WeightWare_3.4.0_Crack.zip.vir
        [0] Archive type: ZIP
        --> install_patch.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49887b81.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Windows_Live_Messenger_Now_Playing_Plugin_0.23.zip.vir
        [0] Archive type: ZIP
        --> serial.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498d7b88.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\WorshipLeader_4.8.2.zip.vir
        [0] Archive type: ZIP
        --> install_patch.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49917b90.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Y!RabidStatter_2.1.zip.vir
        [0] Archive type: ZIP
        --> install_crack.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49717b44.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\Zinc 2.5.0.16.zip.vir
        [0] Archive type: ZIP
        --> key_generator.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '498d7b8e.qua'!
        C:\Qoobox\Quarantine\C\Documents and Settings\°Oo Antoine oO°\Application Data\m\shared\ZPC demo.zip.vir
        [0] Archive type: ZIP
        --> crac.exe
        [DETECTION] Is the TR/Dldr.Bagle.afu Trojan
        [NOTE] The file was moved to '49627b78.qua'!
        C:\Qoobox\Quarantine\C\WINDOWS\AdobeR.exe.vir
        [DETECTION] Contains recognition pattern of the WORM/Rjump.D worm
        [NOTE] The file was moved to '498e7b95.qua'!
        C:\Qoobox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir
        [DETECTION] Is the TR/Bagle.Gen.B Trojan
        [NOTE] The file was moved to '49847b97.qua'!
        C:\Qoobox\Quarantine\C\WINDOWS\system32\msn.exe.vir
        [DETECTION] Is the TR/Drop.VB.ckq Trojan
        [NOTE] The file was moved to '498d7ba9.qua'!
        C:\Qoobox\Quarantine\C\WINDOWS\system32\wintems.exe.vir
        [DETECTION] Is the TR/Bagle.Gen.B Trojan
        [NOTE] The file was moved to '498d7ba1.qua'!
        C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\winfilse.exe.vir
        [DETECTION] Is the TR/Dldr.Bagle.aeu Trojan
        [NOTE] The file was moved to '498d7ba3.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP365\A0098922.exe
        [DETECTION] Contains recognition pattern of the DR/OneStep.C.183 dropper
        [NOTE] The file was moved to '494f7ba5.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP366\A0099137.exe
        [DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
        [NOTE] The file was moved to '494f7bb2.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP366\A0099138.exe
        [DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
        [NOTE] The file was moved to '494f7bb6.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP366\A0099139.exe
        [DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
        [NOTE] The file was moved to '494f7bb8.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP368\A0099295.exe
        [DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
        [NOTE] The file was moved to '494f7bc3.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP368\A0099296.exe
        [DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
        [NOTE] The file was moved to '494f7bc5.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP368\A0099298.exe
        [DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
        [NOTE] The file was moved to '494f7bc8.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP368\A0099300.exe
        [DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
        [NOTE] The file was moved to '494f7bca.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP368\A0100050.exe
        [DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
        [NOTE] The file was moved to '49507bcd.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP369\A0100142.exe
        [DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
        [NOTE] The file was moved to '49507bd3.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP369\A0100143.exe
        [DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
        [NOTE] The file was moved to '49507bd6.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP369\A0100145.exe
        [DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
        [NOTE] The file was moved to '49507bd9.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP371\A0100337.exe
        [DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
        [NOTE] The file was moved to '49507be3.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP371\A0100338.exe
        [DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
        [NOTE] The file was moved to '49507be5.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP371\A0100340.exe
        [DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
        [NOTE] The file was moved to '49507be8.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP371\A0100342.exe
        [DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
        [NOTE] The file was moved to '49507bea.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP371\A0100390.exe
        [DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
        [NOTE] The file was moved to '49507bee.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP386\A0103029.exe
        [DETECTION] Contains recognition pattern of the DR/P2PAdware.A.60 dropper
        [NOTE] The file was moved to '49507c12.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP386\A0103032.exe
        [DETECTION] Contains recognition pattern of the DR/LiveTV dropper
        [NOTE] The file was moved to '49507c16.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP390\A0104100.exe
        [0] Archive type: RSRC
        --> Object
        [1] Archive type: RAR
        --> SponsorSetup.exe
        [DETECTION] Is the TR/Swizzor.AAM Trojan
        [NOTE] The file was moved to '49507c3c.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP419\A0107869.exe
        [DETECTION] Contains a recognition pattern of the (harmful) BDS/VB.fna.1 back-door program
        [NOTE] The file was moved to '49507c7f.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP449\A0114930.sys
        [DETECTION] Is the TR/Rootkit.Gen Trojan
        [NOTE] The file was moved to '49507cf4.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP449\A0114932.exe
        [DETECTION] Is the TR/Bagle.Gen.B Trojan
        [NOTE] The file was moved to '49507cf7.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP449\A0114933.exe
        [DETECTION] Is the TR/Bagle.Gen.B Trojan
        [NOTE] The file was moved to '49507cf9.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP449\A0114947.exe
        [DETECTION] Is the TR/Bagle.Gen.B Trojan
        [NOTE] The file was moved to '49507cfe.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP449\A0114975.sys
        [DETECTION] Is the TR/Rootkit.Gen Trojan
        [NOTE] The file was moved to '49507d00.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP449\A0114978.exe
        [DETECTION] Is the TR/Bagle.Gen.B Trojan
        [NOTE] The file was moved to '49507d02.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP449\A0114979.exe
        [DETECTION] Is the TR/Bagle.Gen.B Trojan
        [NOTE] The file was moved to '49507d05.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP450\A0114994.exe
        [DETECTION] Is the TR/Bagle.Gen.B Trojan
        [NOTE] The file was moved to '49507d08.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP450\A0114995.exe
        [DETECTION] Is the TR/Bagle.Gen.B Trojan
        [NOTE] The file was moved to '49507d0a.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP450\A0114996.exe
        [DETECTION] Is the TR/Bagle.Gen.B Trojan
        [NOTE] The file was moved to '49507d0c.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP450\A0114997.exe
        [DETECTION] Is the TR/Bagle.Gen.B Trojan
        [NOTE] The file was moved to '49507d0e.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP450\A0114998.exe
        [DETECTION] Is the TR/Bagle.Gen.B Trojan
        [NOTE] The file was moved to '49507d10.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP450\A0115001.exe
        [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
        [NOTE] The file was moved to '49507d13.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP450\A0115002.exe
        [DETECTION] Is the TR/Bagle.Gen.B Trojan
        [NOTE] The file was moved to '49507d15.qua'!
        C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP450\A0115005.sys
        [DETECTION] Is the TR/Rootkit.Gen Trojan
        [NOTE] The file was moved to '49507d17.qua'!
        C:\System Volume Information\_resto
        0
  14. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Tu as bien d'installer Antivir, c'est ce que je t'aurai conseillé pour remplacer Avast de toute façon (en parlant d'Avast, pense à vider sa quarantaine et à le désinstaller).

    Tout ce qui est détecté dans C:\Qoobox correspond à la quarantaine de Combofix ==> pas de danger
    Tout ce qui est détecté dans C:\System Volume Information\_restore correspond à des sauvegardes de la restauration du système ==> pas de danger tant que tu ne fais pas de restauration.

    Par contre, tu remarqueras qu'Antivir a détecté plusieurs cracks infectés (voir début du rapport) !!!
    C'est bien ça la source de l'infection... Je te conseille de relire mon tout premier message : http://www.commentcamarche.net/forum/affich 9384672 bagle encore?#1

    Je refuse de continuer à t'aider tant que tu n'auras pas supprimé définitivement TOUS tes cracks et keygens, sinon c'est une perte de temps pour toi comme pour moi (toutes ces merdes réinfectent ton PC dès que tu les utilises...)

    0
    1. metalin
       
      ok, il en restait sur la cession de mon fils, il les avait oubliés, tous les cracks ont été retirés.
      A propos d'Avast, je l'ai bien viré, il ny avait rien en quarantaine puisque je l'ai installé quand j'ai découvert l'infection, mais il n'a pas fonctionné.
      0
  15. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    OK, refais un scan complet avec MalwareBytes et un autre avec Antivir pour vérifier stp (après les avoir mis à jour).

    0
    1. metalin
       
      dois je laisser ce qu'il y a en quarantaine dans MalwareBytes ?
      0
  16. metalin
     
    Malwarebytes' Anti-Malware 1.30
    Version de la base de données: 1402
    Windows 5.1.2600 Service Pack 3

    16/11/2008 23:04:56
    mbam-log-2008-11-16 (23-04-56).txt

    Type de recherche: Examen rapide
    Eléments examinés: 61070
    Temps écoulé: 4 minute(s), 53 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  17. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Tu peux vider la quarantaine de MalwareBytes
    Par contre, j'aurai préféré que tu fasses un scan complet avec, et non une recherche rapide ;)

    0
    1. metalin
       
      voici un rapport complet

      Malwarebytes' Anti-Malware 1.30
      Version de la base de données: 1402
      Windows 5.1.2600 Service Pack 3

      17/11/2008 09:55:27
      mbam-log-2008-11-17 (09-55-27).txt

      Type de recherche: Examen complet (C:\|D:\|E:\|)
      Eléments examinés: 251028
      Temps écoulé: 1 hour(s), 35 minute(s), 23 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 1

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\System Volume Information\_restore{85E165D6-2848-4113-B57C-90B1438461F9}\RP475\A0120543.sys (Trojan.Downloader) -> Quarantined and deleted successfully.
      0
  18. metalin
     
    Avira AntiVir Personal
    Report file date: lundi 17 novembre 2008 00:48

    Scanning for 1036369 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 3) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: LIFETEC

    Version information:
    BUILD.DAT : 8.2.0.336 16933 Bytes 30/10/2008 11:40:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
    ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 23:57:38
    ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 23:57:40
    ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 16/11/2008 23:47:23
    ANTIVIR3.VDF : 7.1.0.90 2048 Bytes 16/11/2008 23:47:24
    Engineversion : 8.2.0.31
    AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56
    AESCRIPT.DLL : 8.1.1.15 332156 Bytes 15/11/2008 23:57:51
    AESCN.DLL : 8.1.1.5 123251 Bytes 15/11/2008 23:57:50
    AERDL.DLL : 8.1.1.3 438645 Bytes 15/11/2008 23:57:49
    AEPACK.DLL : 8.1.3.4 393591 Bytes 15/11/2008 23:57:48
    AEOFFICE.DLL : 8.1.0.30 196986 Bytes 15/11/2008 23:57:47
    AEHEUR.DLL : 8.1.0.71 1487222 Bytes 15/11/2008 23:57:46
    AEHELP.DLL : 8.1.1.3 119157 Bytes 15/11/2008 23:57:44
    AEGEN.DLL : 8.1.1.0 319859 Bytes 15/11/2008 23:57:43
    AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56
    AECORE.DLL : 8.1.4.1 172405 Bytes 15/11/2008 23:57:42
    AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 15/11/2008 23:57:42
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: lundi 17 novembre 2008 00:48

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'ScannerFinder.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'realsched.exe' - '1' Module(s) have been scanned
    Scan process 'LaunchApplication.exe' - '1' Module(s) have been scanned
    Scan process 'PCMService.exe' - '1' Module(s) have been scanned
    Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
    Scan process 'CNYHKey.exe' - '1' Module(s) have been scanned
    Scan process 'ALCFDRTM.EXE' - '1' Module(s) have been scanned
    Scan process 'mHotkey.exe' - '1' Module(s) have been scanned
    Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
    Scan process 'CmUCREye.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'realplay.exe' - '1' Module(s) have been scanned
    Scan process 'javaw.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'IMApp.exe' - '1' Module(s) have been scanned
    Scan process 'ALCFDRTM.EXE' - '1' Module(s) have been scanned
    Scan process 'ScannerFinder.exe' - '1' Module(s) have been scanned
    Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
    Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'realsched.exe' - '1' Module(s) have been scanned
    Scan process 'LaunchApplication.exe' - '1' Module(s) have been scanned
    Scan process 'PCMService.exe' - '1' Module(s) have been scanned
    Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
    Scan process 'CNYHKey.exe' - '1' Module(s) have been scanned
    Scan process 'mHotkey.exe' - '1' Module(s) have been scanned
    Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
    Scan process 'CmUCREye.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
    Scan process 'CLSched.exe' - '1' Module(s) have been scanned
    Scan process 'X10nets.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
    Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
    Scan process 'pcapsvc.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
    Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'agrsmsvc.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    70 processes with 70 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '64' files ).

    Starting the file scan:

    Begin scan in 'C:\' <systeme>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\°Oo Antoine oO°\Mes documents\eMule Downloads\Temp\008.part
    [0] Archive type: RAR
    --> SoftImage_XSI_Advanced_v6.0\setup_XSI_6.0_windows32.exe
    [1] Archive type: CAB SFX (self extracting)
    --> \msivc8rt.exe
    [WARNING] No further files can be extracted from this archive. The archive will be closed

    End of the scan: lundi 17 novembre 2008 02:17
    Used time: 1:29:45 Hour(s)

    The scan has been done completely.

    15519 Scanning directories
    579742 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    579740 Files not concerned
    6281 Archives were scanned
    6 Warnings
    0 Notes
    0
  19. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    C'est parfait.
    Vérifie que ton fils n'a plus de téléchargement infecté en cours comme celui-ci (et plus généralement que plus perosnne ne télécharge de cracks...) :

    C:\Documents and Settings\°Oo Antoine oO°\Mes documents\eMule Downloads\Temp\008.part
    [0] Archive type: RAR
    --> SoftImage_XSI_Advanced_v6.0\setup_XSI_6.0_windows32.exe
    [1] Archive type: CAB SFX (self extracting)
    --> \msivc8rt.exe
    [WARNING] No further files can be extracted from this archive. The archive will be closed

    Puis poste un nouveau rapport hijackthis stp

    0
    1. metalin
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 12:24:36, on 17/11/2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\WINDOWS\system32\agrsmsvc.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Documents and Settings\°Oo Antoine oO°\Mes documents\logiciel\pcapsvc.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      C:\WINDOWS\system32\SearchIndexer.exe
      C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\CmUCReye.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\mHotkey.exe
      C:\WINDOWS\CNYHKey.exe
      C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
      C:\WINDOWS\ALCFDRTM.EXE
      C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      C:\Program Files\ScanWizard 5\ScannerFinder.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\WINDOWS\system32\SearchProtocolHost.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
      O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: w2pxdrvs.dll
      O10 - Unknown file in Winsock LSP: w2pxdrvs.dll
      O10 - Unknown file in Winsock LSP: w2pxdrvs.dll
      O10 - Unknown file in Winsock LSP: w2pxdrvs.dll
      O10 - Unknown file in Winsock LSP: w2pxdrvs.dll
      O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
      O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
      O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
      O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Documents and Settings\°Oo Antoine oO°\Mes documents\maconfservice.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: OneStepSearch Service - Unknown owner - C:\Program Files\OneStep\onestep.exe (file missing)
      O23 - Service: ProxyCap Service (pcapsvc) - Proxy Labs - C:\Documents and Settings\°Oo Antoine oO°\Mes documents\logiciel\pcapsvc.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe (file missing)
      O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe (file missing)
      O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      0
      1. metalin > metalin
         
        Bonjour
        est ce que ce rapport est propre, merci encore de m'avoir aider
        Cordialement
        0
  20. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Il n'y a que ça qui me dérange, est-ce que tu sais ce que c'est ?

    C:\Documents and Settings\°Oo Antoine oO°\Mes documents\logiciel\pcapsvc.exe

    0
    1. metalin
       
      Bonsoir
      c'est proxicap, je serais incapable de te dire a quoi ça sert, mon fils serait là, il pourrait m'en dire plus, il y a une histoire de serveur je crois, mais apparemment c'est un truc que l'on peut télécharger sans problême
      0
  21. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Désolé pour la réponse tardive.
    OK pour pcapsvc.exe, j'espère que ce n'est pas un logiciel cracké (sinon il y a de grandes chances pour qu'il réinfecte ton ordinateur dès que tu l'utiliseras)

    Sinon ton ordinateur n'est plus infecté !

    Avant de retourner surfer sur internet, il y a quelques petites choses que tu dois faire pour finir le nettoyage et améliorer sensiblement la sécurité de ton ordinateur, ça t'évitera peut-être de devoir revenir ici avec une nouvelle infection dans le futur ;) Mais sache qu'aucun logiciel de sécurité ne te protègera à 100%, ce qui fait la différence, c'est ta vigilance lorsque tu télécharges ou installes quelque chose : pour en savoir plus, je t'invite à bien lire la page indiquée tout en bas de ce message (6).

    1) Sécurise ton ordinateur

    - Anti-virus :
    Antivir est un excellent choix, garde le. Juste un petit réglage à faire :
    Double clique sur l'icone d'Antivir près de l'horloge --> Configuration --> Coche « expert mode » --> coche « Search for rootkits before scan »

    - Pare-feu :
    Tu n’as apparemment aucun pare-feu (sauf peut-être celui de Windows, qui est inefficace et ne filtre pas les connections sortantes utilisées par beaucoup d'infections...) : Télécharges-en un vrai. En gratuit, les plus simples sont Kerio et surtout PC Tools Firewall. Tu peux t'aider des tuto suivants pour utiliser celui que tu choisiras :
    - Tutoriel PcTools
    - Tutoriel Kerio
    Note : si un message comme celui-ci apparaît lors de l'installation, clique sur Continuer.

    - Anti-spyware :
    * Installe Spyware Blaster : il ne prend pas de mémoire, c'est juste un logiciel qui vaccine ton pc contre certaines infections. Il faut le mettre à jour manuellement, tous les 10 jours environ, et activer toutes les protections (« Enable all protection »)
    * En complément, garde MalwareBytes pour son scan de nettoyage performant.

    - Pour naviguer sur internet plus en sécurité et à l’abri des publicités, je te conseille d’installer et d'utiliser le navigateur Firefox 3 avec l’extension « AdBlockPlus ». Tu peux trouver des explications ici

    - Java n'est pas à jour, c'est une faille de sécurité.
    Il faut d'abord désinstaller l'ancienne version : Ouvre le menu démarrer --> panneau de configuration --> ajout/suppression de programmes --> sélectionne toutes les versions de java présentes et désinstalle les.
    Ensuite, télécharge et installe la nouvelle version depuis le site officiel de java : https://java.com/fr/

    2) Relance Hijackthis (pour la dernière fois), fais "scan system only" et coche ces lignes (pas dangereuses mains inutiles) :

    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)

    Coche également toutes les lignes commençant par 016

    Ensuite, clique sur "Fix checked"

    3) Télécharge ToolsCleaner sur ton bureau pour nettoyer l'ordi de tous les outils qu'on a utilisé : ToolsCleaner
    Lance le, clique sur Recherche et laisse le scan se finir, puis clique sur Suppression pour nettoyer.
    Tu peux aussi supprimer les fichiers temporaires.
    Ensuite, supprime manuellement ToolsCleaner (mets le à la corbeille).
    S'il ne supprime pas tout, supprime manuellement ce qui reste.

    4) Télécharge et installe CCleaner (si ce n’est déjà fait) : https://www.ccleaner.com/ccleaner/download

    Lance CCleaner
    Option --> avancé --> décoche « effacer uniquement les fichiers plus vieux que 48h »
    Puis nettoyeur --> Analyse > Lancer le nettoyage, puis sur OK dans la fenêtre qui s' affiche.
    Relance le nettoyage une deuxième fois.

    Enfin, registre --> corrige toutes les erreurs, et recommence jusqu'à ce qu'il ne trouve plus d'erreurs.

    (Tu peux garder ce logiciel et l'utiliser régulièrement).

    5) Pour finir le nettoyage, il faut désactiver puis réactiver la restauration système (pour créer un nouveau point de restauration sain et éviter le retour de l'infection).

    * Fais un clic droit sur poste de travail (qui est sur ton bureau ou dans le menu démarrer), puis propriétés.
    * Sélectionne l'onglet restauration du système
    * Coche l'option Désactiver la restauration du système sur tous les lecteurs
    * Clique sur OK.

    Puis refais la manipulation inverse pour réactiver la restauration système.

    6) Je t'invite enfin à visiter cette page qui t'apportera des informations de prévention et de protection contre les infections (environ 15 minutes de lecture très instructive et utile):
    Prévention et sécurité sur internet

    Bonne lecture, bon courage, et n'hésite pas à poser des questions en cas de besoin ;)
    0
    1. metalin
       
      Bonsoir
      j'ai suivi à la lettre tes conseils, installation des logiciels cités, pare feu: PC tools firewall plus, réinstallation de Java, mais celui ci n'a pas l'air de fonctionner, sinon ras, tout fonctionne a merveille. félicitations pour votre compétence et votre dévouement.
      Par contre j'ai un autre PC qui est en réseau avec celui ci qui serait aussi contaminé, dois je refaire un sujet ou continuer sur celui ci, ou faire la même manip ?
      Merci encore
      0
      1. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790 > metalin
         
        De rien, je suis heureux d'avoir pu t'aider ;)

        Si ton autre ordinateur est infecté, je te conseille d'ouvrir un autre sujet pour ton autre PC, parce que je ne serai pas très présent sur le forum ces prochains jours, et il y a peu de chance que quelqu'un d'autre vienne répondre dans un sujet déjà commencé.

        Bonne continuation.
        0