Sujet Précédent Sujet Suivant

Virus bagle LI

Résolu/Fermé
shivafro Messages postés 28 Date d'inscription mercredi 7 janvier 2009 Statut Membre Dernière intervention 8 janvier 2009 - 7 janv. 2009 à 00:41
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 - 7 janv. 2009 à 18:12
Bonjour,
Bonjour,
je pense avoir un gros virus sur mon ordi que je n'arrive pas à supprimer. Avast s'est desinstallé tout seul. C cleaner, hijack, et tous les anivirus à télécharger ou en ligne ne fonctionnent pas. J'ai seulement pu avr les rapports de bitdefender et findykill:



----------------- FindyKill V4.711 ------------------

* User : Flo - FLORIANE
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 22:20:06 le 06/01/2009
* Windows XP - Internet Explorer 7.0.5730.11

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SFR\Kit\WiFi\9wifi.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\documents and settings\flo\local settings\application data\isyuo.exe
C:\Documents and Settings\Flo\Application Data\drivers\winupgro.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

--------------- [ Processus infectieux stoppés ] ----------------


"C:\Documents and Settings\Flo\Application Data\drivers\winupgro.exe" (1972)


--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\prefetch\103250.EXE-2C9D3F57.pf
Found ! - C:\WINDOWS\prefetch\131828.EXE-119FFF4A.pf
Found ! - C:\WINDOWS\prefetch\141640.EXE-23847329.pf
Found ! - C:\WINDOWS\prefetch\185953.EXE-2C51CD2F.pf
Found ! - C:\WINDOWS\prefetch\219796.EXE-161EBBA0.pf
Found ! - C:\WINDOWS\prefetch\227937.EXE-352A938E.pf
Found ! - C:\WINDOWS\prefetch\307109.EXE-048A7335.pf
Found ! - C:\WINDOWS\prefetch\420187.EXE-2452EA7D.pf
Found ! - C:\WINDOWS\prefetch\526140.EXE-2F079FDA.pf
Found ! - C:\WINDOWS\prefetch\561906.EXE-331FA353.pf
Found ! - C:\WINDOWS\prefetch\94562.EXE-140ABE00.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-26D1F83A.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-101AF362.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-37BF40FB.pf
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-074286F1.pf
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-373FD45E.pf
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-074286F1.pf
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-373FD45E.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [06/01/2009 22:02] - C:\WINDOWS\system32\mdelk.exe
Found ! [06/01/2009 22:02] - C:\WINDOWS\system32\wintems.exe
Found ! [06/01/2009 22:03] - C:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers


»»»» Presence des fichiers dans C:\Documents and Settings\Flo\Application Data

Found ! [06/01/2009 04:27] - "C:\Documents and Settings\Flo\Application Data\m\flec006.exe"
Found ! [06/01/2009 04:27] - "C:\Documents and Settings\Flo\Application Data\m\list.oct"
Found ! [06/01/2009 21:54] - "C:\Documents and Settings\Flo\Application Data\m\data.oct"
Found ! [06/01/2009 04:27] - "C:\Documents and Settings\Flo\Application Data\m\srvlist.oct"
Found ! [06/01/2009 22:05] - "C:\Documents and Settings\Flo\Application Data\m\shared"
Found ! [06/01/2009 19:41] - "C:\Documents and Settings\Flo\Application Data\m"
Found ! [06/01/2009 22:05] - "C:\Documents and Settings\Flo\Application Data\drivers"
Found ! [06/01/2009 22:01] - "C:\Documents and Settings\Flo\Application Data\drivers\srosa.sys"
Found ! [15/10/2005 08:03] - "C:\Documents and Settings\Flo\Application Data\drivers\winupgro.exe"
Found ! [06/01/2009 22:08] - "C:\Documents and Settings\Flo\Application Data\drivers\downld"

»»»» Presence des fichiers dans C:\DOCUME~1\Flo\LOCALS~1\Temp


»»»» Presence des fichiers dans C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5

Found ! [06/01/2009 21:59] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\1GAV6E4X\b64_1[1].jpg
Found ! [06/01/2009 22:03] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\1GAV6E4X\file[1].txt
Found ! [06/01/2009 21:56] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\99MD0XOA\b64[1].jpg
Found ! [06/01/2009 22:03] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\99MD0XOA\b64_1[1].jpg
Found ! [06/01/2009 22:06] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\99MD0XOA\b64_1[2].jpg
Found ! [06/01/2009 22:07] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\99MD0XOA\b64_2[1].jpg
Found ! [06/01/2009 21:55] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\NKO6XP3P\b64_1[1].jpg
Found ! [06/01/2009 22:02] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\NKO6XP3P\b64_3[1].jpg
Found ! [06/01/2009 22:04] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\ODUZ3TZS\b64[1].jpg
Found ! [06/01/2009 21:54] - C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\ODUZ3TZS\mxd[1].jpg

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
RoboForm="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
isyuo="c:\documents and settings\flo\local settings\application data\isyuo.exe" isyuo

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Apoint="C:\Program Files\Apoint2K\Apoint.exe"
AGRSMMSG=AGRSMMSG.exe
Logitech Utility=Logi_MwX.Exe
D-Link AirPlus XtremeG="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe"
HPHmon05=C:\WINDOWS\system32\hphmon05.exe
HPHUPD05="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
BluetoothAuthenticationAgent=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
Autoconfigurateur WiFi SFR="C:\Program Files\SFR\Kit\WiFi\9wifi.exe"
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1

[HKEY_CURRENT_USER\software\local appwizard-generated applications\GoogleToolbarNotifier]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\keygen]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\MMDiag]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\PhLeAutoRun]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_USERS\S-1-5-21-816922679-1068368558-965301425-1007\Software\Local AppWizard-Generated Applications\keygen
Found ! - HKEY_USERS\S-1-5-21-816922679-1068368558-965301425-1007\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-816922679-1068368558-965301425-1007\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-816922679-1068368558-965301425-1007\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-816922679-1068368558-965301425-1007\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-816922679-1068368558-965301425-1007\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\keygen
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

/!\ Mode sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

/!\ Mode sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

/!\ Mode sans echec non fonctionnel !!



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

/!\ Ip6Fw - Type de démarrage = 4

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4


--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe


+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------

Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfafb2b6-0fa6-11dc-b5ee-93ea8d960259}\Shell\AutoRun\command


------------------- ! Fin du rapport ! --------------------

BitDefender Online Scanner



Scan report generated at: Tue, Jan 06, 2009 - 21:27:33





Scan path: C:\;D:\;







Statistics

Time
01:48:51

Files
233661

Folders
5275

Boot Sectors
0

Archives
9555

Packed Files
17710




Results

Identified Viruses
6

Infected Files
51

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
50




Engines Info

Virus Definitions
2411927

Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins
17

Archive plugins
45

Unpack plugins
7

E-mail plugins
6

System plugins
4




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\Flo\Application Data\drivers\winupgro.exe
Infected with: MemScan:Trojan.Downloader.Bagle.LI

C:\Documents and Settings\Flo\Application Data\drivers\winupgro.exe
Disinfection failed

C:\Documents and Settings\Flo\Application Data\drivers\winupgro.exe
Delete failed

C:\Documents and Settings\Flo\Application Data\m\data.oct
Infected with: MemScan:Trojan.Downloader.Bagle.LI

C:\Documents and Settings\Flo\Application Data\m\data.oct
Disinfection failed

C:\Documents and Settings\Flo\Application Data\m\data.oct
Deleted

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64[1].jpg
Infected with: Win32.Bagle.SUQ@mm

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64[1].jpg
Deleted

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64[2].jpg
Infected with: Win32.Bagle.SUQ@mm

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64[2].jpg
Deleted

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_1[1].jpg
Infected with: MemScan:Trojan.PWS.LdPinch.TSE

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_1[1].jpg
Deleted

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_1[2].jpg
Infected with: MemScan:Trojan.PWS.LdPinch.TSE

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_1[2].jpg
Deleted

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_3[1].jpg
Infected with: Win32.Bagle.SUQ@mm

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_3[1].jpg
Deleted

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_3[2].jpg
Infected with: Win32.Bagle.SUQ@mm

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\38FBUNIY\b64_3[2].jpg
Deleted

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\5HEFTGDW\b64_2[1].jpg
Infected with: Win32.Bagle.2678

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\5HEFTGDW\b64_2[1].jpg
Deleted

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\5HEFTGDW\b64_2[2].jpg
Infected with: Win32.Bagle.2678

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\5HEFTGDW\b64_2[2].jpg
Deleted

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\BK9UV1YN\b64_1[1].jpg
Infected with: MemScan:Trojan.PWS.LdPinch.TSE

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\BK9UV1YN\b64_1[1].jpg
Deleted

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\BK9UV1YN\b64_2[1].jpg
Infected with: Win32.Bagle.2678

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\BK9UV1YN\b64_2[1].jpg
Deleted

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\DC6PD9EJ\b64[1].jpg
Infected with: Win32.Bagle.SUQ@mm

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\DC6PD9EJ\b64[1].jpg
Deleted

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\DC6PD9EJ\b64_1[1].jpg
Infected with: MemScan:Trojan.PWS.LdPinch.TSE

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\DC6PD9EJ\b64_1[1].jpg
Deleted

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\DC6PD9EJ\b64_2[1].jpg
Infected with: Win32.Bagle.2678

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\DC6PD9EJ\b64_2[1].jpg
Deleted

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\EJCLYQQO\b64[1].jpg
Infected with: Win32.Bagle.SUQ@mm

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\EJCLYQQO\b64[1].jpg
Deleted

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\EJCLYQQO\b64_1[1].jpg
Infected with: MemScan:Trojan.PWS.LdPinch.TSE

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\EJCLYQQO\b64_1[1].jpg
Deleted

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\K1I9MZOJ\b64_3[1].jpg
Infected with: Win32.Bagle.SUQ@mm

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\K1I9MZOJ\b64_3[1].jpg
Deleted

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\U2FCAHKK\b64_1[1].jpg
Infected with: MemScan:Trojan.PWS.LdPinch.TSE

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\U2FCAHKK\b64_1[1].jpg
Deleted

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\U2FCAHKK\b64_2[1].jpg
Infected with: Win32.Bagle.2678

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\U2FCAHKK\b64_2[1].jpg
Deleted

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\U2FCAHKK\b64_3[1].jpg
Infected with: Win32.Bagle.SUQ@mm

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\U2FCAHKK\b64_3[1].jpg
Deleted

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_1[1].jpg
Infected with: MemScan:Trojan.PWS.LdPinch.TSE

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_1[1].jpg
Deleted

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_1[2].jpg
Infected with: MemScan:Trojan.PWS.LdPinch.TSE

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_1[2].jpg
Deleted

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_1[3].jpg
Infected with: MemScan:Trojan.PWS.LdPinch.TSE

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_1[3].jpg
Deleted

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_2[1].jpg
Infected with: Win32.Bagle.2678

C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\XBVSYP9Q\b64_2[1].jpg
Deleted

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Infected with: MemScan:Trojan.Downloader.Bagle.LI

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP523\A0099931.exe
Detected with: Application.Generic.18849

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP523\A0099931.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP523\A0099931.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP530\A0100191.sys
Infected with: Rootkit.Bagle.Gen

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP530\A0100191.sys
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP530\A0100191.sys
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP530\A0100192.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP530\A0100192.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP530\A0100193.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP530\A0100193.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100199.sys
Infected with: Rootkit.Bagle.Gen

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100199.sys
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100199.sys
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100207.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100207.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100210.exe
Infected with: MemScan:Trojan.Downloader.Bagle.LI

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100210.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100215.exe
Infected with: MemScan:Trojan.Downloader.Bagle.LI

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100215.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100240.sys
Infected with: Rootkit.Bagle.Gen

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100240.sys
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100240.sys
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100241.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100241.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100242.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP531\A0100242.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP533\A0100272.sys
Infected with: Rootkit.Bagle.Gen

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP533\A0100272.sys
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP533\A0100272.sys
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP533\A0100273.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP533\A0100273.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP533\A0100274.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP533\A0100274.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0100427.sys
Infected with: Rootkit.Bagle.Gen

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0100427.sys
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0100427.sys
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0100428.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0100428.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0100429.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0100429.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100436.sys
Infected with: Rootkit.Bagle.Gen

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100436.sys
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100436.sys
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100437.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100437.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100438.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100438.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100439.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100439.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100445.sys
Infected with: Rootkit.Bagle.Gen

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100445.sys
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100445.sys
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100446.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100446.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100447.exe
Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP537\A0100447.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP538\A0100464.exe
Infected with: MemScan:Trojan.Downloader.Bagle.LI

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP538\A0100464.exe
Deleted



SVP aidez-moi, ca fait des heures que j'y suis..

Merci pour vos réponses.

24 réponses

  • 1
  • 2
Réponse 1 / 24
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
7 janv. 2009 à 00:58
Salut,

--> Supprime tes cracks et keygens.

--> Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir.

--> Double-clique sur le raccourci FindyKill sur ton Bureau.

--> Au menu principal, choisis l'option 2 (Suppression).

/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

--> Ensuite, poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
0
Réponse 2 / 24
shivafro Messages postés 28 Date d'inscription mercredi 7 janvier 2009 Statut Membre Dernière intervention 8 janvier 2009
7 janv. 2009 à 02:26
merci Destrio de t'interesser à mon pblm

J'avoue que je suis novice en informatique et je ne sais pas comment faire pour supprimmer les cracks et keyguens c'est du chinois pour moi.....!

J'ai déja essayé l'option 2 de fynkill ca n'a pas marché, écran bleu et message d'erreur. l'ordi redémarre avec un rapport d'erreur mais le nettoyage ne se met pas en route. Cela va t'il fonctionner après avoir supprimmé les cracks?
0
Réponse 3 / 24
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
7 janv. 2009 à 02:28
/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

--> Télécharge ComboFix (de sUBs) en prenant soin de le renommer en KillBagle avant de l'enregistrer sur le Bureau.
--> Double-clique sur KillBagle.exe (le .exe n'est pas forcément visible) afin de le lancer.
--> Il va te demander d'installer la console de récupération : accepte.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
0
Réponse 4 / 24
shivafro Messages postés 28 Date d'inscription mercredi 7 janvier 2009 Statut Membre Dernière intervention 8 janvier 2009
7 janv. 2009 à 03:08
voici le rapport combofix:

ComboFix 09-01-05.05 - Flo 2009-01-07 2:44:02.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.255.86 [GMT 1:00]
Lancé depuis: c:\documents and settings\Flo\Bureau\killBagle.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Flo\Application Data\drivers\downld
c:\documents and settings\Flo\Application Data\drivers\downld\100015.exe
c:\documents and settings\Flo\Application Data\drivers\downld\100718.exe
c:\documents and settings\Flo\Application Data\drivers\downld\100843.exe
c:\documents and settings\Flo\Application Data\drivers\downld\101656.exe
c:\documents and settings\Flo\Application Data\drivers\downld\102140.exe
c:\documents and settings\Flo\Application Data\drivers\downld\102468.exe
c:\documents and settings\Flo\Application Data\drivers\downld\102656.exe
c:\documents and settings\Flo\Application Data\drivers\downld\102953.exe
c:\documents and settings\Flo\Application Data\drivers\downld\103250.exe
c:\documents and settings\Flo\Application Data\drivers\downld\103750.exe
c:\documents and settings\Flo\Application Data\drivers\downld\103906.exe
c:\documents and settings\Flo\Application Data\drivers\downld\107359.exe
c:\documents and settings\Flo\Application Data\drivers\downld\108453.exe
c:\documents and settings\Flo\Application Data\drivers\downld\108750.exe
c:\documents and settings\Flo\Application Data\drivers\downld\113359.exe
c:\documents and settings\Flo\Application Data\drivers\downld\115609.exe
c:\documents and settings\Flo\Application Data\drivers\downld\116703.exe
c:\documents and settings\Flo\Application Data\drivers\downld\117203.exe
c:\documents and settings\Flo\Application Data\drivers\downld\117406.exe
c:\documents and settings\Flo\Application Data\drivers\downld\118125.exe
c:\documents and settings\Flo\Application Data\drivers\downld\118343.exe
c:\documents and settings\Flo\Application Data\drivers\downld\118984.exe
c:\documents and settings\Flo\Application Data\drivers\downld\121765.exe
c:\documents and settings\Flo\Application Data\drivers\downld\122718.exe
c:\documents and settings\Flo\Application Data\drivers\downld\123078.exe
c:\documents and settings\Flo\Application Data\drivers\downld\124500.exe
c:\documents and settings\Flo\Application Data\drivers\downld\124843.exe
c:\documents and settings\Flo\Application Data\drivers\downld\125406.exe
c:\documents and settings\Flo\Application Data\drivers\downld\125640.exe
c:\documents and settings\Flo\Application Data\drivers\downld\125796.exe
c:\documents and settings\Flo\Application Data\drivers\downld\126031.exe
c:\documents and settings\Flo\Application Data\drivers\downld\126078.exe
c:\documents and settings\Flo\Application Data\drivers\downld\127656.exe
c:\documents and settings\Flo\Application Data\drivers\downld\128609.exe
c:\documents and settings\Flo\Application Data\drivers\downld\128953.exe
c:\documents and settings\Flo\Application Data\drivers\downld\131046.exe
c:\documents and settings\Flo\Application Data\drivers\downld\131531.exe
c:\documents and settings\Flo\Application Data\drivers\downld\131828.exe
c:\documents and settings\Flo\Application Data\drivers\downld\132140.exe
c:\documents and settings\Flo\Application Data\drivers\downld\132265.exe
c:\documents and settings\Flo\Application Data\drivers\downld\133406.exe
c:\documents and settings\Flo\Application Data\drivers\downld\135984.exe
c:\documents and settings\Flo\Application Data\drivers\downld\137625.exe
c:\documents and settings\Flo\Application Data\drivers\downld\138046.exe
c:\documents and settings\Flo\Application Data\drivers\downld\139375.exe
c:\documents and settings\Flo\Application Data\drivers\downld\140156.exe
c:\documents and settings\Flo\Application Data\drivers\downld\140468.exe
c:\documents and settings\Flo\Application Data\drivers\downld\141640.exe
c:\documents and settings\Flo\Application Data\drivers\downld\141703.exe
c:\documents and settings\Flo\Application Data\drivers\downld\144203.exe
c:\documents and settings\Flo\Application Data\drivers\downld\144265.exe
c:\documents and settings\Flo\Application Data\drivers\downld\14745953.exe
c:\documents and settings\Flo\Application Data\drivers\downld\14746390.exe
c:\documents and settings\Flo\Application Data\drivers\downld\14746484.exe
c:\documents and settings\Flo\Application Data\drivers\downld\14751359.exe
c:\documents and settings\Flo\Application Data\drivers\downld\14771718.exe
c:\documents and settings\Flo\Application Data\drivers\downld\14772343.exe
c:\documents and settings\Flo\Application Data\drivers\downld\14772750.exe
c:\documents and settings\Flo\Application Data\drivers\downld\14789046.exe
c:\documents and settings\Flo\Application Data\drivers\downld\14803312.exe
c:\documents and settings\Flo\Application Data\drivers\downld\14807703.exe
c:\documents and settings\Flo\Application Data\drivers\downld\14808578.exe
c:\documents and settings\Flo\Application Data\drivers\downld\14808843.exe
c:\documents and settings\Flo\Application Data\drivers\downld\14860093.exe
c:\documents and settings\Flo\Application Data\drivers\downld\14860296.exe
c:\documents and settings\Flo\Application Data\drivers\downld\14872515.exe
c:\documents and settings\Flo\Application Data\drivers\downld\14873734.exe
c:\documents and settings\Flo\Application Data\drivers\downld\14874312.exe
c:\documents and settings\Flo\Application Data\drivers\downld\14875046.exe
c:\documents and settings\Flo\Application Data\drivers\downld\14876109.exe
c:\documents and settings\Flo\Application Data\drivers\downld\14876828.exe
c:\documents and settings\Flo\Application Data\drivers\downld\14896328.exe
c:\documents and settings\Flo\Application Data\drivers\downld\14896796.exe
c:\documents and settings\Flo\Application Data\drivers\downld\14897265.exe
c:\documents and settings\Flo\Application Data\drivers\downld\14904781.exe
c:\documents and settings\Flo\Application Data\drivers\downld\14909078.exe
c:\documents and settings\Flo\Application Data\drivers\downld\14909734.exe
c:\documents and settings\Flo\Application Data\drivers\downld\14910078.exe
c:\documents and settings\Flo\Application Data\drivers\downld\14938437.exe
c:\documents and settings\Flo\Application Data\drivers\downld\14939078.exe
c:\documents and settings\Flo\Application Data\drivers\downld\14939437.exe
c:\documents and settings\Flo\Application Data\drivers\downld\153812.exe
c:\documents and settings\Flo\Application Data\drivers\downld\154875.exe
c:\documents and settings\Flo\Application Data\drivers\downld\157234.exe
c:\documents and settings\Flo\Application Data\drivers\downld\161015.exe
c:\documents and settings\Flo\Application Data\drivers\downld\167296.exe
c:\documents and settings\Flo\Application Data\drivers\downld\167328.exe
c:\documents and settings\Flo\Application Data\drivers\downld\167921.exe
c:\documents and settings\Flo\Application Data\drivers\downld\167968.exe
c:\documents and settings\Flo\Application Data\drivers\downld\168359.exe
c:\documents and settings\Flo\Application Data\drivers\downld\168937.exe
c:\documents and settings\Flo\Application Data\drivers\downld\172125.exe
c:\documents and settings\Flo\Application Data\drivers\downld\173125.exe
c:\documents and settings\Flo\Application Data\drivers\downld\173531.exe
c:\documents and settings\Flo\Application Data\drivers\downld\179656.exe
c:\documents and settings\Flo\Application Data\drivers\downld\179906.exe
c:\documents and settings\Flo\Application Data\drivers\downld\182593.exe
c:\documents and settings\Flo\Application Data\drivers\downld\184515.exe
c:\documents and settings\Flo\Application Data\drivers\downld\184687.exe
c:\documents and settings\Flo\Application Data\drivers\downld\185250.exe
c:\documents and settings\Flo\Application Data\drivers\downld\185953.exe
c:\documents and settings\Flo\Application Data\drivers\downld\186437.exe
c:\documents and settings\Flo\Application Data\drivers\downld\187609.exe
c:\documents and settings\Flo\Application Data\drivers\downld\188234.exe
c:\documents and settings\Flo\Application Data\drivers\downld\188500.exe
c:\documents and settings\Flo\Application Data\drivers\downld\190203.exe
c:\documents and settings\Flo\Application Data\drivers\downld\191093.exe
c:\documents and settings\Flo\Application Data\drivers\downld\191906.exe
c:\documents and settings\Flo\Application Data\drivers\downld\192750.exe
c:\documents and settings\Flo\Application Data\drivers\downld\193609.exe
c:\documents and settings\Flo\Application Data\drivers\downld\194062.exe
c:\documents and settings\Flo\Application Data\drivers\downld\197718.exe
c:\documents and settings\Flo\Application Data\drivers\downld\198812.exe
c:\documents and settings\Flo\Application Data\drivers\downld\199078.exe
c:\documents and settings\Flo\Application Data\drivers\downld\202156.exe
c:\documents and settings\Flo\Application Data\drivers\downld\207890.exe
c:\documents and settings\Flo\Application Data\drivers\downld\208046.exe
c:\documents and settings\Flo\Application Data\drivers\downld\208656.exe
c:\documents and settings\Flo\Application Data\drivers\downld\208890.exe
c:\documents and settings\Flo\Application Data\drivers\downld\209187.exe
c:\documents and settings\Flo\Application Data\drivers\downld\209375.exe
c:\documents and settings\Flo\Application Data\drivers\downld\210078.exe
c:\documents and settings\Flo\Application Data\drivers\downld\210609.exe
c:\documents and settings\Flo\Application Data\drivers\downld\212453.exe
c:\documents and settings\Flo\Application Data\drivers\downld\214609.exe
c:\documents and settings\Flo\Application Data\drivers\downld\215328.exe
c:\documents and settings\Flo\Application Data\drivers\downld\215625.exe
c:\documents and settings\Flo\Application Data\drivers\downld\215984.exe
c:\documents and settings\Flo\Application Data\drivers\downld\216359.exe
c:\documents and settings\Flo\Application Data\drivers\downld\217406.exe
c:\documents and settings\Flo\Application Data\drivers\downld\217656.exe
c:\documents and settings\Flo\Application Data\drivers\downld\219796.exe
c:\documents and settings\Flo\Application Data\drivers\downld\219953.exe
c:\documents and settings\Flo\Application Data\drivers\downld\225250.exe
c:\documents and settings\Flo\Application Data\drivers\downld\225359.exe
c:\documents and settings\Flo\Application Data\drivers\downld\225968.exe
c:\documents and settings\Flo\Application Data\drivers\downld\226328.exe
c:\documents and settings\Flo\Application Data\drivers\downld\226453.exe
c:\documents and settings\Flo\Application Data\drivers\downld\227937.exe
c:\documents and settings\Flo\Application Data\drivers\downld\233375.exe
c:\documents and settings\Flo\Application Data\drivers\downld\234062.exe
c:\documents and settings\Flo\Application Data\drivers\downld\234562.exe
c:\documents and settings\Flo\Application Data\drivers\downld\238171.exe
c:\documents and settings\Flo\Application Data\drivers\downld\244531.exe
c:\documents and settings\Flo\Application Data\drivers\downld\246203.exe
c:\documents and settings\Flo\Application Data\drivers\downld\246296.exe
c:\documents and settings\Flo\Application Data\drivers\downld\247078.exe
c:\documents and settings\Flo\Application Data\drivers\downld\249562.exe
c:\documents and settings\Flo\Application Data\drivers\downld\250500.exe
c:\documents and settings\Flo\Application Data\drivers\downld\250609.exe
c:\documents and settings\Flo\Application Data\drivers\downld\256343.exe
c:\documents and settings\Flo\Application Data\drivers\downld\256640.exe
c:\documents and settings\Flo\Application Data\drivers\downld\258000.exe
c:\documents and settings\Flo\Application Data\drivers\downld\258031.exe
c:\documents and settings\Flo\Application Data\drivers\downld\258609.exe
c:\documents and settings\Flo\Application Data\drivers\downld\258812.exe
c:\documents and settings\Flo\Application Data\drivers\downld\259046.exe
c:\documents and settings\Flo\Application Data\drivers\downld\259328.exe
c:\documents and settings\Flo\Application Data\drivers\downld\259546.exe
c:\documents and settings\Flo\Application Data\drivers\downld\260562.exe
c:\documents and settings\Flo\Application Data\drivers\downld\265000.exe
c:\documents and settings\Flo\Application Data\drivers\downld\265234.exe
c:\documents and settings\Flo\Application Data\drivers\downld\265625.exe
c:\documents and settings\Flo\Application Data\drivers\downld\266062.exe
c:\documents and settings\Flo\Application Data\drivers\downld\266546.exe
c:\documents and settings\Flo\Application Data\drivers\downld\266906.exe
c:\documents and settings\Flo\Application Data\drivers\downld\267046.exe
c:\documents and settings\Flo\Application Data\drivers\downld\267203.exe
c:\documents and settings\Flo\Application Data\drivers\downld\267500.exe
c:\documents and settings\Flo\Application Data\drivers\downld\268109.exe
c:\documents and settings\Flo\Application Data\drivers\downld\268156.exe
c:\documents and settings\Flo\Application Data\drivers\downld\268906.exe
c:\documents and settings\Flo\Application Data\drivers\downld\269609.exe
c:\documents and settings\Flo\Application Data\drivers\downld\271687.exe
c:\documents and settings\Flo\Application Data\drivers\downld\271828.exe
c:\documents and settings\Flo\Application Data\drivers\downld\272890.exe
c:\documents and settings\Flo\Application Data\drivers\downld\274203.exe
c:\documents and settings\Flo\Application Data\drivers\downld\275000.exe
c:\documents and settings\Flo\Application Data\drivers\downld\276109.exe
c:\documents and settings\Flo\Application Data\drivers\downld\277093.exe
c:\documents and settings\Flo\Application Data\drivers\downld\277578.exe
c:\documents and settings\Flo\Application Data\drivers\downld\277953.exe
c:\documents and settings\Flo\Application Data\drivers\downld\278468.exe
c:\documents and settings\Flo\Application Data\drivers\downld\279562.exe
c:\documents and settings\Flo\Application Data\drivers\downld\280109.exe
c:\documents and settings\Flo\Application Data\drivers\downld\280437.exe
c:\documents and settings\Flo\Application Data\drivers\downld\280984.exe
c:\documents and settings\Flo\Application Data\drivers\downld\282015.exe
c:\documents and settings\Flo\Application Data\drivers\downld\282609.exe
c:\documents and settings\Flo\Application Data\drivers\downld\284312.exe
c:\documents and settings\Flo\Application Data\drivers\downld\289578.exe
c:\documents and settings\Flo\Application Data\drivers\downld\290359.exe
c:\documents and settings\Flo\Application Data\drivers\downld\290750.exe
c:\documents and settings\Flo\Application Data\drivers\downld\293375.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29342421.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29342750.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29342765.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29345906.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29365984.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29366531.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29367000.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29383156.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29391109.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29398140.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29398640.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29399031.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29427296.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29427515.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29427609.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29440312.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29441531.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29442359.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29443125.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29443875.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29444531.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29464406.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29464984.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29465281.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29472593.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29482078.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29482812.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29483125.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29514125.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29514656.exe
c:\documents and settings\Flo\Application Data\drivers\downld\29514937.exe
c:\documents and settings\Flo\Application Data\drivers\downld\296687.exe
c:\documents and settings\Flo\Application Data\drivers\downld\297125.exe
c:\documents and settings\Flo\Application Data\drivers\downld\297218.exe
c:\documents and settings\Flo\Application Data\drivers\downld\299859.exe
c:\documents and settings\Flo\Application Data\drivers\downld\301078.exe
c:\documents and settings\Flo\Application Data\drivers\downld\301265.exe
c:\documents and settings\Flo\Application Data\drivers\downld\301812.exe
c:\documents and settings\Flo\Application Data\drivers\downld\302453.exe
c:\documents and settings\Flo\Application Data\drivers\downld\304812.exe
c:\documents and settings\Flo\Application Data\drivers\downld\305109.exe
c:\documents and settings\Flo\Application Data\drivers\downld\306953.exe
c:\documents and settings\Flo\Application Data\drivers\downld\307109.exe
c:\documents and settings\Flo\Application Data\drivers\downld\307125.exe
c:\documents and settings\Flo\Application Data\drivers\downld\307625.exe
c:\documents and settings\Flo\Application Data\drivers\downld\307671.exe
c:\documents and settings\Flo\Application Data\drivers\downld\307968.exe
c:\documents and settings\Flo\Application Data\drivers\downld\308203.exe
c:\documents and settings\Flo\Application Data\drivers\downld\308468.exe
c:\documents and settings\Flo\Application Data\drivers\downld\309078.exe
c:\documents and settings\Flo\Application Data\drivers\downld\309359.exe
c:\documents and settings\Flo\Application Data\drivers\downld\309437.exe
c:\documents and settings\Flo\Application Data\drivers\downld\309781.exe
c:\documents and settings\Flo\Application Data\drivers\downld\310312.exe
c:\documents and settings\Flo\Application Data\drivers\downld\310984.exe
c:\documents and settings\Flo\Application Data\drivers\downld\311875.exe
c:\documents and settings\Flo\Application Data\drivers\downld\312546.exe
c:\documents and settings\Flo\Application Data\drivers\downld\313171.exe
c:\documents and settings\Flo\Application Data\drivers\downld\313312.exe
c:\documents and settings\Flo\Application Data\drivers\downld\313593.exe
c:\documents and settings\Flo\Application Data\drivers\downld\314031.exe
c:\documents and settings\Flo\Application Data\drivers\downld\314578.exe
c:\documents and settings\Flo\Application Data\drivers\downld\314875.exe
c:\documents and settings\Flo\Application Data\drivers\downld\315578.exe
c:\documents and settings\Flo\Application Data\drivers\downld\315875.exe
c:\documents and settings\Flo\Application Data\drivers\downld\320046.exe
c:\documents and settings\Flo\Application Data\drivers\downld\321578.exe
c:\documents and settings\Flo\Application Data\drivers\downld\323015.exe
c:\documents and settings\Flo\Application Data\drivers\downld\323781.exe
c:\documents and settings\Flo\Application Data\drivers\downld\324515.exe
c:\documents and settings\Flo\Application Data\drivers\downld\325156.exe
c:\documents and settings\Flo\Application Data\drivers\downld\325484.exe
c:\documents and settings\Flo\Application Data\drivers\downld\325578.exe
c:\documents and settings\Flo\Application Data\drivers\downld\328453.exe
c:\documents and settings\Flo\Application Data\drivers\downld\329984.exe
c:\documents and settings\Flo\Application Data\drivers\downld\330234.exe
c:\documents and settings\Flo\Application Data\drivers\downld\330687.exe
c:\documents and settings\Flo\Application Data\drivers\downld\334828.exe
c:\documents and settings\Flo\Application Data\drivers\downld\335750.exe
c:\documents and settings\Flo\Application Data\drivers\downld\335781.exe
c:\documents and settings\Flo\Application Data\drivers\downld\336078.exe
c:\documents and settings\Flo\Application Data\drivers\downld\336500.exe
c:\documents and settings\Flo\Application Data\drivers\downld\337812.exe
c:\documents and settings\Flo\Application Data\drivers\downld\342250.exe
c:\documents and settings\Flo\Application Data\drivers\downld\342765.exe
c:\documents and settings\Flo\Application Data\drivers\downld\343187.exe
c:\documents and settings\Flo\Application Data\drivers\downld\343390.exe
c:\documents and settings\Flo\Application Data\drivers\downld\343781.exe
c:\documents and settings\Flo\Application Data\drivers\downld\343906.exe
c:\documents and settings\Flo\Application Data\drivers\downld\344656.exe
c:\documents and settings\Flo\Application Data\drivers\downld\345187.exe
c:\documents and settings\Flo\Application Data\drivers\downld\345203.exe
c:\documents and settings\Flo\Application Data\drivers\downld\345625.exe
c:\documents and settings\Flo\Application Data\drivers\downld\346718.exe
c:\documents and settings\Flo\Application Data\drivers\downld\347625.exe
c:\documents and settings\Flo\Application Data\drivers\downld\347828.exe
c:\documents and settings\Flo\Application Data\drivers\downld\349046.exe
c:\documents and settings\Flo\Application Data\drivers\downld\350453.exe
c:\documents and settings\Flo\Application Data\drivers\downld\350828.exe
c:\documents and settings\Flo\Application Data\drivers\downld\351000.exe
c:\documents and settings\Flo\Application Data\drivers\downld\351078.exe
c:\documents and settings\Flo\Application Data\drivers\downld\354843.exe
c:\documents and settings\Flo\Application Data\drivers\downld\358421.exe
c:\documents and settings\Flo\Application Data\drivers\downld\359093.exe
c:\documents and settings\Flo\Application Data\drivers\downld\359937.exe
c:\documents and settings\Flo\Application Data\drivers\downld\360203.exe
c:\documents and settings\Flo\Application Data\drivers\downld\360437.exe
c:\documents and settings\Flo\Application Data\drivers\downld\374921.exe
c:\documents and settings\Flo\Application Data\drivers\downld\375656.exe
c:\documents and settings\Flo\Application Data\drivers\downld\375718.exe
c:\documents and settings\Flo\Application Data\drivers\downld\387687.exe
c:\documents and settings\Flo\Application Data\drivers\downld\388984.exe
c:\documents and settings\Flo\Application Data\drivers\downld\389468.exe
c:\documents and settings\Flo\Application Data\drivers\downld\390453.exe
c:\documents and settings\Flo\Application Data\drivers\downld\391218.exe
c:\documents and settings\Flo\Application Data\drivers\downld\391703.exe
c:\documents and settings\Flo\Application Data\drivers\downld\396187.exe
c:\documents and settings\Flo\Application Data\drivers\downld\397078.exe
c:\documents and settings\Flo\Application Data\drivers\downld\397156.exe
c:\documents and settings\Flo\Application Data\drivers\downld\406437.exe
c:\documents and settings\Flo\Application Data\drivers\downld\408093.exe
c:\documents and settings\Flo\Application Data\drivers\downld\409140.exe
c:\documents and settings\Flo\Application Data\drivers\downld\410031.exe
c:\documents and settings\Flo\Application Data\drivers\downld\410125.exe
c:\documents and settings\Flo\Application Data\drivers\downld\410859.exe
c:\documents and settings\Flo\Application Data\drivers\downld\411078.exe
c:\documents and settings\Flo\Application Data\drivers\downld\411468.exe
c:\documents and settings\Flo\Application Data\drivers\downld\412218.exe
c:\documents and settings\Flo\Application Data\drivers\downld\412656.exe
c:\documents and settings\Flo\Application Data\drivers\downld\413406.exe
c:\documents and settings\Flo\Application Data\drivers\downld\414203.exe
c:\documents and settings\Flo\Application Data\drivers\downld\415312.exe
c:\documents and settings\Flo\Application Data\drivers\downld\420187.exe
c:\documents and settings\Flo\Application Data\drivers\downld\421828.exe
c:\documents and settings\Flo\Application Data\drivers\downld\421890.exe
c:\documents and settings\Flo\Application Data\drivers\downld\422406.exe
c:\documents and settings\Flo\Application Data\drivers\downld\422750.exe
c:\documents and settings\Flo\Application Data\drivers\downld\423125.exe
c:\documents and settings\Flo\Application Data\drivers\downld\423671.exe
c:\documents and settings\Flo\Application Data\drivers\downld\424468.exe
c:\documents and settings\Flo\Application Data\drivers\downld\425375.exe
c:\documents and settings\Flo\Application Data\drivers\downld\426156.exe
c:\documents and settings\Flo\Application Data\drivers\downld\429531.exe
c:\documents and settings\Flo\Application Data\drivers\downld\431078.exe
c:\documents and settings\Flo\Application Data\drivers\downld\431656.exe
c:\documents and settings\Flo\Application Data\drivers\downld\436218.exe
c:\documents and settings\Flo\Application Data\drivers\downld\437125.exe
c:\documents and settings\Flo\Application Data\drivers\downld\437515.exe
c:\documents and settings\Flo\Application Data\drivers\downld\446171.exe
c:\documents and settings\Flo\Application Data\drivers\downld\446953.exe
c:\documents and settings\Flo\Application Data\drivers\downld\446984.exe
c:\documents and settings\Flo\Application Data\drivers\downld\447343.exe
c:\documents and settings\Flo\Application Data\drivers\downld\454046.exe
c:\documents and settings\Flo\Application Data\drivers\downld\456296.exe
c:\documents and settings\Flo\Application Data\drivers\downld\459781.exe
c:\documents and settings\Flo\Application Data\drivers\downld\460406.exe
c:\documents and settings\Flo\Application Data\drivers\downld\460578.exe
c:\documents and settings\Flo\Application Data\drivers\downld\461453.exe
c:\documents and settings\Flo\Application Data\drivers\downld\464500.exe
c:\documents and settings\Flo\Application Data\drivers\downld\465468.exe
c:\documents and settings\Flo\Application Data\drivers\downld\465687.exe
c:\documents and settings\Flo\Application Data\drivers\downld\467687.exe
c:\documents and settings\Flo\Application Data\drivers\downld\468906.exe
c:\documents and settings\Flo\Application Data\drivers\downld\483718.exe
c:\documents and settings\Flo\Application Data\drivers\downld\484984.exe
c:\documents and settings\Flo\Application Data\drivers\downld\486750.exe
c:\documents and settings\Flo\Application Data\drivers\downld\488375.exe
c:\documents and settings\Flo\Application Data\drivers\downld\489750.exe
c:\documents and settings\Flo\Application Data\drivers\downld\490687.exe
c:\documents and settings\Flo\Application Data\drivers\downld\494015.exe
c:\documents and settings\Flo\Application Data\drivers\downld\494812.exe
c:\documents and settings\Flo\Application Data\drivers\downld\495078.exe
c:\documents and settings\Flo\Application Data\drivers\downld\495531.exe
c:\documents and settings\Flo\Application Data\drivers\downld\502984.exe
c:\documents and settings\Flo\Application Data\drivers\downld\516421.exe
c:\documents and settings\Flo\Application Data\drivers\downld\517843.exe
c:\documents and settings\Flo\Application Data\drivers\downld\518312.exe
c:\documents and settings\Flo\Application Data\drivers\downld\526140.exe
c:\documents and settings\Flo\Application Data\drivers\downld\531296.exe
c:\documents and settings\Flo\Application Data\drivers\downld\531828.exe
c:\documents and settings\Flo\Application Data\drivers\downld\537078.exe
c:\documents and settings\Flo\Application Data\drivers\downld\538390.exe
c:\documents and settings\Flo\Application Data\drivers\downld\539062.exe
c:\documents and settings\Flo\Application Data\drivers\downld\561906.exe
c:\documents and settings\Flo\Application Data\drivers\downld\564640.exe
c:\documents and settings\Flo\Application Data\drivers\downld\566515.exe
c:\documents and settings\Flo\Application Data\drivers\downld\566859.exe
c:\documents and settings\Flo\Application Data\drivers\downld\576375.exe
c:\documents and settings\Flo\Application Data\drivers\downld\577515.exe
c:\documents and settings\Flo\Application Data\drivers\downld\577984.exe
c:\documents and settings\Flo\Application Data\drivers\downld\590500.exe
c:\documents and settings\Flo\Application Data\drivers\downld\592156.exe
c:\documents and settings\Flo\Application Data\drivers\downld\592625.exe
c:\documents and settings\Flo\Application Data\drivers\downld\67062.exe
c:\documents and settings\Flo\Application Data\drivers\downld\67703.exe
c:\documents and settings\Flo\Application Data\drivers\downld\67750.exe
c:\documents and settings\Flo\Application Data\drivers\downld\69359.exe
c:\documents and settings\Flo\Application Data\drivers\downld\70250.exe
c:\documents and settings\Flo\Application Data\drivers\downld\73187.exe
c:\documents and settings\Flo\Application Data\drivers\downld\73453.exe
c:\documents and settings\Flo\Application Data\drivers\downld\73484.exe
c:\documents and settings\Flo\Application Data\drivers\downld\74078.exe
c:\documents and settings\Flo\Application Data\drivers\downld\74140.exe
c:\documents and settings\Flo\Application Data\drivers\downld\74812.exe
c:\documents and settings\Flo\Application Data\drivers\downld\74828.exe
c:\documents and settings\Flo\Application Data\drivers\downld\75250.exe
c:\documents and settings\Flo\Application Data\drivers\downld\75437.exe
c:\documents and settings\Flo\Application Data\drivers\downld\76671.exe
c:\documents and settings\Flo\Application Data\drivers\downld\76828.exe
c:\documents and settings\Flo\Application Data\drivers\downld\76843.exe
c:\documents and settings\Flo\Application Data\drivers\downld\78156.exe
c:\documents and settings\Flo\Application Data\drivers\downld\79343.exe
c:\documents and settings\Flo\Application Data\drivers\downld\79968.exe
c:\documents and settings\Flo\Application Data\drivers\downld\80265.exe
c:\documents and settings\Flo\Application Data\drivers\downld\81156.exe
c:\documents and settings\Flo\Application Data\drivers\downld\82984.exe
c:\documents and settings\Flo\Application Data\drivers\downld\83453.exe
c:\documents and settings\Flo\Application Data\drivers\downld\87234.exe
c:\documents and settings\Flo\Application Data\drivers\downld\87828.exe
c:\documents and settings\Flo\Application Data\drivers\downld\88000.exe
c:\documents and settings\Flo\Application Data\drivers\downld\88156.exe
c:\documents and settings\Flo\Application Data\drivers\downld\90390.exe
c:\documents and settings\Flo\Application Data\drivers\downld\92687.exe
c:\documents and settings\Flo\Application Data\drivers\downld\93000.exe
c:\documents and settings\Flo\Application Data\drivers\downld\94453.exe
c:\documents and settings\Flo\Application Data\drivers\downld\94562.exe
c:\documents and settings\Flo\Application Data\drivers\downld\94671.exe
c:\documents and settings\Flo\Application Data\drivers\downld\96046.exe
c:\documents and settings\Flo\Application Data\drivers\downld\99984.exe
c:\documents and settings\Flo\Application Data\drivers\srosa.sys
c:\documents and settings\Flo\Application Data\drivers\srosa2.sys
c:\documents and settings\Flo\Application Data\drivers\winupgro.exe
c:\documents and settings\Flo\Application Data\m
c:\documents and settings\Flo\Application Data\m\data.oct
c:\documents and settings\Flo\Application Data\m\flec006.exe
c:\documents and settings\Flo\Application Data\m\list.oct
c:\documents and settings\Flo\Application Data\m\shared\[0].Avast.Antivirus.Pro.v4.7.844.Fr.Incl-Keygen.zip
c:\documents and settings\Flo\Application Data\m\shared\[game-mobile.java].Nokia.Samsung.Sony.Motorola.Siemens.Soccer Pack.zip
c:\documents and settings\Flo\Application Data\m\shared\[u]0/u01 File Joiner and Splitter 4.0.zip
c:\documents and settings\Flo\Application Data\m\shared\360Share Pro 4.13.1.zip
c:\documents and settings\Flo\Application Data\m\shared\AcaStat 6.0.2.zip
c:\documents and settings\Flo\Application Data\m\shared\ACCESS Dictionary French Swedish 1.0.zip
c:\documents and settings\Flo\Application Data\m\shared\Agree AVI WMV MPEG ASF 3GP to iPod Converter 4.0.zip
c:\documents and settings\Flo\Application Data\m\shared\Alt WMA to MP3 Converter 2.5.zip
c:\documents and settings\Flo\Application Data\m\shared\AMS Audio Masking System 1.00.zip
c:\documents and settings\Flo\Application Data\m\shared\APM Structure 3D LT 9.2.zip
c:\documents and settings\Flo\Application Data\m\shared\Aston Secure Desktop 1.9.6.zip
c:\documents and settings\Flo\Application Data\m\shared\Astrology for Lovers 2.21.zip
c:\documents and settings\Flo\Application Data\m\shared\AutoTXTMe 1.0.3.zip
c:\documents and settings\Flo\Application Data\m\shared\Babya Logic 1.0.zip
c:\documents and settings\Flo\Application Data\m\shared\Barnes Ballistics 2.0.8.zip
c:\documents and settings\Flo\Application Data\m\shared\Baseball ScoreBook 3.4.zip
c:\documents and settings\Flo\Application Data\m\shared\Basic Setup Builder 1.0.zip
c:\documents and settings\Flo\Application Data\m\shared\BIGSPEED Video Compression SDK 1.0.zip
c:\documents and settings\Flo\Application Data\m\shared\Brooke Burke Screensaver Set 1.zip
c:\documents and settings\Flo\Application Data\m\shared\Calendar Universal 1.0.zip
c:\documents and settings\Flo\Application Data\m\shared\Capcom.com Web Search 1.0.zip
c:\documents and settings\Flo\Application Data\m\shared\CD Mate 2.5.4.17.zip
c:\documents and settings\Flo\Application Data\m\shared\Chevrolet Silverado Screensaver 1.zip
c:\documents and settings\Flo\Application Data\m\shared\Chinese Character Bible 5.1.zip
c:\documents and settings\Flo\Application Data\m\shared\Circle-U 1.0.zip
c:\documents and settings\Flo\Application Data\m\shared\ClinicGate Standard 2.8.zip
c:\documents and settings\Flo\Application Data\m\shared\ComputerSafe 3.0.0.5.zip
c:\documents and settings\Flo\Application Data\m\shared\Content Infinity 3.zip
c:\documents and settings\Flo\Application Data\m\shared\Cool Toys Finder 1.1.zip
c:\documents and settings\Flo\Application Data\m\shared\CuperUtilities Privacy Eraser 2.01.zip
c:\documents and settings\Flo\Application Data\m\shared\DBF to SQL2000 2.02.zip
c:\documents and settings\Flo\Application Data\m\shared\Delicious Fruits and Cakes 1.4.zip
c:\documents and settings\Flo\Application Data\m\shared\DGS Check 3.2.zip
c:\documents and settings\Flo\Application Data\m\shared\Disk Speed Test 1.1.40.5.zip
c:\documents and settings\Flo\Application Data\m\shared\DivX Create Bundle (incl. DivX Player) 6.8.5.11.zip
c:\documents and settings\Flo\Application Data\m\shared\DSS 060205JHS.zip
c:\documents and settings\Flo\Application Data\m\shared\DVDComposer 1.0.5.zip
c:\documents and settings\Flo\Application Data\m\shared\EaseUs Data Recovery Wizard Professional 4.3.6.zip
c:\documents and settings\Flo\Application Data\m\shared\Easy CD Ripper 2.3.10.zip
c:\documents and settings\Flo\Application Data\m\shared\Easy Photo Editor 1.8.zip
c:\documents and settings\Flo\Application Data\m\shared\EkinSis Hide Folder 1.0.zip
c:\documents and settings\Flo\Application Data\m\shared\Elecard AVC plugin for ProgDVB 1.0.70405.zip
c:\documents and settings\Flo\Application Data\m\shared\Elegant Stickies 1.2.zip
c:\documents and settings\Flo\Application Data\m\shared\ESet.NOD32.v2.50.16.Win2KXP.Cracked.READ.NFO-KYA.zip
c:\documents and settings\Flo\Application Data\m\shared\Evolynx RADIUS Load Test Utility 2.0.zip
c:\documents and settings\Flo\Application Data\m\shared\EzBrowser Tabbed Webbrowser 1.0.zip
c:\documents and settings\Flo\Application Data\m\shared\File String Finder 1.0.zip
c:\documents and settings\Flo\Application Data\m\shared\Flash Media Player 3.51.zip
c:\documents and settings\Flo\Application Data\m\shared\FM Books Connector.zip
c:\documents and settings\Flo\Application Data\m\shared\FocalPoint Image Browser 1.4.2.zip
c:\documents and settings\Flo\Application Data\m\shared\FontNames 3.zip
c:\documents and settings\Flo\Application Data\m\shared\Force Content-Type 1.2.1.zip
c:\documents and settings\Flo\Application Data\m\shared\FoxoSoft PPT to Image 2.4.zip
c:\documents and settings\Flo\Application Data\m\shared\Free Precision Rip 1.0.zip
c:\documents and settings\Flo\Application Data\m\shared\FreeMouse 1.0.zip
c:\documents and settings\Flo\Application Data\m\shared\Frequency Filer 4.42.zip
c:\documents and settings\Flo\Application Data\m\shared\FroogleUp 1.2.0.zip
c:\documents and settings\Flo\Application Data\m\shared\FTP Commander 8.0.zip
c:\documents and settings\Flo\Application Data\m\shared\Game Accelerator 7.9.95.zip
c:\documents and settings\Flo\Application Data\m\shared\Get Remote File System Rights 3.0.0.3.zip
c:\documents and settings\Flo\Application Data\m\shared\Ghost Forest Screen Saver 1 1.5.zip
c:\documents and settings\Flo\Application Data\m\shared\Glu Mobile Zuma v1.1.0.zip
c:\documents and settings\Flo\Application Data\m\shared\gMail for your domain Monitor 0.5.zip
c:\documents and settings\Flo\Application Data\m\shared\Grisoft.AVG.AntiVirus.Pro.v7.5.441.Incl.KeyGen-SSG.zip
c:\documents and settings\Flo\Application Data\m\shared\Halloween Bubbles Screensaver 1.0.zip
c:\documents and settings\Flo\Application Data\m\shared\Harry Potter Clock 2.0.zip
c:\documents and settings\Flo\Application Data\m\shared\Hells Gate ScreenSaver 6.0.zip
c:\documents and settings\Flo\Application Data\m\shared\IconEdit 0.9b.zip
c:\documents and settings\Flo\Application Data\m\shared\iCopy - Simple Photocopier 1.43.zip
c:\documents and settings\Flo\Application Data\m\shared\ImagePurge 1.0 Beta.zip
c:\documents and settings\Flo\Application Data\m\shared\iOrgSoft MP4 Video Converter 1.6.0.zip
c:\documents and settings\Flo\Application Data\m\shared\King Clock Spirit 2.0.zip
c:\documents and settings\Flo\Application Data\m\shared\LDAP Plugin 1.01.zip
c:\documents and settings\Flo\Application Data\m\shared\liveDJpro Aqua Edition 1.4.595.zip
c:\documents and settings\Flo\Application Data\m\shared\Loving Diana toolbar for Firefox 1.0.1.30.zip
c:\documents and settings\Flo\Application Data\m\shared\Market Reflex 1.2.zip
c:\documents and settings\Flo\Application Data\m\shared\Marocco 1.0.zip
c:\documents and settings\Flo\Application Data\m\shared\MB Free Zodiac Compatibility 1.25.zip
c:\documents and settings\Flo\Application Data\m\shared\Metty Meta Tag Maker 1.31.zip
c:\documents and settings\Flo\Application Data\m\shared\Microsoft Office - CS3 Icons.zip
c:\documents and settings\Flo\Application Data\m\shared\mirabyte Feed Writer 1.5.3.zip
c:\documents and settings\Flo\Application Data\m\shared\MixPad 1.14.zip
c:\documents and settings\Flo\Application Data\m\shared\Mountain Lakes Screensaver 1.0.zip
c:\documents and settings\Flo\Application Data\m\shared\MX Webshots Photo Downloader 1.0.375.0.zip
c:\documents and settings\Flo\Application Data\m\shared\Naturpic Video Joiner 1.20.zip
c:\documents and settings\Flo\Application Data\m\shared\NetWebDownload .Net Component 1.0.0.0.zip
c:\documents and settings\Flo\Application Data\m\shared\Newzip 1.9b1.zip
c:\documents and settings\Flo\Application Data\m\shared\OMNI-BOOT 1.0.zip
c:\documents and settings\Flo\Application Data\m\shared\Panda.Antivirus.Titanium.2005.(crackeado.y.con.contrasenya).zip
c:\documents and settings\Flo\Application Data\m\shared\Password Maintenance 2.29.zip
c:\documents and settings\Flo\Application Data\m\shared\Password Recovery Toolbox 1.2.zip
c:\documents and settings\Flo\Application Data\m\shared\Pitfall Caves - Esp_ ByJJ 2005 Nokia s40-60.zip
c:\documents and settings\Flo\Application Data\m\shared\Prevx1.52(2)buono.sicuro.zip
c:\documents and settings\Flo\Application Data\m\shared\PrintForm 2.1.0.7.zip
c:\documents and settings\Flo\Application Data\m\shared\Probability Calc 1.00.zip
c:\documents and settings\Flo\Application Data\m\shared\ProcAlert 1.3.4.2750.zip
c:\documents and settings\Flo\Application Data\m\shared\ProxyWidget 1.2.zip
c:\documents and settings\Flo\Application Data\m\shared\QuantumDC 0.002.zip
c:\documents and settings\Flo\Application Data\m\shared\Rapid-Emailer 2.0.2.zip
c:\documents and settings\Flo\Application Data\m\shared\Recovery Mechanic 4.0.zip
c:\documents and settings\Flo\Application Data\m\shared\RegEditX 2.0.zip
c:\documents and settings\Flo\Application Data\m\shared\ResSched 8.2d.zip
c:\documents and settings\Flo\Application Data\m\shared\RomanNumbers 1.01.zip
c:\documents and settings\Flo\Application Data\m\shared\Scratch DE 1.26b.zip
c:\documents and settings\Flo\Application Data\m\shared\SensorKleen Pro 2.1.2.zip
c:\documents and settings\Flo\Application Data\m\shared\Setdate 1.2.1.zip
c:\documents and settings\Flo\Application Data\m\shared\ShowFont - Windows Font Lister 1.12.zip
c:\documents and settings\Flo\Application Data\m\shared\Skype Lite 3.6.32.244.zip
c:\documents and settings\Flo\Application Data\m\shared\SMTP Server Pro 3.1.zip
c:\documents and settings\Flo\Application Data\m\shared\Sonic Visualiser 1.0 pre3.zip
c:\documents and settings\Flo\Application Data\m\shared\Spb Mobile DVD 1.1.0 build 110.zip
c:\documents and settings\Flo\Application Data\m\shared\Spicy ZIP Calculator 1.0.zip
c:\documents and settings\Flo\Application Data\m\shared\SplitIt System 1.0.zip
c:\documents and settings\Flo\Application Data\m\shared\Stellar Phoenix FAT & NTFS - Data Recovery Software 2.1.zip
c:\documents and settings\Flo\Application Data\m\shared\StraightForward Tools 2.0.zip
c:\documents and settings\Flo\Application Data\m\shared\Talksport Radio 1.1.zip
c:\documents and settings\Flo\Application Data\m\shared\Telnet Ftp Server 1.0.1250.zip
c:\documents and settings\Flo\Application Data\m\shared\The Snowdrop Screensaver 1.2.zip
c:\documents and settings\Flo\Application Data\m\shared\Toddler Keys .97.zip
c:\documents and settings\Flo\Application Data\m\shared\ToDoList 5.4 Beta.zip
c:\documents and settings\Flo\Application Data\m\shared\USB Redirector RDP Edition 1.3.3.zip
c:\documents and settings\Flo\Application Data\m\shared\Velox Calendar and Planner 2.01.zip
c:\documents and settings\Flo\Application Data\m\shared\WebCam Video Surveillance Motion Detect 2.0.6.0 Final.zip
c:\documents and settings\Flo\Application Data\m\shared\WinRegChanger 3.0.293.zip
c:\documents and settings\Flo\Application Data\m\shared\wmlbrowser 0.7.18.zip
c:\documents and settings\Flo\Application Data\m\shared\XML Reference.zip
c:\documents and settings\Flo\Application Data\m\shared\ZAP Media Lite 3.50.zip
c:\documents and settings\Flo\Application Data\m\shared\Zip Solution 4.3.zip
c:\documents and settings\Flo\Application Data\m\srvlist.oct
c:\documents and settings\Flo\Local Settings\Application Data\isyuo.dat
c:\documents and settings\Flo\Local Settings\Application Data\isyuo.exe
c:\documents and settings\Flo\Local Settings\Application Data\isyuo_nav.dat
c:\documents and settings\Flo\Local Settings\Application Data\isyuo_navps.dat
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\ban_list.txt
c:\windows\system32\mdelk.exe
c:\windows\system32\mdm.exe
c:\windows\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s


((((((((((((((((((((((((((((( Fichiers créés du 2008-12-07 au 2009-01-07 ))))))))))))))))))))))))))))))))))))
.

2009-01-07 00:26 . 2009-01-07 00:26 <REP> d-------- c:\program files\CCleaner
2009-01-06 23:34 . 2009-01-06 23:34 3,120 --a------ c:\windows\system32\118290.54
2009-01-06 23:34 . 2009-01-06 23:34 3,120 --a------ c:\windows\118294.78
2009-01-06 23:33 . 1996-08-20 20:37 15,840 --a------ c:\windows\system32\Machnm1.exe
2009-01-06 23:33 . 2005-09-25 16:37 5,632 --a------ c:\windows\system32\Machnm64.sys
2009-01-06 23:33 . 2003-08-13 00:27 2,304 --a------ c:\windows\system32\Machnm32.sys
2009-01-06 23:09 . 2009-01-06 23:09 <REP> d-------- c:\program files\Panda Security
2009-01-06 22:19 . 2009-01-07 00:16 <REP> d-------- c:\program files\FindyKill
2009-01-06 19:35 . 2009-01-06 23:43 <REP> d-------- c:\windows\BDOSCAN8
2009-01-05 13:56 . 2009-01-05 13:56 <REP> d-------- c:\documents and settings\Flo\Application Data\AVGTOOLBAR
2009-01-04 00:52 . 2009-01-07 02:48 <REP> d--h----- c:\documents and settings\Flo\Application Data\drivers
2008-12-23 12:03 . 2008-12-23 12:03 <REP> d-------- C:\Poker
2008-12-08 19:21 . 2008-12-08 19:22 <REP> d-------- c:\program files\QuickTime
2008-12-08 19:21 . 2008-12-08 19:21 <REP> d-------- c:\program files\Fichiers communs\Apple

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 23:18 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-06 20:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-05 15:24 --------- d-----w c:\program files\eMule
2009-01-05 14:46 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-18 13:10 --------- d-----w c:\program files\TuneUp Utilities 2006
2008-12-08 18:21 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-04 18:32 --------- d-----w c:\program files\SFR
1999-04-06 12:27 99,840 -c--a-w c:\program files\Fichiers communs\IRAABOUT.DLL
1998-12-09 02:53 70,144 -c--a-w c:\program files\Fichiers communs\IRAMDMTR.DLL
1998-12-09 02:53 48,640 -c--a-w c:\program files\Fichiers communs\IRALPTTR.DLL
1998-12-09 02:53 31,744 -c--a-w c:\program files\Fichiers communs\IRAWEBTR.DLL
1998-12-09 02:53 186,368 -c--a-w c:\program files\Fichiers communs\IRAREG.DLL
1998-12-09 02:53 17,920 -c--a-w c:\program files\Fichiers communs\IRASRIAL.DLL
2004-12-13 18:27 8 -csh--r c:\windows\system32\EAB808E419.sys
2004-12-13 18:27 4,184 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-08-27 15:43 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082720080828\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-05-21 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-08 159744]
"D-Link AirPlus XtremeG"="c:\program files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2005-08-04 1294336]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-05-22 483328]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 49152]
"Autoconfigurateur WiFi SFR"="c:\program files\SFR\Kit\WiFi\9wifi.exe" [2008-09-01 287984]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AGRSMMSG"="AGRSMMSG.exe" [2004-01-30 c:\windows\AGRSMMSG.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 c:\windows\LOGI_MWX.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^LUMIX Simple Viewer.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\LUMIX Simple Viewer.lnk
backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"LDM"=c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MMTray"=c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
"UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
"mmtask"=c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
"EPSON Stylus Photo RX520 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"\\LEGROS\EPSON Stylus Photo RX520 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P40 "\\LEGROS\EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
"nwiz"=nwiz.exe /install
"Cpqset"=c:\program files\HPQ\Default Settings\cpqset.exe
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" /Start

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25491:TCP"= 25491:TCP:emule_TCP
"50920:UDP"= 50920:UDP:eMule_UDP
"4662:TCP"= 4662:TCP:emule_tcp
"4662:UDP"= 4662:UDP:emule_udp
"4711:TCP"= 4711:TCP:emule_tcp
"4672:TCP"= 4672:TCP:Emule TCP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)

R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-03-22 547744]
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;c:\windows\system32\drivers\usbiad.sys [2005-05-18 31547]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{340acdb2-4ef6-11dd-b6e8-0015e98418a7}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c29aa511-c2d6-11dd-b749-000fb0416dbe}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat
.
Contenu du dossier 'Tâches planifiées'

2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-02 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-11-10 22:03]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU-Run-isyuo - c:\documents and settings\flo\local settings\application data\isyuo.exe
Notify-NavLogon - (no file)


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Enregistrer le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Personnaliser le menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Remplir le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 02:51:50
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wscntfy.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\windows\system32\rundll32.exe
c:\program files\Apoint2K\ApntEx.exe
.
**************************************************************************
.
Heure de fin: 2009-01-07 2:59:09 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-07 01:59:02

Avant-CF: 12,307,824,640 octets libres
AprÞs-CF: 12,369,104,896 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=Alwaysoff

753 --- E O F --- 2009-01-07 01:45:48
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 24
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
7 janv. 2009 à 03:13
Tu peux faire l'option 2 de FindyKill et poster le rapport ;)
0
Réponse 6 / 24
shivafro Messages postés 28 Date d'inscription mercredi 7 janvier 2009 Statut Membre Dernière intervention 8 janvier 2009
7 janv. 2009 à 03:37
c magique, ca marche...!

rapport findykill:



----------------- FindyKill V4.707 ------------------

* User : Flo - FLORIANE
* executed from : C:\Program Files\FindyKill
* Update on 06/12/08 par Chiquitine29
* Start at 3:30:15 the 07/01/2009
* Windows XP - Internet Explorer 7.0.5730.11


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\WINDOWS


»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\103250.EXE-2C9D3F57.pf
Deleted ! - C:\WINDOWS\prefetch\131828.EXE-119FFF4A.pf
Deleted ! - C:\WINDOWS\prefetch\141640.EXE-23847329.pf
Deleted ! - C:\WINDOWS\prefetch\185953.EXE-2C51CD2F.pf
Deleted ! - C:\WINDOWS\prefetch\219796.EXE-161EBBA0.pf
Deleted ! - C:\WINDOWS\prefetch\227937.EXE-352A938E.pf
Deleted ! - C:\WINDOWS\prefetch\307109.EXE-048A7335.pf
Deleted ! - C:\WINDOWS\prefetch\420187.EXE-2452EA7D.pf
Deleted ! - C:\WINDOWS\prefetch\526140.EXE-2F079FDA.pf
Deleted ! - C:\WINDOWS\prefetch\561906.EXE-331FA353.pf
Deleted ! - C:\WINDOWS\prefetch\94562.EXE-140ABE00.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-26D1F83A.pf
Deleted ! - C:\WINDOWS\prefetch\KEYGEN.EXE-074286F1.pf
Deleted ! - C:\WINDOWS\prefetch\KEYGEN.EXE-373FD45E.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf

»»»» Supression files in C:\WINDOWS\system32


»»»» Supression files in C:\WINDOWS\system32\drivers


»»»» Supression files in C:\Documents and Settings\Flo\Application Data


»»»» Supression files in C:\DOCUME~1\Flo\LOCALS~1\Temp


»»»» Supression files in C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\Flo\Local Settings\Application Data\Microsoft\Media Player\Cache d'images\LocalMLS\{BF792C5B-2AB7-4B64-81DD-7A4B08792F32}.jpg

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_USERS\S-1-5-21-816922679-1068368558-965301425-1007\Software\Local AppWizard-Generated Applications\keygen

--------------- [ States / Restarting of services ] ----------------



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe


+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Cracks / Keygen ] ----------------

C:\Documents and Settings\Flo\Favoris\Astalavista.MS - Underground search for cracks serials keygens patches warez search, free cracks serials keygens patches, anony.url


---------------- ! End of report ! ------------------
0
Réponse 7 / 24
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
7 janv. 2009 à 03:40
Bien. Il y a encore du nettoyage à faire, tu n'avais pas que Bagle.

--> Réinstalle les logiciels qui ont été infectés (Antivirus...)

--> Télécharge UsbFix (de Chiquitine29) sur ton Bureau.

--> Lance l'installation avec les paramètres par défaut.

--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

--> Double-clique sur le raccourci UsbFix sur ton Bureau.

--> Choisis l'option 1 (Nettoyage).

--> Le PC va redémarrer.

--> Après redémarrage, poste le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

(Si le Bureau ne réapparaît pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)
0
Réponse 8 / 24
shivafro Messages postés 28 Date d'inscription mercredi 7 janvier 2009 Statut Membre Dernière intervention 8 janvier 2009
7 janv. 2009 à 03:56
merci.

Rapport usb fix:


-------------- UsbFix V2.413.9 ---------------

* User : Flo - FLORIANE
* Outils mis a jours le 05/01/2009 par Chiquitine29 et Chimay8
* Recherche effectuée à 3:49:53 le 07/01/2009
* Windows Xp - Internet Explorer 7.0.5730.11


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

E: - Lecteur amovible


+- Contenu de l'autorun : E:\autorun.inf

[autorun]
shellexecute=wscript.exe MS32DLL.dll.vbs

--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe


+- Listing des fichiers présents :

[05/08/2004 09:00][-rahs----] C:\ntdetect.com
[24/05/2001 12:59][--a------] C:\UNWISE.EXE
[07/01/2009 02:40][-rahs----] C:\boot.ini
[07/01/2009 02:59][--a------] C:\ComboFix.txt
[07/01/2009 02:59][--a------] C:\FindyKill.txt
[07/01/2009 02:59][--a------] C:\log_lobby.txt
[07/01/2009 02:59][--a------] C:\log_lobby_dumper.txt
[07/01/2009 02:59][--a------] C:\UsbFix.txt
[][] C:\hiberfil.sys
[][] C:\IO.SYS
[][] C:\MSDOS.SYS
[][] C:\pagefile.sys

--------------- [ Lecteur E ] ----------------

E: - Lecteur amovible


+- Listing des fichiers présents :

[18/11/2008 13:49][-rahs----] E:\MS32DLL.dll.vbs
[18/11/2008 13:49][-rahs----] E:\MS32DLL.dll.vbs
[18/11/2008 13:49][-rahs----] E:\autorun.inf

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
RoboForm="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Apoint="C:\Program Files\Apoint2K\Apoint.exe"
AGRSMMSG=AGRSMMSG.exe
Logitech Utility=Logi_MwX.Exe
D-Link AirPlus XtremeG="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe"
HPHmon05=C:\WINDOWS\system32\hphmon05.exe
HPHUPD05="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
BluetoothAuthenticationAgent=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
Autoconfigurateur WiFi SFR="C:\Program Files\SFR\Kit\WiFi\9wifi.exe"
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{340acdb2-4ef6-11dd-b6e8-0015e98418a7}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c29aa511-c2d6-11dd-b749-000fb0416dbe}\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - [18/11/2008 13:49][-rahs----] E:\autorun.inf
Supprimé ! - [18/11/2008 13:49][-rahs----] E:\MS32DLL.dll.vbs

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[05/08/2004 09:00][-rahs----] C:\ntdetect.com
[24/05/2001 12:59][--a------] C:\UNWISE.EXE
[07/01/2009 02:40][-rahs----] C:\boot.ini

--------------- [ Vaccination ] ----------------

C:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
E:\autorun.inf -> Dossier autorun.inf crée par UsbFix !

--------------- ! Fin du rapport ! ----------------
0
Réponse 9 / 24
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
7 janv. 2009 à 03:57
Je vais dormir, bonne nuit ;)

---> Désinstalle UsbFix et FindyKill.

- Télécharge Navilog1 (de IL-MAFIOSO) et enregistre-le sur le Bureau.

- Double-clique sur Navilog1.exe afin de lancer l'installation.

- Si le fix ne se lance pas automatiquement après son installation, double-clique sur Navilog1 présent sur le Bureau.

- Appuie sur F ou f puis valide par Entrée.

- Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options.

- Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix.

- Patiente jusqu'au message : *** Analyse terminée le ..... ***

- Le scan fini, le Bloc-notes contenant le rapport sera affiché, poste le contenu de ce rapport dans ta prochaine réponse.

- Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\fixnavi.txt

N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan.
0
Réponse 10 / 24
shivafro Messages postés 28 Date d'inscription mercredi 7 janvier 2009 Statut Membre Dernière intervention 8 janvier 2009
7 janv. 2009 à 03:59
merci encore bonne nuit
0
Réponse 11 / 24
shivafro Messages postés 28 Date d'inscription mercredi 7 janvier 2009 Statut Membre Dernière intervention 8 janvier 2009
7 janv. 2009 à 04:48
rapport navilog:
Search Navipromo version 3.7.1 commencé le 07/01/2009 à 4:35:02,06

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO

Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation 1996-2001. Tous droits r‚serv‚s.

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP Processor 3000+ )
BIOS : Ver 1.00PARTTBL
USER : Flo ( Administrator )
BOOT : Normal boot




C:\ (Local Disk) - NTFS - Total:37 Go (Free:11 Go)
D:\ (CD or DVD)


Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Flo\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Flo\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Flo\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Flo\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\Flo\locals~1\applic~1" :


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :



*** Analyse terminée le 07/01/2009 à 4:42:41,04 ***
0
Réponse 12 / 24
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
7 janv. 2009 à 14:46
---> Relance Navilog1, fais l'option 2 et poste le rapport.
0
Réponse 13 / 24
shivafro Messages postés 28 Date d'inscription mercredi 7 janvier 2009 Statut Membre Dernière intervention 8 janvier 2009
7 janv. 2009 à 16:11
rapport navilog:

Clean Navipromo version 3.7.1 commencé le 07/01/2009 à 15:51:59,60

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO

Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation 1996-2001. Tous droits r‚serv‚s.

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP Processor 3000+ )
BIOS : Ver 1.00PARTTBL
USER : Flo ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1296 [VPS 090106-1] 4.8.1296 (Activated)


C:\ (Local Disk) - NTFS - Total:37 Go (Free:11 Go)
D:\ (CD or DVD)


Mode suppression automatique
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur


*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\Flo\locals~1\applic~1" *


* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *


*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Flo\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Flo\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Flo\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Flo\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


* Dans "C:\Documents and Settings\Flo\locals~1\applic~1" *


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Recherche autres dossiers et fichiers connus ***



*** Nettoyage terminé le 07/01/2009 à 15:58:28,25 ***
0
Réponse 14 / 24
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
7 janv. 2009 à 16:25
---> Désinstalle Navilog1.

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
0
Réponse 15 / 24
shivafro Messages postés 28 Date d'inscription mercredi 7 janvier 2009 Statut Membre Dernière intervention 8 janvier 2009
7 janv. 2009 à 16:40
rapports RSIT

Logfile of random's system information tool 1.05 (written by random/random)
Run by Flo at 2009-01-07 16:36:09
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 11 GB (30%) free of 38 GB
Total RAM: 255 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:36:44, on 07/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SFR\Kit\WiFi\9wifi.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Flo\Bureau\RSIT.exe
C:\Program Files\trend micro\Flo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - (no file)
O3 - Toolbar: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] "C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPHUPD05] "c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Autoconfigurateur WiFi SFR] "C:\Program Files\SFR\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: offline-8876480 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
0
Réponse 16 / 24
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
7 janv. 2009 à 16:44
1/

---> Lance ce fichier : C:\Program Files\trend micro\Flo.exe

---> Choisis Do a system scan only.

---> Coche les cases qui sont devant les lignes suivantes :

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC

O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

O2 - BHO: (no name) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - (no file)

O3 - Toolbar: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file)

O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

---> Ferme HijackThis.


2/

---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
0
Réponse 17 / 24
shivafro Messages postés 28 Date d'inscription mercredi 7 janvier 2009 Statut Membre Dernière intervention 8 janvier 2009
7 janv. 2009 à 17:08
rapport:

Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1627
Windows 5.1.2600 Service Pack 3

07/01/2009 17:01:02
mbam-log-2009-01-07 (17-01-02).txt

Type de recherche: Examen rapide
Eléments examinés: 55321
Temps écoulé: 8 minute(s), 55 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-100005000004} (Rogue.Installer) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 18 / 24
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
7 janv. 2009 à 17:15
1/

---> Relance MBAM, va dans Quarantaine et supprime tout.

---> Menu Démarrer > Exécuter > Tape combofix /u et valide.

---> Télécharge ToolsCleaner2 sur ton Bureau.
* Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


2/

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
0
Réponse 19 / 24
shivafro Messages postés 28 Date d'inscription mercredi 7 janvier 2009 Statut Membre Dernière intervention 8 janvier 2009
7 janv. 2009 à 17:29
voici les rapports:

[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Combofix.txt: trouvé !
C:\fixnavi.txt: trouvé !
C:\cleannavi.txt: trouvé !
C:\FindyKill.txt: trouvé !
C:\UsbFix.txt: trouvé !
C:\Qoobox: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\Flo\Bureau\rapports infection\FindyKill.txt: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\UsbFix: trouvé !
C:\Program Files\FindyKill: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !
C:\TEMP\HijackThis: trouvé !
C:\TEMP\hijackthis\HijackThis.exe: trouvé !
C:\TEMP\hijackthis\hijackthis.log: trouvé !

---------------------------------
-->- Suppression:

C:\Program Files\trend micro\HijackThis.exe: supprimé !
C:\TEMP\hijackthis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\fixnavi.txt: supprimé !
C:\cleannavi.txt: supprimé !
C:\FindyKill.txt: supprimé !
C:\UsbFix.txt: supprimé !
C:\Documents and Settings\Flo\Bureau\rapports infection\FindyKill.txt: supprimé !
C:\Program Files\trend micro\hijackthis.log: supprimé !
C:\TEMP\hijackthis\hijackthis.log: supprimé !
C:\Qoobox: supprimé !
C:\Rsit: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\UsbFix: supprimé !
C:\Program Files\FindyKill: supprimé !
C:\TEMP\HijackThis: supprimé !

Point de restauration crée !
Corbeille vidée!
Fichiers temporaires nettoyés !


Logfile of random's system information tool 1.05 (written by random/random)
Run by Flo at 2009-01-07 17:26:13
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 12 GB (31%) free of 38 GB
Total RAM: 255 MB (13% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:26:52, on 07/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\SFR\Kit\WiFi\9wifi.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Flo\Bureau\RSIT.exe
C:\Program Files\trend micro\Flo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] "C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPHUPD05] "c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Autoconfigurateur WiFi SFR] "C:\Program Files\SFR\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: offline-8876480 - {05F76204-BB16-4A0C-9DA8-055AD9F32B13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
0
Réponse 20 / 24
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
7 janv. 2009 à 17:37
1/

---> Désinstalle HijackThis.

---> Mets à jour Adobe Reader :
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html

---> Télécharge ToolsCleaner2 sur ton Bureau.
* Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


2/

---> Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
* Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
* Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).


3/

---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger :
http://www.infos-du-net.com/forum/272480-11-desactiver-activer-restauration-systeme

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
https://www.vulgarisation-informatique.com/creer-point-restauration.php


4/

Je te conseille de remplacer Avast par Antivir :
http://www.commentcamarche.net/telecharger/telecharger 55 antivir

Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

Comme navigateur, utilise plutôt Mozilla Firefox qu'Internet Explorer. Tu peux utiliser l'extension Noscript pour plus de sécurité.

Change tes mots de passe vu que tu étais infecté.

Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, Onglet Mises à jour automatiques).

Tu peux aussi modifier le fichier Hosts pour améliorer la sécurité de ton PC :
http://www.commentcamarche.net/faq/sujet 5993 modifier son fichier hosts
https://blog.sosordi.net/category/articles

Par rapport au P2P :
http://www.libellules.ch/...

Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) :
https://www.malekal.com/fichiers/projetantimalwares/prevention-protection.pdf
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
Virus Altruistic
Mael03250 -
MisteryBean -

11 réponses
Chanson la li la li la la la?
blue44650 -
Coutelier -

2 réponses