Ce n’est pas un virus, cela veut dire que le logiciel que vous tentez d’installer n’est pas compatible avec votre Windows. Il vous suffit de contacter le revendeur du logiciel, lequel est-ce par ailleurs de logiciel.

Pour tous vos drivers, le site de votre constructeur les stocke tous, il vous suffit donc de vous y rendre, de choisir support, drivers, téléchargement, d’entrer les référencent exacte de votre ordinateur et voilà.

J'ai essayer plusieur logiciel anti virus avast pc tools etc et meme avec d'autre logiciel sa le fait en tou k merci pour le

peripherique audio sa marche c super et est il possible que je recupere une version plu recente de windows ou reussir

a validé ma version

encore merci

Pour mettre à jour Windows XP qui est passé au SP3 depuis 6 mois.
http://www.microsoft.com/...

Alors j'ai bien telechargé le lien que vou m'avez mi et justemen sa me met update.exe que ce n'es pa une application

win32 valide sa me l'affiche juste avan la fin de l'extraction ( echec lors de l'extraction )

dsl

et encore merci

Il s'agit du virus win32/Bagle qui modifie le "comportement" (le code) des exécutable ,c à d les fichier avec les extension .exe que ce soit des application ou des installeurs de logiciel , juste au moment ou tu clic dessus.

mais , il existe tout de même des outils de désinfection (anti Bagle ou autres) conçu par les différents compagnies Antivirus , qui sont mis gratuitement a la disposition des utilisateurs

voici quelque un que tu peu télécharger (utilisez un ou plusieurs si nécessaire , mais un outil a la fois)

celui de F-secure
http://www.f-secure.com/download-purchase/tools.shtml#F-Bagle
>télécharge le fichier .Zip tu le décompresser dans un dossier > ensuite tu clic sur le fichier exécutable qu'il contient

ceux de Bitdefender (4 fichiers qui porte le nom win32.Bagle car le dit virus a plusieurs variantes)
http://www.bitdefender.com/site/Downloads/browseFreeRemovalTool/

et celui la qui prend en charge plusieurs variantes de Bagle
http://www.sharewareplaza.com/...

j'ajoute aussi ceux de Kaspersky
http://www.kaspersky.com/removaltools

Salut,

Fait sa:

FindyKill de Chiquitine29

▶ Fais un clique droit sur le lien et choisis ( "enregistrer la cible sous ...." )( , destination le bureau .

▶ ( Note importante : si tu as le prg Elibagla sur ton PC , supprimes le ( risque de conflit entre les deux outils ) .

▶ Laisse toi guider pour l'installer.

▶ Double clic sur " FindyKill." pour lancer l'outil .

▶ Choisis La langue:F pour français

▶ Choisis l'option 1 . Puis laisses travailler ...

▶ Une fois terminé, postes le rapport FindyKill.txt qui est généré ...

( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

Les-risques-securitaires-du-peer-to-peer

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.

Re,

Passe findykill STP

Re,

Poste le rapport findykill a partir de =>»»»» Presence des fichiers dans C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\Temp

Merci

Re,

Pas grave.

Findykill de chiquitine29 option 2:

▶ Branche tes disques amovibles à ton PC ( (clefs USB, disque dur externe, etc...) sans les ouvrir

▶ Double-clique sur le raccourci FindyKill sur ton bureau

▶ Au menu principal, choisisl'option 2 (Suppression)

/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

▶ Ensuite, poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.

Voici le nouveau rapor



----------------- FindyKill V4.712 ------------------

* User : Admin - XPSP2-A0BDB837D
* executed from : C:\Program Files\FindyKill
* Update on 14/01/09 par Chiquitine29
* Start at 0:18:24 the 15/01/2009
* Windows XP - Internet Explorer 7.0.5730.13


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:

Deleted ! - C:\InfoSat.txt

»»»» Supression files in C:\WINDOWS


»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\14803593.EXE-26F27C84.pf
Deleted ! - C:\WINDOWS\prefetch\14847843.EXE-1DDF292F.pf
Deleted ! - C:\WINDOWS\prefetch\14868781.EXE-1E2B1D13.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-370E2858.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-101AF362.pf

»»»» Supression files in C:\WINDOWS\system32

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

»»»» Supression files in C:\WINDOWS\system32\drivers

Deleted ! - C:\WINDOWS\system32\drivers\mdelk.exe
Deleted ! - C:\WINDOWS\system32\drivers\srosa.sys
Deleted ! - C:\WINDOWS\system32\drivers\hldrrr.exe
Deleted ! - "C:\WINDOWS\system32\drivers\downld"

»»»» Supression files in C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data

Deleted ! - "C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\.Net Advanced Button 2.0.3211.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\1 Nutty Santa Screen Saver 2.8.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\3D Stockcar Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\642-513 Practice Exam Testing Engine Software 1.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Abacre Photo Editor 2.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Abee MP3 Duplicates Finder 3.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Able PostScript Converter 1.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\ACF Notes 1.1.7.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Active Lock 1.4.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Ad-Aware 2008 7.1.0.11 Final.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\AIMP 2.51 Build 323.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Amadis Video to FLV Converter 3.7.3.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\AntiVir PersonalEdition Premium with KeyGen.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\ASP pure file upload with progress 2.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Auto Click Link Buddy 2.1.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\AV Media Copy 1.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Avast.4.5.Pro.ITA.+.Keygen.+.Skins.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Avatar Buddies 1.0.2.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\BlueSync 1.2.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\BrowserSizer 1.5.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\CCMreporter for Cisco Callmanager 1.1.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\CDex 1.70 Beta 2.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\ChangePaper 2.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\CHIBI NINJA mail 1.1.5.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\CodeMarkers 1.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Connection Meter 7.3.8.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Countdown to the Beijing Olympics 1.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Database Browser Control - TanDB 1.01.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\DjView 4.4.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\DotnetSwitch 1.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\DVD Audio Ripper Deluxe 3.0.2007.205.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Dynamic Compressor 1.2.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Easy DVD Ripper & Converter 3.0.1.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Eazy Code 6.4.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Ebay Toolbar 3.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\EBSQ Art of the Day 0.1.2.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\ECTI 1.5.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\EMO TaskDev Planner 2.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Equi Buzz 1.01.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Eyes Dropper 3.1.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\FaceGate 2.01.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\File Sync 3.2.0 Build 0405.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\FMOD Designer 4.11.00 Development.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Freagair Mini Search 1.3.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Free Sticky Notes 4.4.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Gene Tree 2.3.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\HARDiNFO 2005 Enterprise 5.01.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\HeadShot0104 ScreenMate 1.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Heatsoft Clone Cleaner Lite 1.06.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\I+ Installer Lite 1.10.0.3.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\ICQ Mobile (Jimm 0.52 Mod by XaTTaB).zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\IGetMail 2.3.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\iKlax Player 1.0.80408.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\ImageExpress 1.0.2.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Inquiry Management System 1.1a.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Interactive Voice Guide 4.7.25.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Investment And Loan Calculator 1.1.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\JAJAH - Web-Activated Telephony 1.0.1711.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Jellyfish Curious Creatures Screensaver 1.2.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\JKae.Komponents.Kalendar 1.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\JMount 1.0.0.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\JOC Email Checker 3.3.1.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\JODConverter 2.2.1.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Kaspersky Anti-Virus Personal 8.0.0.506.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Kaspersky.Anti-Virus.6.0.0.299.(espaÇñol.-.spanish).+.key.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Ketura 2007.1273.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\KJAZZ 88.1 (KKJZ) Radio 2.1.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\KzxMetal 1.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\LanHelper 1.82.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Latest Del.icio.us Posts 1.1.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Learn Visual Basic .NET 2.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\LingvoSoft Picture Dictionary 2008 Spanish - Polish 1.2.26.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Lock it and Protect Pro 2.03.08.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Look 1.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Luscious Landscapes Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\MapStar MapPro Beta 2.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Max Privacy Protector 2.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\MaxSoundex 1.00.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\McAfee.VirusScan.v10.0.27.Retail.Crack.-.Keygen.-.Serial.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\MD5 Tool 1.5.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\memo.ua 1.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\MER Time 1.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Mewa Film 1.4.4 Alpha.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Mortgage Matrix Calculator 3.2.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\MouseScroller 1.4.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Moxon Rectangle Generator 1.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\MPEG to 3GP Converter 1.00.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\MySurf Professional 2.1.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\NCS Power Control Library 0.07b.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\NetNews Agent 1.19p.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Netretina 7.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\NoteMe! 1.14.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\OrkutAlert 0.8 Alpha R2.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\OverSoft CPU Informer 0.98.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\PaintBuster 12.4.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Panda.Antivirus.Titanium.Platinium.Crack.Or.Keygen.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Paraben's Image Viewer 2.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\PC Screen Spy Monitor 6.25.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\PC Weather Machine 1.2.3.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\PDFSealer 6.09 build 1739.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\PhoneBook95 Professional Edition 3.02.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\PhotoMazing 2.60.00.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Pluginlab Site Maps 2.0.8.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\PowerSave Prank 1.00.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Quest 4.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Quick Background Note 1.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Royale Theme for WinXP - Official.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\RTF Convertor 1.0.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Ruby Multimedia Icons 1.10.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\SharePoint Capacity Planning Tool 1.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Shock Messenger 0.1.1.2.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Softpedia Christmas Wallpaper Pack 2004b.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\StarSpangled Screen Saver 1.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Super Simple RSS 3.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Superversion Spanish PalmOS 2.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Sweet Hearts MP3 E-Card 1.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Symantec.Norton.Ghost.Version.10.keygen.Working.Nov2005.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Systemsymbols 1.0.2.1.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\TextEdit 1.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Txt2PDF 3.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\Userbase Software Sales Tracking 1.5.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\UserHealth 1.3.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\VideoTrak 2.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\XB Image Viewer 1.0.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\XS Finance Professional 2.21.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\yakForFree Yak Community Client 1.1 9100a stamp 23166.zip
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared\ZebSpeech 2.0.0.zip
Deleted ! - "C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\m"
Deleted ! - "C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\hidires\flec003.exe"
Deleted ! - "C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Application Data\hidires"

»»»» Supression files in C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\Temp


»»»» Supression files in C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\10R3UUP9\b64[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\10R3UUP9\b64[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\10R3UUP9\b64[3].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\10R3UUP9\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\10R3UUP9\ffl[1].htm
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\10R3UUP9\ffl[3].htm
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\4OVSP760\b64[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\4OVSP760\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\4OVSP760\b64_2[3].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\4OVSP760\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\4OVSP760\b64_5[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\4OVSP760\ffl[1].htm
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\4YWI53WB\b64[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\4YWI53WB\b64[3].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\4YWI53WB\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\4YWI53WB\b64_2[3].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\4YWI53WB\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\4YWI53WB\ffl[2].htm
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\5LQ7G8ON\b64[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\5LQ7G8ON\b64[3].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\5LQ7G8ON\b64_5[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\5LQ7G8ON\b64_5[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\5LQ7G8ON\ffl[1].htm
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\5LQ7G8ON\ffl[3].htm
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\5LQ7G8ON\ffl[4].htm
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\5LQ7G8ON\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\5LQ7G8ON\mxd[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\8UMG6I82\b64[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\8UMG6I82\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\8UMG6I82\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\8UMG6I82\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\8UMG6I82\b64_5[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\8UMG6I82\b64_5[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\8UMG6I82\ffl[1].htm
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\8UMG6I82\ffl[2].htm
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\8UMG6I82\ffl[3].htm
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\8UMG6I82\ffl[4].htm
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\8UMG6I82\file[1].txt
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\8UMG6I82\servernames[1].htm
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\BHJDF68S\b64[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\BKT7XRYA\b64[3].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\BKT7XRYA\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\BKT7XRYA\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\BKT7XRYA\b64_3[4].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\BKT7XRYA\b64_5[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\BKT7XRYA\b64_5[3].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\BKT7XRYA\b64_5[4].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\C8PS9G9G\b64[4].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\C8PS9G9G\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\C8PS9G9G\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\C8PS9G9G\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\C8PS9G9G\b64_5[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\C8PS9G9G\b64_5[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\C8PS9G9G\ffl[2].htm
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\GF4H3QWL\b64[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\GF4H3QWL\b64[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\GF4H3QWL\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\GF4H3QWL\b64_5[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\GF4H3QWL\b64_5[4].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\GF4H3QWL\b64_5[5].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\I33BMMLP\b64[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\I33BMMLP\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\I33BMMLP\b64_5[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\I33BMMLP\b64_5[3].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\I33BMMLP\ffl[1].htm
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\I33BMMLP\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\I33BMMLP\mxd[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\IFD2E4LG\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\IFD2E4LG\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\IFD2E4LG\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\IFD2E4LG\b64_5[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\IFD2E4LG\b64_5[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\IFD2E4LG\b64_5[3].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\L6F2ZC84\b64[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\L6F2ZC84\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\L6F2ZC84\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\L6F2ZC84\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\L6F2ZC84\ffl[2].htm
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\LM7AY4DK\b64[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\LM7AY4DK\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\LM7AY4DK\ffl[1].htm
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\LM7AY4DK\file[1].txt
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\LSW3YCQI\b64[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\LSW3YCQI\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\LSW3YCQI\b64_5[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\NTR0MLKW\b64[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\NTR0MLKW\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\NTR0MLKW\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\NTR0MLKW\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\NTR0MLKW\ffl[2].htm
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\OB13GXDT\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\OB13GXDT\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\OB13GXDT\b64_2[3].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\OB13GXDT\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\OB13GXDT\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\RIALKCDC\b64[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\RIALKCDC\b64[3].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\RIALKCDC\b64[4].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\RIALKCDC\file[1].txt
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\RIALKCDC\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\RTMURBNO\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\RTMURBNO\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\RTMURBNO\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\SZGO3DWB\b64[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\SZGO3DWB\b64[3].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\SZGO3DWB\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\SZGO3DWB\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\SZGO3DWB\b64_2[3].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\SZGO3DWB\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\SZGO3DWB\ffl[1].htm
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\SZGO3DWB\ffl[2].htm
Deleted ! - C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Temporary Internet Files\Content.IE5\SZGO3DWB\mxd[1].jpg

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_CURRENT_USER\Software\FirstRRRun
Deleted ! - HKEY_USERS\S-1-5-21-746137067-1979792683-725345543-1003\Software\Local AppWizard-Generated Applications\hldrrr
Deleted ! - HKEY_USERS\S-1-5-21-746137067-1979792683-725345543-1003\Software\Local AppWizard-Generated Applications\mdelk
Deleted ! - HKEY_USERS\S-1-5-21-746137067-1979792683-725345543-1003\Software\Local AppWizard-Generated Applications\nideiect
Deleted ! - HKEY_USERS\S-1-5-21-746137067-1979792683-725345543-1003\Software\MuleAppData

--------------- [ States / Restarting of services ] ----------------

+- Safe boot mode restored !

+- Showing of hidden files has been repaired !



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe


+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------

Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f2ccd0a-be1d-11dd-8577-001617e4706d}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f2ccd0a-be1d-11dd-8577-001617e4706d}\Shell\explore\Command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f2ccd0a-be1d-11dd-8577-001617e4706d}\Shell\open\Command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61835129-9ad7-11dd-8524-001617e4706d}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61835129-9ad7-11dd-8524-001617e4706d}\Shell\explore\Command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61835129-9ad7-11dd-8524-001617e4706d}\Shell\open\Command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6609d049-b89b-11dd-8568-001617e4706d}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6609d049-b89b-11dd-8568-001617e4706d}\Shell\explore\Command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6609d049-b89b-11dd-8568-001617e4706d}\Shell\open\Command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b788dedb-97b2-11dd-851b-001617e4706d}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b788dedb-97b2-11dd-851b-001617e4706d}\Shell\explore\Command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b788dedb-97b2-11dd-851b-001617e4706d}\Shell\open\Command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5025d92-a289-11dd-8536-001617e4706d}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5025d92-a289-11dd-8536-001617e4706d}\Shell\explore\Command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5025d92-a289-11dd-8536-001617e4706d}\Shell\open\Command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc0e6480-ba4e-11dd-856c-001617e4706d}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc0e6480-ba4e-11dd-856c-001617e4706d}\Shell\explore\Command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc0e6480-ba4e-11dd-856c-001617e4706d}\Shell\open\Command

--------------- [ Searching Other Infections ] ----------------


Références de comparaison Bagle MD5 :

4ab5d3ca612c7fcdd392151aec822b28 C:\WINDOWS\system32\mdelk.exe
4ab5d3ca612c7fcdd392151aec822b28 C:\WINDOWS\system32\wintems.exe
d650e945c74199f544a6adbff9da0887 C:\WINDOWS\system32\drivers\hldrrr.exe
d650e945c74199f544a6adbff9da0887 C:\WINDOWS\system32\drivers\mdelk.exe


--------------- [ Searching Cracks / Keygen ] ----------------

C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Application Data\Sopcast\rss\http___crackle_com_rss_media_sxsw_featured_rss.xml
C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Application Data\Sopcast\rss\http___crackle_com_rss_media_sxsw_featured_rss_structured.xml


---------------- ! End of report ! ------------------




merci beaucoup

Re,

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :



:files
C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Application Data\Sopcast\rss\http___crackle_com_rss_media_sxsw_featured_rss.xml
C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Application Data\Sopcast\rss\http___crackle_com_rss_media_sxsw_featured_rss_structured.xml

:commands
[purity]
[emptytemp]
[reboot]



---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
▶ Télécharge hijackthis

▶ Enregistre la cible sous .... "le bureau"

▶ Fais un double-clic sur "HJTInstall.exe" afin de lancer l'installation

▶ Clique sur Install ensuite sur "I Accept"

▶ Clique sur" Do a scan system and save log file"

▶ Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

▶ Tuto hijackthis(Merci à Balltrap34)

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12:22, on 15/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MESSEN~1\Msmsgs.exe
C:\Program Files\A.C\Scroll-In-Mouse V2.0\Scroll.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*­http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\ScannerU\TBRIDGE\BIN\InstantAccess.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "c:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Scroll-In-Mouse V2.0.lnk = C:\Program Files\A.C\Scroll-In-Mouse V2.0\Scroll.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
End of file - 4740 bytes

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12:22, on 15/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MESSEN~1\Msmsgs.exe
C:\Program Files\A.C\Scroll-In-Mouse V2.0\Scroll.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*­http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\ScannerU\TBRIDGE\BIN\InstantAccess.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "c:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Scroll-In-Mouse V2.0.lnk = C:\Program Files\A.C\Scroll-In-Mouse V2.0\Scroll.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
End of file - 4740 bytes


voici le deuxieme rapor avec Hijackthis

Re,

Tu as fait sa ?

Oui je l'ai fai en esperan que je l'ai bien fai mai sinon oui je l'ai fai

Re,

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\

========== FILES ==========
File/Folder C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Application Data\Sopcast\rss\http___crackle_com_rss_media_sxsw_featured_­rss.xml not found.
File/Folder C:\Documents and Settings\Admin.XPSP2-A0BDB837D\Local Settings\Application Data\Sopcast\rss\http___crackle_com_rss_media_sxsw_featured_­rss_structured.xml not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01152009_160521

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

voici le rapor que vou m'avez demandé

Re,

Combofix. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts...

Fais exactement ce qui suit :

Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide :

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation (si jamais tu en as et que je ne les ai pas vu sur le rapport hijackthis....)

---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

--->Je te conseil d'installer la console de récupération.(Voir le tutoriel).

Tuto ici : TUTO
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :

Double-clique sur C-Fix.exe (= combofix.exe ) .

Appuie sur une touche pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.

ComboFix 09-01-13.04 - guillaume 2009-01-15 17:53:39.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1022.702 [GMT 1:00]
Lancé depuis: c:\documents and settings\guillaume\Bureau\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-15 au 2009-01-15 ))))))))))))))))))))))))))))))))))))
.

2009-01-15 17:49 . 2009-01-15 17:49 <REP> d-------- c:\windows\LastGood
2009-01-15 16:12 . 2009-01-15 16:12 <REP> d-------- c:\program files\Trend Micro
2009-01-15 16:05 . 2009-01-15 16:05 <REP> d-------- C:\_OTMoveIt
2009-01-15 15:23 . 2009-01-15 15:23 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-15 15:23 . 2009-01-15 15:23 <REP> d-------- c:\documents and settings\guillaume\Application Data\Malwarebytes
2009-01-15 15:23 . 2009-01-15 15:23 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-15 15:23 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-15 15:23 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-15 15:01 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2009-01-15 15:01 . 2008-10-16 14:09 35,864 --a------ c:\windows\system32\wucltui.dll.mui
2009-01-15 15:01 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuaucpl.cpl.mui
2009-01-15 15:01 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui
2009-01-15 15:01 . 2008-10-16 14:07 19,992 --a------ c:\windows\system32\wuaueng.dll.mui
2009-01-15 14:54 . 2009-01-15 15:50 <REP> d-------- c:\program files\Symantec
2009-01-15 14:49 . 2009-01-15 14:49 <REP> d---s---- c:\documents and settings\guillaume\UserData
2008-12-21 19:04 . 2008-12-21 19:04 <REP> d-------- c:\documents and settings\guillaume\Application Data\AVGTOOLBAR
2008-12-21 19:03 . 2008-12-21 19:03 <REP> d-------- c:\program files\AVG
2008-12-21 19:03 . 2008-12-21 19:04 <REP> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-21 18:47 . 2008-12-21 18:47 <REP> d-------- c:\program files\Alwil Software

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-15 14:50 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2009-01-15 14:47 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-15 14:29 250 ----a-w c:\documents and settings\guillaume\Application Data\wklnhst.dat
2008-12-21 23:30 --------- d-----w c:\documents and settings\guillaume\Application Data\dvdcss
2008-12-21 17:54 --------- d-----w c:\program files\ScannerU
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-15_17.48.16.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-15 15:10:24 64,836 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-15 16:51:35 64,836 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-15 15:10:24 78,088 ----a-w c:\windows\system32\perfc00C.dat
+ 2009-01-15 16:51:35 78,088 ----a-w c:\windows\system32\perfc00C.dat
- 2009-01-15 15:10:24 406,880 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-15 16:51:35 406,880 ----a-w c:\windows\system32\perfh009.dat
- 2009-01-15 15:10:24 474,210 ----a-w c:\windows\system32\perfh00C.dat
+ 2009-01-15 16:51:35 474,210 ----a-w c:\windows\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"MSMSGS"="c:\progra~1\MESSEN~1\Msmsgs.exe" [2005-08-31 1658592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-05 7323648]
"Muscbrigade"="c:\musicbrigade\Musicbrigade.exe" [2005-12-22 40960]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InstantAccess"="c:\program files\ScannerU\TBRIDGE\BIN\InstantAccess.EXE" [1998-07-07 37376]
"RegisterDropHandler"="c:\program files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE" [1998-07-07 22528]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-01-05 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 c:\windows\RTHDCPL.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="c:\program files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE" [1998-07-07 22528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Scroll-In-Mouse V2.0.lnk - c:\program files\A.C\Scroll-In-Mouse V2.0\Scroll.exe [2007-03-16 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\Msmsgs.exe"=

R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2006-08-03 215040]
S4 BulkUsb;Plustek USB Scanner;c:\windows\system32\drivers\usbscan.sys [2007-03-16 15104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb0b3a7e-c90e-11dd-8951-003005b3042a}]
\Shell\AutoRun\command - E:\nideiect.com
\Shell\explore\Command - E:\nideiect.com
\Shell\open\Command - E:\nideiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eaad2d23-865d-11dd-892f-003005b3042a}]
\Shell\AutoRun\command - K:\nideiect.com
\Shell\explore\Command - K:\nideiect.com
\Shell\open\Command - K:\nideiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6ffd3c4-d864-11dc-88c2-003005b3042a}]
\Shell\AutoRun\command - E:\nideiect.com
\Shell\explore\Command - E:\nideiect.com
\Shell\open\Command - E:\nideiect.com
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-15 17:54:11
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1527725298-3504637059-1939994038-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Heure de fin: 2009-01-15 17:54:48
ComboFix-quarantined-files.txt 2009-01-15 16:54:47
ComboFix2.txt 2009-01-15 16:49:33

Avant-CF: 281 993 228 288 octets libres
Après-CF: 281,987,325,952 octets libres

127
voici le dernier rapor