Se connecter / S'enregistrer
Votre question

[Résolu] Virus je pence ?

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
23 Janvier 2009 15:55:49

Bonjours, :hello: 
Depuis ce matin quand j'ai allumer mon pc normalement il y a mon antivirus et msn qui ce mes en route tous seule mes la rien et aucun logiciel ne veux s'ouvrir sauf internet et des logiciel inutile !

J'ai voulut faire une analyse avec Spybot et Cclener mes eu aussi ne s'ouvre pas j'ai donc télécharger HijackThis mais quand je veut l'installer il me font : " HijackThis.exe n'est pas une application Win32 "

Help me ! :??:  :( 

Autres pages sur : resolu virus pence

a c 267 8 Sécurité
23 Janvier 2009 16:07:08

Salut,

Tu es infecté par Bagle. Tu as téléchargé et exécuté un mauvais fichier.

XP ou Vista ?
m
0
l
Contenus similaires
a c 267 8 Sécurité
23 Janvier 2009 16:29:05

Ça ne sert à rien. Fais plutôt ceci :

  • Télécharge FindyKill (par Chiquitine29) sur ton Bureau.
  • Lance l'installation avec les paramètres par défaut.
  • Double-clique sur le raccourci FindyKill sur ton Bureau.
  • Choisis F pour Français.
  • Au menu principal, choisis l'option 1 (Recherche).
  • Poste le rapport FindyKill.txt

    Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
    m
    0
    l
    23 Janvier 2009 16:38:43

    ok voila le rapport :



    ###################### [ FindyKill V4.714 ]

    # User : Thomas - C-C08A9E6BF21A4
    # Emplacement : C:\Program Files\FindyKill
    # Outils Mis a jours le 19/01/09 par Chiquitine29
    # Recherche effectuée à 16:34:59 le 23/01/2009
    # Windows XP - Internet Explorer 6.0.2900.5512

    # [ FindyKill V4.714 - Scan ] ##############

    \\\\\\\\\\\\\\\\\\\\ [ Processus actifs ] ///////////////////


    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Thomas\Application Data\drivers\winupgro.exe
    C:\Program Files\Hercules\WiFi Station\WifiStation.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Thomas\Application Data\m\flec006.exe
    C:\WINDOWS\system32\wintems.exe
    C:\WINDOWS\explorer.exe

    \\\\\\\\\\\\\\\\\\ [ Processus infectieux stoppés ] ///////////////////


    "C:\Documents and Settings\Thomas\Application Data\drivers\winupgro.exe" (776)
    "C:\Documents and Settings\Thomas\Application Data\m\flec006.exe" (3720)
    "C:\WINDOWS\system32\wintems.exe" (3892)


    \\\\\\\\\\\\\\\\\\ [ Fichiers/Dossiers infectieux ] ///////////////////


    ################## [ C:\ ]


    ################## [ C:\WINDOWS ]


    ################## [ C:\WINDOWS\Prefetch ]

    Found ! - C:\WINDOWS\prefetch\14997078.EXE-115A841F.pf
    Found ! - C:\WINDOWS\prefetch\15004546.EXE-3915C34D.pf
    Found ! - C:\WINDOWS\prefetch\15112062.EXE-2A55AAE5.pf
    Found ! - C:\WINDOWS\prefetch\15182921.EXE-225A826A.pf
    Found ! - C:\WINDOWS\prefetch\15189625.EXE-1F1D42B8.pf
    Found ! - C:\WINDOWS\prefetch\229765.EXE-01F6E52B.pf
    Found ! - C:\WINDOWS\prefetch\238406.EXE-1B6070E2.pf
    Found ! - C:\WINDOWS\prefetch\241953.EXE-34C90CF2.pf
    Found ! - C:\WINDOWS\prefetch\284671.EXE-085EAE24.pf
    Found ! - C:\WINDOWS\prefetch\297640.EXE-322FC87B.pf
    Found ! - C:\WINDOWS\prefetch\385500.EXE-3AD20E20.pf
    Found ! - C:\WINDOWS\prefetch\426609.EXE-02DC20A6.pf
    Found ! - C:\WINDOWS\prefetch\453984.EXE-08D0D01B.pf
    Found ! - C:\WINDOWS\prefetch\484390.EXE-1C56819E.pf
    Found ! - C:\WINDOWS\prefetch\491640.EXE-2EBAD65A.pf
    Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-2D39EA54.pf
    Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
    Found ! - C:\WINDOWS\Prefetch\REF HOTKEY.EXE-07D507FC.pf
    Found ! - C:\WINDOWS\Prefetch\REFHOTKEY-INSTALL.EXE-152F8898.pf
    Found ! - C:\WINDOWS\Prefetch\PATCH.EXE-2810D9FA.pf

    ################## [ C:\WINDOWS\system32 ]

    Found ! [23/01/2009 15:38] - C:\WINDOWS\system32\mdelk.exe
    Found ! [23/01/2009 15:38] - C:\WINDOWS\system32\wintems.exe
    Found ! [23/01/2009 15:38] - C:\WINDOWS\system32\ban_list.txt

    ################## [ C:\WINDOWS\system32\drivers ]


    ################## [ C:\Documents and Settings\Thomas\Application Data ]

    Found ! [23/01/2009 15:36] - "C:\Documents and Settings\Thomas\Application Data\m\flec006.exe"
    Found ! [23/01/2009 15:37] - "C:\Documents and Settings\Thomas\Application Data\m\list.oct"
    Found ! [23/01/2009 15:37] - "C:\Documents and Settings\Thomas\Application Data\m\data.oct"
    Found ! [23/01/2009 15:37] - "C:\Documents and Settings\Thomas\Application Data\m\srvlist.oct"
    Found ! [23/01/2009 15:39] - "C:\Documents and Settings\Thomas\Application Data\m\shared"
    Found ! [22/01/2009 20:27] - "C:\Documents and Settings\Thomas\Application Data\m"
    Found ! [22/01/2009 20:22] - "C:\Documents and Settings\Thomas\Application Data\drivers"
    Found ! [23/01/2009 15:34] - "C:\Documents and Settings\Thomas\Application Data\drivers\srosa2.sys"
    Found ! [23/01/2009 15:34] - "C:\Documents and Settings\Thomas\Application Data\drivers\wfsintwq.sys"
    Found ! [26/02/2004 06:03] - "C:\Documents and Settings\Thomas\Application Data\drivers\winupgro.exe"
    Found ! [23/01/2009 15:39] - "C:\Documents and Settings\Thomas\Application Data\drivers\downld"

    ################## [ C:\DOCUME~1\Thomas\LOCALS~1\Temp ]

    Found ! - C:\DOCUME~1\Thomas\LOCALS~1\Temp\IncrediMail\IMInstall\Contents\Sound\tchaikovsky_the_nutcracker.imw

    \\\\\\\\\\\\\\\\\\ [ Registre / Startup ] ///////////////////

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
    SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater=
    <NO NAME>=

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    Smapp=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    Club-Internet_McciTrayApp=C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
    avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    ISUSPM Startup="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -startup
    ISUSScheduler="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
    Installed=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
    NoChange=1
    Installed=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
    Installed=1
    <NO NAME>=

    [HKEY_CURRENT_USER\software\local appwizard-generated applications\msnmsgr]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\patch]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

    \\\\\\\\\\\\\\\\\\ [ Registre / Clés infectieuses ] ///////////////////


    Found ! - HKEY_USERS\S-1-5-21-842925246-299502267-725345543-1003\Software\Local AppWizard-Generated Applications\msnmsgr
    Found ! - HKEY_USERS\S-1-5-21-842925246-299502267-725345543-1003\Software\Local AppWizard-Generated Applications\patch
    Found ! - HKEY_USERS\S-1-5-21-842925246-299502267-725345543-1003\Software\Local AppWizard-Generated Applications\winupgro
    Found ! - HKEY_USERS\S-1-5-21-842925246-299502267-725345543-1003\Software\bisoft
    Found ! - HKEY_USERS\S-1-5-21-842925246-299502267-725345543-1003\Software\DateTime4
    Found ! - HKEY_USERS\S-1-5-21-842925246-299502267-725345543-1003\Software\FFC
    Found ! - HKEY_USERS\S-1-5-21-842925246-299502267-725345543-1003\Software\FirtR
    Found ! - HKEY_USERS\S-1-5-21-842925246-299502267-725345543-1003\Software\MuleAppData
    Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
    Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\patch
    Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sK9Ou0s
    Found ! - HKEY_CURRENT_USER\Software\bisoft
    Found ! - HKEY_CURRENT_USER\Software\DateTime4
    Found ! - HKEY_CURRENT_USER\Software\FirtR
    Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | drvsyskit
    Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | german.exe
    Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | mule_st_key

    /!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
    /!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

    \\\\\\\\\\\\\\\\\\ [ Etat / Services ] ///////////////////

    # Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

    /!\ Mode sans echec non fonctionnel !!

    # Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

    /!\ Mode sans echec non fonctionnel !!

    # Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

    /!\ Mode sans echec non fonctionnel !!


    # Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

    /!\ Ndisuio - # Type de démarrage = 4

    EapHost - # Type de démarrage = 3

    /!\ Ip6Fw - # Type de démarrage = 4

    SharedAccess - # Type de démarrage = 2

    wuauserv - # Type de démarrage = 2

    /!\ wscsvc - # Type de démarrage = 4


    \\\\\\\\\\\\\\\\\\ [ Recherche dans supports amovibles] ///////////////////


    # Informations :

    C: - Lecteur fixe


    # presence des fichiers :



    \\\\\\\\\\\\\\\\\\ [ Registre / Mountpoint2 ] ///////////////////


    -> Not found !


    ################## [ ! Fin du rapport # FindyKill V4.714 ! ]
    m
    0
    l
    a c 267 8 Sécurité
    23 Janvier 2009 16:41:27

  • Supprime le fichier qui t'a infecté (Crack par exemple).
  • Double-clique sur le raccourci FindyKill sur ton Bureau.
  • Au menu principal, choisis l'option 2 (Suppression).

    /!\ Il y aura un redémarrage, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

  • Ensuite, poste le rapport FindyKill.txt

    Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
    m
    0
    l
    23 Janvier 2009 17:05:25

    Voila j'ai fait l'option 2

    et voici le nouveau rapport :



    ###################### [ FindyKill V4.714 ]

    # User : Thomas - C-C08A9E6BF21A4
    # Emplacement : C:\Program Files\FindyKill
    # Outils Mis a jours le 19/01/09 par Chiquitine29
    # Recherche effectuée à 17:02:19 le 23/01/2009
    # Windows XP - Internet Explorer 6.0.2900.5512

    # [ FindyKill V4.714 - Scan ] ##############

    \\\\\\\\\\\\\\\\\\\\ [ Processus actifs ] ///////////////////


    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Thomas\Application Data\drivers\winupgro.exe
    C:\Documents and Settings\Thomas\Application Data\m\flec006.exe
    C:\WINDOWS\system32\wintems.exe
    C:\Program Files\Hercules\WiFi Station\WifiStation.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe

    \\\\\\\\\\\\\\\\\\ [ Processus infectieux stoppés ] ///////////////////


    "C:\Documents and Settings\Thomas\Application Data\drivers\winupgro.exe" (1220)
    "C:\Documents and Settings\Thomas\Application Data\m\flec006.exe" (172)
    "C:\WINDOWS\system32\wintems.exe" (200)


    \\\\\\\\\\\\\\\\\\ [ Fichiers/Dossiers infectieux ] ///////////////////


    ################## [ C:\ ]


    ################## [ C:\WINDOWS ]


    ################## [ C:\WINDOWS\Prefetch ]

    Found ! - C:\WINDOWS\prefetch\14997078.EXE-115A841F.pf
    Found ! - C:\WINDOWS\prefetch\15004546.EXE-3915C34D.pf
    Found ! - C:\WINDOWS\prefetch\15112062.EXE-2A55AAE5.pf
    Found ! - C:\WINDOWS\prefetch\15182921.EXE-225A826A.pf
    Found ! - C:\WINDOWS\prefetch\15189625.EXE-1F1D42B8.pf
    Found ! - C:\WINDOWS\prefetch\229765.EXE-01F6E52B.pf
    Found ! - C:\WINDOWS\prefetch\238406.EXE-1B6070E2.pf
    Found ! - C:\WINDOWS\prefetch\241953.EXE-34C90CF2.pf
    Found ! - C:\WINDOWS\prefetch\284671.EXE-085EAE24.pf
    Found ! - C:\WINDOWS\prefetch\297640.EXE-322FC87B.pf
    Found ! - C:\WINDOWS\prefetch\385500.EXE-3AD20E20.pf
    Found ! - C:\WINDOWS\prefetch\426609.EXE-02DC20A6.pf
    Found ! - C:\WINDOWS\prefetch\453984.EXE-08D0D01B.pf
    Found ! - C:\WINDOWS\prefetch\484390.EXE-1C56819E.pf
    Found ! - C:\WINDOWS\prefetch\491640.EXE-2EBAD65A.pf
    Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-2D39EA54.pf
    Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
    Found ! - C:\WINDOWS\Prefetch\REF HOTKEY.EXE-07D507FC.pf
    Found ! - C:\WINDOWS\Prefetch\REFHOTKEY-INSTALL.EXE-152F8898.pf
    Found ! - C:\WINDOWS\Prefetch\PATCH.EXE-2810D9FA.pf

    ################## [ C:\WINDOWS\system32 ]

    Found ! [23/01/2009 15:38] - C:\WINDOWS\system32\mdelk.exe
    Found ! [23/01/2009 15:38] - C:\WINDOWS\system32\wintems.exe
    Found ! [23/01/2009 16:59] - C:\WINDOWS\system32\ban_list.txt

    ################## [ C:\WINDOWS\system32\drivers ]


    ################## [ C:\Documents and Settings\Thomas\Application Data ]

    Found ! [23/01/2009 15:36] - "C:\Documents and Settings\Thomas\Application Data\m\flec006.exe"
    Found ! [23/01/2009 15:37] - "C:\Documents and Settings\Thomas\Application Data\m\list.oct"
    Found ! [23/01/2009 15:37] - "C:\Documents and Settings\Thomas\Application Data\m\data.oct"
    Found ! [23/01/2009 15:37] - "C:\Documents and Settings\Thomas\Application Data\m\srvlist.oct"
    Found ! [23/01/2009 17:01] - "C:\Documents and Settings\Thomas\Application Data\m\shared"
    Found ! [22/01/2009 20:27] - "C:\Documents and Settings\Thomas\Application Data\m"
    Found ! [22/01/2009 20:22] - "C:\Documents and Settings\Thomas\Application Data\drivers"
    Found ! [23/01/2009 16:59] - "C:\Documents and Settings\Thomas\Application Data\drivers\srosa2.sys"
    Found ! [23/01/2009 16:59] - "C:\Documents and Settings\Thomas\Application Data\drivers\wfsintwq.sys"
    Found ! [26/02/2004 06:03] - "C:\Documents and Settings\Thomas\Application Data\drivers\winupgro.exe"
    Found ! [23/01/2009 17:01] - "C:\Documents and Settings\Thomas\Application Data\drivers\downld"

    ################## [ C:\DOCUME~1\Thomas\LOCALS~1\Temp ]

    Found ! - C:\DOCUME~1\Thomas\LOCALS~1\Temp\IncrediMail\IMInstall\Contents\Sound\tchaikovsky_the_nutcracker.imw

    \\\\\\\\\\\\\\\\\\ [ Registre / Startup ] ///////////////////

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
    SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater=
    <NO NAME>=

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    Smapp=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    Club-Internet_McciTrayApp=C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
    avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    ISUSPM Startup="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -startup
    ISUSScheduler="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
    Installed=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
    NoChange=1
    Installed=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
    Installed=1
    <NO NAME>=

    [HKEY_CURRENT_USER\software\local appwizard-generated applications\msnmsgr]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\patch]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

    \\\\\\\\\\\\\\\\\\ [ Registre / Clés infectieuses ] ///////////////////


    Found ! - HKEY_USERS\S-1-5-21-842925246-299502267-725345543-1003\Software\Local AppWizard-Generated Applications\msnmsgr
    Found ! - HKEY_USERS\S-1-5-21-842925246-299502267-725345543-1003\Software\Local AppWizard-Generated Applications\patch
    Found ! - HKEY_USERS\S-1-5-21-842925246-299502267-725345543-1003\Software\Local AppWizard-Generated Applications\winupgro
    Found ! - HKEY_USERS\S-1-5-21-842925246-299502267-725345543-1003\Software\bisoft
    Found ! - HKEY_USERS\S-1-5-21-842925246-299502267-725345543-1003\Software\DateTime4
    Found ! - HKEY_USERS\S-1-5-21-842925246-299502267-725345543-1003\Software\FFC
    Found ! - HKEY_USERS\S-1-5-21-842925246-299502267-725345543-1003\Software\FirtR
    Found ! - HKEY_USERS\S-1-5-21-842925246-299502267-725345543-1003\Software\MuleAppData
    Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
    Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\patch
    Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sK9Ou0s
    Found ! - HKEY_CURRENT_USER\Software\bisoft
    Found ! - HKEY_CURRENT_USER\Software\DateTime4
    Found ! - HKEY_CURRENT_USER\Software\FirtR
    Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | drvsyskit
    Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | german.exe
    Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | mule_st_key

    /!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
    /!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

    \\\\\\\\\\\\\\\\\\ [ Etat / Services ] ///////////////////

    # Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

    /!\ Mode sans echec non fonctionnel !!

    # Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

    /!\ Mode sans echec non fonctionnel !!

    # Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

    /!\ Mode sans echec non fonctionnel !!


    # Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

    /!\ Ndisuio - # Type de démarrage = 4

    EapHost - # Type de démarrage = 3

    /!\ Ip6Fw - # Type de démarrage = 4

    /!\ SharedAccess - # Type de démarrage = 4

    /!\ wuauserv - # Type de démarrage = 4

    /!\ wscsvc - # Type de démarrage = 4


    \\\\\\\\\\\\\\\\\\ [ Recherche dans supports amovibles] ///////////////////


    # Informations :

    C: - Lecteur fixe


    # presence des fichiers :



    \\\\\\\\\\\\\\\\\\ [ Registre / Mountpoint2 ] ///////////////////


    -> Not found !


    ################## [ ! Fin du rapport # FindyKill V4.714 ! ]


    Citation :
    * Supprime le fichier qui t'a infecté


    Comment savoir quel fichier supprimer ?
    m
    0
    l
    a c 267 8 Sécurité
    23 Janvier 2009 17:10:48

    Citation :
    Comment savoir quel fichier supprimer ?

    ---> Je ne peux pas le deviner, Bagle n'est pas venu par hasard. Ton PC ne sait pas éteint tout seul hier ?

    Le rapport que tu me montres est l'option 1 et non l'option 2.
    m
    0
    l
    23 Janvier 2009 17:25:04

    Citation :
    Bagle n'est pas venu par hasard.


    Oui c'est vrais que hier j'ai télécharger pas mal de logiciel pour envoyer des email en masse mes j'ai tous supprimer .

    Quand je fait l'option 2 mon pc s'éteint et quand il redémarre il me marque :



    m
    0
    l
    a c 267 8 Sécurité
    23 Janvier 2009 17:33:14

    Citation :
    Oui c'est vrais que hier j'ai télécharger pas mal de logiciel pour envoyer des email en masse mes j'ai tous supprimer .

    ---> Je te confirme que l'infection Bagle vient de là ;) 

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) en prenant soin de le renommer en KillBagle avant de l'enregistrer sur le Bureau.
  • Double-clique sur KillBagle.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    m
    0
    l
    23 Janvier 2009 18:04:37

    Voila le rapport :

    ComboFix 09-01-21.04 - Thomas 2009-01-23 17:52:01.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.503.311 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Thomas\Bureau\KillBagle.exe
    AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Thomas\Application Data\drivers\downld
    c:\documents and settings\Thomas\Application Data\drivers\downld\146062.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\147015.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\147296.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\14841859.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\14845765.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\14845953.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\14971765.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\14972562.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\14972921.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\14997078.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\15004546.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\15063296.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\15063437.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\15063500.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\15066765.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\15066781.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\15066796.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\15076000.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\15076968.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\15077437.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\15078109.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\15078921.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\15079359.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\15105156.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\15105625.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\15105968.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\15112062.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\15189625.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\15196156.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\15196406.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\15196500.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\156890.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\158093.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\158375.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\170000.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\170687.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\170984.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\172953.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\175375.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\180890.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\186140.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\189218.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\204812.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\211265.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\211906.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\212187.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\219015.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\219671.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\219734.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\219750.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\220921.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\221218.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\221843.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\223046.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\223109.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\226046.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\226625.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\226640.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\228593.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\229484.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\229765.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\231453.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\232640.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\233093.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\234046.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\234718.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\235140.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\237625.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\238406.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\238750.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\239171.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\239828.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\239843.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\240421.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\240515.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\240953.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\241953.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\242828.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\246953.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\246968.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\253531.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\254125.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\254406.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\254968.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\256171.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\256687.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\257359.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\258078.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\258531.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\258828.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\259031.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\259625.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\259953.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\264734.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\279640.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\280296.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\280578.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\284671.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\284750.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\294734.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\297640.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\299875.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\299984.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\300437.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\300484.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\300515.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\301500.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\301656.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\302750.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\303171.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\303281.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\304203.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\304765.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\307140.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\307812.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\307828.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\318765.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\319937.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\320359.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\321031.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\321703.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\322125.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\338078.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\341484.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\342046.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\344875.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\345656.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\345703.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\345718.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\345906.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\346000.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\346562.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\346765.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\346781.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\346843.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\348515.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\349250.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\350234.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\350984.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\351000.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\351484.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\357593.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\358750.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\359140.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\359734.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\359843.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\360468.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\360875.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\360890.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\361328.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\362140.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\362953.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\362984.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\363390.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\363640.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\379687.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\380250.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\380593.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\385500.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\389906.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\390203.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\390234.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\390312.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\391015.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\391359.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\408828.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\421468.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\438609.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\439015.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\439078.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\453984.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\491640.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\497156.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\497640.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\497718.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\54968.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\55484.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\55500.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\60484.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\60875.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\62687.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\63078.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\63125.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\75250.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\75906.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\82609.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\82890.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\82921.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\83062.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\84593.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\85015.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\85031.exe
    c:\documents and settings\Thomas\Application Data\drivers\downld\85046.exe
    c:\documents and settings\Thomas\Application Data\drivers\srosa2.sys
    c:\documents and settings\Thomas\Application Data\drivers\wfsintwq.sys
    c:\documents and settings\Thomas\Application Data\drivers\winupgro.exe
    c:\documents and settings\Thomas\Application Data\m
    c:\documents and settings\Thomas\Application Data\m\data.oct
    c:\documents and settings\Thomas\Application Data\m\flec006.exe
    c:\documents and settings\Thomas\Application Data\m\list.oct
    c:\documents and settings\Thomas\Application Data\m\shared\.Net dll tool 0.11.zip
    c:\documents and settings\Thomas\Application Data\m\shared\12Ghosts Backup 9.50.132.5502.zip
    c:\documents and settings\Thomas\Application Data\m\shared\3D Stacked Vertical Bar Graph Software 4.6.zip
    c:\documents and settings\Thomas\Application Data\m\shared\50-632 Free Test Exam Questions 10.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Abdio PDF Creator 6.2.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Advanced Form Creator and Processor 2.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Afree DVD Ripper Platinum 5.2.zip
    c:\documents and settings\Thomas\Application Data\m\shared\AlterWind Log Analyzer Standard 4.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Amazing Fractal Visions Screensaver 2.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Amond DVD to Apple TV Converter 3.1.2.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Anti-Spy.Info adware remover 1.7.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Anti-Twin 1.8.zip
    c:\documents and settings\Thomas\Application Data\m\shared\APPOINT 2.7.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Appointments 1.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\ARIA Business Management 0.99.6.zip
    c:\documents and settings\Thomas\Application Data\m\shared\ASPNetVideo 2.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Atomic Email Logger 4.04.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Audio Convert Magic 7.4.0.10.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Audio MP3 Maker Deluxe 1.16.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Autorun Creator 1.9.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Avast!-kG.zip
    c:\documents and settings\Thomas\Application Data\m\shared\avast.4.5pro.fr.zip
    c:\documents and settings\Thomas\Application Data\m\shared\AVG.Antivirus.7.5.433.904.Ita.+.serial.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Avg.Internet.Security.7.5.Keygen.zip
    c:\documents and settings\Thomas\Application Data\m\shared\AVR Pas2asm Editor 1.1.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Babya Wavettes 1.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Basic Crystal Package - Icon Collections New.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Battery Doubler 1.2.1.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Bestel Video to DVD Creator 1.2.5.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Beyond Sync 3.5.8.135.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Bidolay 1.00.zip
    c:\documents and settings\Thomas\Application Data\m\shared\BlueBox 1.0.0.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Bookmarker Firefox Add-on 3.0.20080913.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Bubbles Theme 2.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Bullet Reader 1.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\BusinessCards 6.02.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Calendar Magic 17.11.zip
    c:\documents and settings\Thomas\Application Data\m\shared\ColorBtn 7.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Convert DVD to iPod 2.00.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Daisy Pipeline GUI 1.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Data Master 2003 11.8.0.335.zip
    c:\documents and settings\Thomas\Application Data\m\shared\DBF to MDB (Access) 2.05.zip
    c:\documents and settings\Thomas\Application Data\m\shared\DDert 1.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Digital Clock 1.0.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Digital Photo Recovery 2.1.9.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Displaying 86001 - 88000 of 107598.zip
    c:\documents and settings\Thomas\Application Data\m\shared\EngInSite CSS Editor 1.2.4.321.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Estimator 2.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\EventTracker 5.4 Build 19.zip
    c:\documents and settings\Thomas\Application Data\m\shared\EW0-100 - Extreme Networks Associate Practice Exam Questions 1.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Exit Windows 1.00.zip
    c:\documents and settings\Thomas\Application Data\m\shared\eXPert PDF ViewerX Control 1.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\FileHelper 1.2.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Financial Advisor for Excel Standard 3.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\First Borders Focus 1.1.2.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Flash in a Shell 1.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Flash Video MX SDK V2 2.0.4.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\FORTUNA DOT REGULAR 1.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Garden Flash Template 1.0 build 2006.07.27.zip
    c:\documents and settings\Thomas\Application Data\m\shared\GIOCHI NOKIA-Crash n'burn.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Glossy 1.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Goblins' Festival 3D Screensaver 1.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Gooey 1.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\GW Debug 1.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\HD Tune Pro 3.10.zip
    c:\documents and settings\Thomas\Application Data\m\shared\His Grepship 4.3.0.4.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Home Credit Card 3.0.050611.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Horror of All Caps.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Hypercube Time Stretcher 1.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\iCoverArt 1.1.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Image armada freeware 1.5 1.5.zip
    c:\documents and settings\Thomas\Application Data\m\shared\InfoTainment Player 1.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\ITA Monitor 2.01.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Japplis Toolbox 1.1.zip
    c:\documents and settings\Thomas\Application Data\m\shared\JDataGrid Spreadsheet Edition 2.7.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Kaspersky.Anti.Virus.v6.0.0.299cue.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Kaspersky_Internet_Security_2006_6.0.0.300_RUS_Final_Cracked.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Lanap BotDetect ASP.NET CAPTCHA 2.0.12.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\LingvoSoft Learning PhraseBook 2008 German - Armenian 2.3.86.zip
    c:\documents and settings\Thomas\Application Data\m\shared\LiteCommerce 2.1 build 50216.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Lottery 1.10.zip
    c:\documents and settings\Thomas\Application Data\m\shared\MaxtoCode Standard 3.0.7.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Microsoft Silverlight Tools for Visual Studio 2008 SP1 9.0.30729.143 RC1.zip
    c:\documents and settings\Thomas\Application Data\m\shared\MiniMute 1.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Moyea PPT to DVD Burner Lite 1.2.3.30.zip
    c:\documents and settings\Thomas\Application Data\m\shared\mozillacons.zip
    c:\documents and settings\Thomas\Application Data\m\shared\My3DEngine 1.0.18.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Navi's Web Downloader 1.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\NOD32.for.Windows.NT20002003XP.32.64-bit.admin.rus.v2.51.26.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Nod32_sufterraneo.tk.zip
    c:\documents and settings\Thomas\Application Data\m\shared\NoIndent 1.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Outlook Express Backup Tiger 1.3.1.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Page O' Labels for File Folders 2.90.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Panoramic Screensaver 1.1.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Photo Pos Pro 1.62.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Photo Presenter 1.0.1.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Portable IMAPSize 0.3.6.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Portable StreamFinder 1.2.0.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Portable WavRec 2.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Precious Metals Quotes 1.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Progressive Traffic Widget 1.05.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Protector Plus for NetWare 8.0.C89.zip
    c:\documents and settings\Thomas\Application Data\m\shared\PubOOo 0.3.5.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Radio JAPAN toolbar for IE 4.5.128.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Recipe Finder 1.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Registry Optimizer 2007 3.0.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\RETROclock 1.2.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Robosoft 3.1 Build 561.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Rsyncrypto 1.04.zip
    c:\documents and settings\Thomas\Application Data\m\shared\SecTok 1.00.00.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Secured Downloading of route mobile 7 crackeado n95 with New Secured eMule0.47c.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Settings Sentry 1.1.zip
    c:\documents and settings\Thomas\Application Data\m\shared\SLInvest 1.3.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Snacks Animated Cursors 1.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Soccer Assistant 1.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Softwebrity 2.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Stop watch 1.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\SWOT System 1.1.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Sync For SQLServer 1.5.3191.31291.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Thunderled 0.2.3.9.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Ultra Passwords 1.01.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Unit Converter 1.06.zip
    c:\documents and settings\Thomas\Application Data\m\shared\VPN-X Server 2.2.1.28.zip
    c:\documents and settings\Thomas\Application Data\m\shared\What The Bible Says About 1.03.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Whizlabs Oracle 8i DBA Certification Exam (1Z0-023) Simulator 5.2.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Windows Tips 1.0.zip
    c:\documents and settings\Thomas\Application Data\m\shared\Wondershare Video to Walkman Converter 4.0.3.7.zip
    c:\documents and settings\Thomas\Application Data\m\shared\World Clock 3.0.3.zip
    c:\documents and settings\Thomas\Application Data\m\srvlist.oct
    c:\program files\Windows Live\Messenger\msnmsgr.exe
    c:\windows\system32\ban_list.txt
    c:\windows\system32\mdelk.exe
    c:\windows\system32\msssc.dll
    c:\windows\system32\wintems.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_SROSA
    -------\Legacy_SROSA
    -------\Legacy_SK9OU0S
    -------\Service_sK9Ou0s


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-23 au 2009-01-23 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-23 16:34 . 2009-01-23 17:03 <REP> d-------- c:\program files\FindyKill
    2009-01-23 15:41 . 2009-01-23 15:43 <REP> d----c--- C:\Rooter$
    2009-01-23 15:40 . 2009-01-23 17:12 401,720 --a------ C:\HiJackThis.exe
    2009-01-23 15:21 . 2009-01-23 15:21 <REP> d-------- c:\program files\IncrediMail
    2009-01-22 20:18 . 2009-01-23 17:54 <REP> d--h----- c:\documents and settings\Thomas\Application Data\drivers
    2009-01-22 20:00 . 2009-01-22 20:00 <REP> d-------- c:\documents and settings\Thomas\Application Data\Oxemis
    2009-01-22 19:55 . 2009-01-22 19:55 <REP> d-------- c:\documents and settings\All Users\Application Data\PC SOFT
    2009-01-22 13:58 . 2009-01-22 13:58 <REP> d-------- c:\program files\Microsoft Silverlight
    2009-01-21 20:18 . 2009-01-21 20:18 436 --a------ c:\windows\mon site internet
    2009-01-21 20:06 . 2009-01-23 15:21 <REP> d-------- c:\program files\Ref Hotkey
    2009-01-16 20:23 . 2009-01-16 20:23 <REP> d-------- c:\documents and settings\All Users\Application Data\InstallShield
    2009-01-16 20:14 . 2005-08-11 15:29 73,728 --a------ c:\windows\system32\ISUSPM.cpl
    2009-01-16 13:44 . 2009-01-16 13:49 <REP> d-------- c:\program files\Live-Player
    2009-01-15 19:07 . 2009-01-15 19:07 <REP> d-------- c:\program files\AIDA32 - Personal System Information
    2009-01-12 18:19 . 2009-01-14 17:20 <REP> d-------- c:\program files\Google
    2008-12-31 17:15 . 2008-12-31 17:15 <REP> d-------- c:\documents and settings\Thomas\Application Data\Yahoo!
    2008-12-31 15:07 . 2008-12-31 15:07 <REP> d-------- c:\program files\Fichiers communs\DirectX
    2008-12-31 14:58 . 2008-12-31 14:58 <REP> d-------- c:\program files\EA GAMES
    2008-12-30 17:51 . 2008-12-30 17:51 <REP> d-------- c:\program files\Domain Tools
    2008-12-30 14:15 . 2004-06-18 13:07 656,542 --a--c--- C:\271_icol.dll
    2008-12-30 12:40 . 2008-12-30 12:40 <REP> d-------- c:\documents and settings\Thomas\Application Data\FindeXer
    2008-12-30 12:28 . 2008-12-30 12:28 <REP> d-------- c:\program files\RK Launcher
    2008-12-30 12:28 . 2009-01-01 15:05 <REP> d-------- c:\program files\CursorXP
    2008-12-30 12:22 . 2008-12-30 12:30 7,848 --a------ c:\windows\BricoPackFoldersDelete.cmd
    2008-12-29 17:46 . 2008-12-29 17:46 <REP> d-------- c:\program files\Circle Developement
    2008-12-29 17:37 . 2009-01-22 09:03 <REP> d-------- c:\documents and settings\Thomas\Tracing
    2008-12-29 17:35 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
    2008-12-29 17:33 . 2008-12-29 17:33 <REP> d-------- c:\program files\Microsoft
    2008-12-29 17:22 . 2008-12-29 17:22 <REP> d-------- c:\program files\Fichiers communs\Windows Live
    2008-12-28 18:27 . 2009-01-22 15:32 <REP> d-------- c:\documents and settings\Thomas\Application Data\dvdcss
    2008-12-28 17:18 . 2008-12-28 17:18 268 --ah-c--- C:\sqmdata01.sqm
    2008-12-28 17:18 . 2008-12-28 17:18 244 --ah-c--- C:\sqmnoopt02.sqm
    2008-12-28 17:18 . 2008-12-28 17:18 244 --ah-c--- C:\sqmnoopt01.sqm
    2008-12-28 17:18 . 2008-12-28 17:18 232 --ah-c--- C:\sqmdata02.sqm
    2008-12-28 11:20 . 2008-12-28 17:22 1,890 --ahs---- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
    2008-12-28 11:20 . 2008-12-28 11:39 88 -r-hs---- c:\documents and settings\All Users\Application Data\F8F9D89AF8.sys
    2008-12-28 11:14 . 2008-12-28 11:14 <REP> d-------- c:\program files\RPG Maker VX
    2008-12-27 20:51 . 2008-12-27 20:51 <REP> d-------- c:\documents and settings\Thomas\Application Data\vlc

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-23 15:54 --------- d-----w c:\documents and settings\Thomas\Application Data\FileZilla
    2009-01-23 15:52 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-22 18:42 --------- d-----w c:\program files\Mozilla Thunderbird
    2009-01-19 16:50 --------- d-----w c:\documents and settings\Thomas\Application Data\LimeWire
    2009-01-16 19:14 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-16 19:14 --------- d-----w c:\program files\Gpotato.eu
    2009-01-16 19:14 --------- d-----w c:\program files\Fichiers communs\InstallShield
    2009-01-16 19:03 --------- d-----w c:\documents and settings\Thomas\Application Data\Azureus
    2009-01-15 14:44 --------- d-----w c:\program files\Messenger Plus! Live
    2009-01-14 13:18 --------- d-----w c:\program files\Image-Line
    2009-01-14 13:17 --------- d-----w c:\program files\VstPlugins
    2009-01-13 17:11 --------- d-----w c:\program files\Spybot - Search & Destroy
    2009-01-01 14:09 --------- d-----w c:\program files\Yahoo!
    2008-12-31 16:15 --------- d-----w c:\program files\CCleaner
    2008-12-30 11:30 154,622 ----a-w c:\windows\BricoPackUninst.cmd
    2008-12-29 16:35 --------- d-----w c:\program files\Windows Live
    2008-12-21 17:24 --------- d-----w c:\program files\DivX
    2008-12-21 17:23 --------- d-----w c:\program files\VirtualDJ
    2008-12-21 17:22 --------- d-----w c:\program files\Fichiers communs\Logitech
    2008-12-21 17:14 --------- d-----w c:\program files\Logitech
    2008-12-21 17:14 --------- d-----w c:\program files\Fichiers communs\logishrd
    2008-12-21 17:14 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
    2008-12-21 14:02 --------- d-----w c:\program files\VideoLAN
    2008-12-21 13:59 --------- d-----w c:\documents and settings\Thomas\Application Data\Winamp
    2008-12-21 11:08 --------- d-----w c:\program files\Winamp
    2008-12-18 16:43 --------- d-----w c:\program files\Fichiers communs\Adobe
    2008-12-18 16:36 --------- d-----w c:\program files\QuickTime
    2008-12-14 17:30 --------- d-----w c:\documents and settings\Thomas\Application Data\Thunderbird
    2008-12-12 20:30 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
    2008-12-12 20:29 --------- d-----w c:\program files\MSXML 4.0
    2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
    2008-12-07 19:30 --------- d-----w c:\program files\Avira
    2008-12-07 19:30 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
    2008-12-07 12:14 --------- d-----w c:\program files\Vietcong
    2008-12-07 10:29 --------- d-----w c:\program files\LMSOFT Web Creator Pro 4
    2008-12-07 10:16 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
    2008-12-07 10:14 --------- d-----w c:\program files\Java
    2008-12-06 18:09 --------- d-----w c:\program files\Fichiers communs\NSV
    2008-12-06 15:07 --------- d-----w c:\documents and settings\Thomas\Application Data\Ulead Systems
    2008-12-06 10:26 --------- d-----w c:\program files\Bonjour
    2008-12-06 10:23 --------- d-----w c:\program files\Nvu
    2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
    2008-11-29 12:51 --------- d-----w c:\documents and settings\Thomas\Application Data\~LM00008.tmp
    2008-11-29 12:11 --------- d-----w c:\documents and settings\Thomas\Application Data\~LM00007.tmp
    2008-11-29 11:59 --------- d-----w c:\documents and settings\Thomas\Application Data\~LM00006.tmp
    2008-11-27 18:03 --------- d-----w c:\documents and settings\All Users\Application Data\IM
    2008-11-27 18:02 --------- d-----w c:\documents and settings\All Users\Application Data\IncrediMail
    2008-11-07 18:50 30 ----a-w c:\documents and settings\Thomas\jagex_runescape_preferences.dat
    2008-10-31 14:59 2,840 ----a-w c:\documents and settings\Thomas\master.dat
    2008-10-29 16:57 155,995 ----a-w c:\windows\java\Packages\AQ937L33.ZIP
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
    "Club-Internet_McciTrayApp"="c:\program files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe" [2005-06-02 543232]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2009-01-23 266497]
    "ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
    "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    WiFi Station.lnk - c:\program files\Hercules\WiFi Station\WifiStation.exe [2008-10-30 654336]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Docteur Club Internet.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Docteur Club Internet.lnk
    backup=c:\windows\pss\Docteur Club Internet.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    --a------ 2007-01-13 10:47 163840 c:\windows\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    --a------ 2007-01-13 10:47 131072 c:\windows\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-10-01 18:57 289576 c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a------ 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    --a------ 2007-01-13 10:46 135168 c:\windows\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-11-10 05:43 136600 c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    --a------ 2008-08-04 00:02 36352 c:\program files\Winamp\winampa.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
    "c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Adobe\\Adobe Flash CS3\\Flash.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

    S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\gPotato.eu\Rappelz\GameGuard\dump_wmimmc.sys --> c:\program files\gPotato.eu\Rappelz\GameGuard\dump_wmimmc.sys [?]
    S3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [2006-11-01 3328]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    WebBrowser-{32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
    HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
    HKCU-Run-ykmywyy - c:\documents and settings\thomas\local settings\application data\ykmywyy.exe
    MSConfigStartUp-UpdateManager - c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe


    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://mystart.incredimail.com/french/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\4akfvo5p.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/
    FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
    FF - component: c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\4akfvo5p.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-23 17:57:44
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-01-23 18:02:45 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-01-23 17:02:41

    Avant-CF: 44,238,458,880 octets libres
    Après-CF: 44,077,158,400 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptOut

    Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
    559 --- E O F --- 2009-01-15 14:02:52
    m
    0
    l
    a c 267 8 Sécurité
    23 Janvier 2009 18:12:30

    Bien, réessaie l'option 2 de FindyKill.
    m
    0
    l
    23 Janvier 2009 18:26:44

    voici l'option 2 de findykill :



    ###################### [ FindyKill V4.714 ]

    # User : Thomas - C-C08A9E6BF21A4
    # Executed from : C:\Program Files\FindyKill
    # Update on 19/01/09 by Chiquitine29
    # Start at 18:15:33 the 23/01/2009
    # Windows XP - Internet Explorer 6.0.2900.5512

    # [ FindyKill V4.714 - Deleting ] ###############

    \\\\\\\\\\\\\\\\\\ [ Active Processes ] ///////////////////


    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    \\\\\\\\\\\\\\\\\\ [ Infected Files / Folders ] ///////////////////


    ################## [ C:\ ]


    ################## [ C:\WINDOWS ]


    ################## [ C:\WINDOWS\Prefetch ]

    Deleted ! - C:\WINDOWS\prefetch\14997078.EXE-115A841F.pf
    Deleted ! - C:\WINDOWS\prefetch\15004546.EXE-3915C34D.pf
    Deleted ! - C:\WINDOWS\prefetch\15112062.EXE-2A55AAE5.pf
    Deleted ! - C:\WINDOWS\prefetch\15182921.EXE-225A826A.pf
    Deleted ! - C:\WINDOWS\prefetch\15189625.EXE-1F1D42B8.pf
    Deleted ! - C:\WINDOWS\prefetch\229765.EXE-01F6E52B.pf
    Deleted ! - C:\WINDOWS\prefetch\238406.EXE-1B6070E2.pf
    Deleted ! - C:\WINDOWS\prefetch\241953.EXE-34C90CF2.pf
    Deleted ! - C:\WINDOWS\prefetch\284671.EXE-085EAE24.pf
    Deleted ! - C:\WINDOWS\prefetch\297640.EXE-322FC87B.pf
    Deleted ! - C:\WINDOWS\prefetch\385500.EXE-3AD20E20.pf
    Deleted ! - C:\WINDOWS\prefetch\426609.EXE-02DC20A6.pf
    Deleted ! - C:\WINDOWS\prefetch\453984.EXE-08D0D01B.pf
    Deleted ! - C:\WINDOWS\prefetch\484390.EXE-1C56819E.pf
    Deleted ! - C:\WINDOWS\prefetch\491640.EXE-2EBAD65A.pf
    Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-2D39EA54.pf
    Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
    Deleted ! - C:\WINDOWS\prefetch\PATCH.EXE-2810D9FA.pf
    Deleted ! - C:\WINDOWS\prefetch\REF HOTKEY.EXE-07D507FC.pf
    Deleted ! - C:\WINDOWS\prefetch\REFHOTKEY-INSTALL.EXE-152F8898.pf
    Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf

    ################## [ C:\WINDOWS\system32 ]


    ################## [ C:\WINDOWS\system32\drivers ]


    ################## [ C:\Documents and Settings\Thomas\Application Data ]

    Deleted ! - "C:\Documents and Settings\Thomas\Application Data\drivers"

    ################## [ C:\DOCUME~1\Thomas\LOCALS~1\Temp ]


    ################## [ C:\Documents and Settings\Thomas\Local Settings\Temporary Internet Files\Content.IE5 ]


    \\\\\\\\\\\\\\\\\\ [ Registry / Infected keys ] ///////////////////

    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
    Deleted ! - HKEY_USERS\S-1-5-21-842925246-299502267-725345543-1003\Software\Local AppWizard-Generated Applications\msnmsgr
    Deleted ! - HKEY_USERS\S-1-5-21-842925246-299502267-725345543-1003\Software\Local AppWizard-Generated Applications\patch
    Deleted ! - HKEY_USERS\S-1-5-21-842925246-299502267-725345543-1003\Software\Local AppWizard-Generated Applications\winupgro

    \\\\\\\\\\\\\\\\\\ [ States / Restarting of services ] ///////////////////


    # Services : [ Auto=2 / Request=3 / Disable=4 ]

    Ndisuio - # Type of startup = 3

    EapHost - # Type of startup = 2

    Ip6Fw - # Type of startup = 2

    SharedAccess - # Type of startup = 2

    wuauserv - # Type of startup = 2

    wscsvc - # Type of startup = 2


    \\\\\\\\\\\\\\\\\\ [ Cleaning Removable drives ] ///////////////////

    # Informations :

    C: - Lecteur fixe


    # deleting files :


    \\\\\\\\\\\\\\\\\\ [ Registry / Mountpoint2 ] ///////////////////


    -> Not found !


    \\\\\\\\\\\\\\\\\\ [ Searching Other Infections ] ///////////////////
    m
    0
    l
    a c 267 8 Sécurité
    23 Janvier 2009 18:32:06

  • Réinstalle les applications qui ont été infectées (Antivirus...).

  • Télécharge Navilog1 (de IL-MAFIOSO) sur ton Bureau.
  • Double-clique sur Navilog1.exe afin de lancer l'installation.
  • Si le fix ne lance pas automatiquement après son installation, double-clique sur Navilog1 présent sur le Bureau.
  • Appuie sur F ou f puis valide par Entrée.
  • Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options.
  • Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix.
  • Patiente jusqu'au message : *** Analyse terminée le ..... ***
  • Le scan fini, le Bloc-notes contenant le rapport sera affiché, poste le contenu de ce rapport dans ta prochaine réponse.
  • Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\fixnavi.txt

    N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan.
    m
    0
    l
    23 Janvier 2009 18:42:54

    Le rapport :

    Search Navipromo version 3.7.1 commencé le 23/01/2009 à 18:34:21,95

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1

    Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
    BIOS : Default System BIOS
    USER : Thomas ( Administrator )
    BOOT : Normal boot

    Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)


    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:74 Go (Free:41 Go)
    D:\ (CD or DVD)
    E:\ (CD or DVD)


    Recherche executé en mode normal

    *** Recherche Programmes installés ***


    *** Recherche dossiers dans "C:\WINDOWS" ***


    *** Recherche dossiers dans "C:\Program Files" ***

    ...\Live-Player trouvé !

    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

    ...\Live-Player trouvé !

    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


    *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\Thomas\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\Thomas\locals~1\applic~1" ***

    ...\Live-Player trouvé !

    *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\Thomas\menudm~1\progra~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***


    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net



    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans "C:\WINDOWS\system32" *

    * Recherche dans "C:\Documents and Settings\Thomas\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *



    *** Recherche fichiers ***



    *** Recherche clés spécifiques dans le Registre ***
    !! Les clés trouvées ne sont pas forcément infectées !!


    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :


    2)Recherche Heuristique :

    * Dans "C:\WINDOWS\system32" :


    * Dans "C:\Documents and Settings\Thomas\locals~1\applic~1" :


    * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


    3)Recherche Certificats :

    Certificat Egroup absent !
    Certificat Electronic-Group absent !
    Certificat Montorgueil absent !
    Certificat OOO-Favorit absent !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche autres dossiers et fichiers connus :



    *** Analyse terminée le 23/01/2009 à 18:38:44,28 ***
    m
    0
    l
    a c 267 8 Sécurité
    23 Janvier 2009 18:47:22

  • Relance Navilog1, fais l'option 2 et poste le rapport (C:\cleannavi.txt).
    m
    0
    l
    23 Janvier 2009 18:55:04

    Le rapport :

    Clean Navipromo version 3.7.1 commencé le 23/01/2009 à 18:49:37,56

    Outil exécuté depuis C:\Program Files\navilog1

    Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
    BIOS : Default System BIOS
    USER : Thomas ( Administrator )
    BOOT : Normal boot

    Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)


    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:74 Go (Free:41 Go)
    D:\ (CD or DVD)
    E:\ (CD or DVD)


    Mode suppression automatique
    avec prise en charge résultats Catchme et GNS


    Nettoyage exécuté au redémarrage de l'ordinateur


    *** fsbl1.txt non trouvé ***
    (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


    *** Suppression avec sauvegardes résultats GenericNaviSearch ***

    * Suppression dans "C:\WINDOWS\System32" *


    * Suppression dans "C:\Documents and Settings\Thomas\locals~1\applic~1" *


    * Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *


    *** Suppression dossiers dans "C:\WINDOWS" ***


    *** Suppression dossiers dans "C:\Program Files" ***

    ...\Live-Player ...suppression...
    ...\Live-Player supprimé !


    *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

    ...\Live-Player ...suppression...
    ...\Live-Player supprimé !


    *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


    *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\Thomas\applic~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\Thomas\locals~1\applic~1" ***

    ...\Live-Player ...suppression...
    ...\Live-Player supprimé !


    *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\Thomas\menudm~1\progra~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***



    *** Suppression fichiers ***


    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\Thomas\locals~1\Temp effectué !

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

    2)Recherche, création sauvegardes et suppression Heuristique :


    * Dans "C:\WINDOWS\system32" *


    * Dans "C:\Documents and Settings\Thomas\locals~1\applic~1" *


    * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *


    *** Sauvegarde du Registre vers dossier Safebackup ***

    sauvegarde du Registre réalisée avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok


    *** Certificats ***

    Certificat Egroup absent !
    Certificat Electronic-Group absent !
    Certificat Montorgueil absent !
    Certificat OOO-Favorit absent !
    Certificat Sunny-Day-Design-Ltdt absent !

    *** Recherche autres dossiers et fichiers connus ***



    *** Nettoyage terminé le 23/01/2009 à 18:53:28,87 ***

    m
    0
    l
    a c 267 8 Sécurité
    23 Janvier 2009 18:59:46

  • Désinstalle Navilog1 et FindyKill.

  • Télécharge Lop S&D sur ton Bureau.
  • Double-clique dessus pour lancer l'installation.
  • Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
  • Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche) .
  • Patiente jusqu'à la fin du scan.
  • Poste le rapport généré (C:\lopR.txt).
    m
    0
    l
    23 Janvier 2009 19:09:38

    Rapport :


    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
    BIOS : Default System BIOS
    USER : Thomas ( Administrator )
    BOOT : Normal boot
    Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:74 Go (Free:40 Go)
    D:\ (CD or DVD)
    E:\ (CD or DVD)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [1] ( 23/01/2009|19:02 )

    --------------------\\ Listing des dossiers dans APPLIC~1

    [26/10/2008|21:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
    [30/10/2008|13:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
    [30/10/2008|13:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
    [30/10/2008|11:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

    [30/10/2008|14:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    [18/12/2008|17:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [30/10/2008|14:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [30/10/2008|14:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [07/12/2008|20:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    [30/10/2008|15:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
    [03/11/2008|19:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
    [16/11/2008|16:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
    [18/01/2009|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [27/11/2008|19:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM
    [27/11/2008|19:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail
    [16/01/2009|20:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [21/12/2008|18:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
    [21/11/2008|18:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
    [31/10/2008|10:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [29/12/2008|17:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [29/10/2008|17:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
    [22/01/2009|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC SOFT
    [23/01/2009|16:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [07/12/2008|11:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
    [16/12/2008|16:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [30/10/2008|14:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

    [26/10/2008|20:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [26/10/2008|20:49] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [26/10/2008|20:49] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [04/11/2008|20:24] C:\DOCUME~1\Thomas\APPLIC~1\~LM00001.tmp
    [04/11/2008|20:25] C:\DOCUME~1\Thomas\APPLIC~1\~LM00002.tmp
    [04/11/2008|20:46] C:\DOCUME~1\Thomas\APPLIC~1\~LM00003.tmp
    [05/11/2008|21:05] C:\DOCUME~1\Thomas\APPLIC~1\~LM00004.tmp
    [05/11/2008|21:06] C:\DOCUME~1\Thomas\APPLIC~1\~LM00005.tmp
    [29/11/2008|12:59] C:\DOCUME~1\Thomas\APPLIC~1\~LM00006.tmp
    [29/11/2008|13:11] C:\DOCUME~1\Thomas\APPLIC~1\~LM00007.tmp
    [29/11/2008|13:51] C:\DOCUME~1\Thomas\APPLIC~1\~LM00008.tmp
    [17/01/2009|10:58] C:\DOCUME~1\Thomas\APPLIC~1\Adobe
    [03/11/2008|17:48] C:\DOCUME~1\Thomas\APPLIC~1\Apple Computer
    [16/01/2009|20:03] C:\DOCUME~1\Thomas\APPLIC~1\Azureus
    [31/10/2008|20:32] C:\DOCUME~1\Thomas\APPLIC~1\DAEMON Tools
    [16/11/2008|19:51] C:\DOCUME~1\Thomas\APPLIC~1\Dev-Cpp
    [30/10/2008|20:47] C:\DOCUME~1\Thomas\APPLIC~1\DivX
    [22/01/2009|15:32] C:\DOCUME~1\Thomas\APPLIC~1\dvdcss
    [23/01/2009|16:54] C:\DOCUME~1\Thomas\APPLIC~1\FileZilla
    [30/12/2008|12:40] C:\DOCUME~1\Thomas\APPLIC~1\FindeXer
    [12/01/2009|18:24] C:\DOCUME~1\Thomas\APPLIC~1\Google
    [30/10/2008|13:05] C:\DOCUME~1\Thomas\APPLIC~1\Identities
    [03/11/2008|19:41] C:\DOCUME~1\Thomas\APPLIC~1\InfraRecorder
    [14/11/2008|22:45] C:\DOCUME~1\Thomas\APPLIC~1\Leadertech
    [19/01/2009|17:50] C:\DOCUME~1\Thomas\APPLIC~1\LimeWire
    [30/10/2008|14:19] C:\DOCUME~1\Thomas\APPLIC~1\Macromedia
    [22/01/2009|21:33] C:\DOCUME~1\Thomas\APPLIC~1\Microsoft
    [14/12/2008|18:30] C:\DOCUME~1\Thomas\APPLIC~1\Mozilla
    [22/11/2008|18:06] C:\DOCUME~1\Thomas\APPLIC~1\Nvu
    [31/10/2008|10:25] C:\DOCUME~1\Thomas\APPLIC~1\OpenOffice.org
    [22/01/2009|20:00] C:\DOCUME~1\Thomas\APPLIC~1\Oxemis
    [14/11/2008|22:17] C:\DOCUME~1\Thomas\APPLIC~1\Sonic
    [30/10/2008|15:05] C:\DOCUME~1\Thomas\APPLIC~1\Sun
    [31/10/2008|16:05] C:\DOCUME~1\Thomas\APPLIC~1\TeamViewer
    [14/12/2008|18:30] C:\DOCUME~1\Thomas\APPLIC~1\Thunderbird
    [06/12/2008|16:07] C:\DOCUME~1\Thomas\APPLIC~1\Ulead Systems
    [27/12/2008|20:51] C:\DOCUME~1\Thomas\APPLIC~1\vlc
    [21/12/2008|14:59] C:\DOCUME~1\Thomas\APPLIC~1\Winamp
    [30/10/2008|15:18] C:\DOCUME~1\Thomas\APPLIC~1\WinRAR
    [31/12/2008|17:15] C:\DOCUME~1\Thomas\APPLIC~1\Yahoo!

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [30/10/2008 14:50][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [23/01/2009 18:51][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [18/12/2008|17:41] C:\Program Files\Adobe
    [15/01/2009|19:07] C:\Program Files\AIDA32 - Personal System Information
    [30/10/2008|14:13] C:\Program Files\Alwil Software
    [28/10/2008|12:59] C:\Program Files\Analog Devices
    [30/10/2008|14:50] C:\Program Files\Apple Software Update
    [07/12/2008|20:30] C:\Program Files\Avira
    [21/11/2008|18:12] C:\Program Files\Azureus
    [06/12/2008|11:26] C:\Program Files\Bonjour
    [31/12/2008|17:15] C:\Program Files\CCleaner
    [29/12/2008|17:46] C:\Program Files\Circle Developement
    [22/11/2008|17:29] C:\Program Files\Club-Internet
    [08/11/2008|10:55] C:\Program Files\Common Files
    [01/01/2009|15:05] C:\Program Files\CursorXP
    [05/11/2008|19:48] C:\Program Files\DAEMON Tools Lite
    [15/11/2008|11:35] C:\Program Files\DAEMON Tools Toolbar
    [21/12/2008|18:24] C:\Program Files\DivX
    [30/12/2008|17:51] C:\Program Files\Domain Tools
    [31/12/2008|14:58] C:\Program Files\EA GAMES
    [15/11/2008|11:35] C:\Program Files\Far
    [23/01/2009|17:54] C:\Program Files\Fichiers communs
    [30/10/2008|15:52] C:\Program Files\FileSubmit
    [21/11/2008|15:03] C:\Program Files\FileZilla FTP Client
    [23/01/2009|19:01] C:\Program Files\FindyKill
    [14/01/2009|17:20] C:\Program Files\Google
    [16/01/2009|20:14] C:\Program Files\Gpotato.eu
    [30/10/2008|13:15] C:\Program Files\Hercules
    [14/01/2009|14:18] C:\Program Files\Image-Line
    [23/01/2009|15:21] C:\Program Files\IncrediMail
    [16/01/2009|20:14] C:\Program Files\InstallShield Installation Information
    [30/12/2008|14:21] C:\Program Files\Internet Explorer
    [30/10/2008|14:52] C:\Program Files\iPod
    [02/11/2008|17:57] C:\Program Files\iTunes
    [07/12/2008|11:14] C:\Program Files\Java
    [30/10/2008|15:03] C:\Program Files\LimeWire
    [22/11/2008|17:22] C:\Program Files\LMOFT Web Creator Pro 4
    [07/12/2008|11:29] C:\Program Files\LMSOFT Web Creator Pro 4
    [21/12/2008|18:14] C:\Program Files\Logitech
    [20/12/2008|21:29] C:\Program Files\Messenger
    [15/01/2009|15:44] C:\Program Files\Messenger Plus! Live
    [29/12/2008|17:33] C:\Program Files\Microsoft
    [12/12/2008|21:30] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [26/10/2008|20:50] C:\Program Files\microsoft frontpage
    [22/01/2009|13:58] C:\Program Files\Microsoft Silverlight
    [30/12/2008|14:21] C:\Program Files\Movie Maker
    [23/01/2009|18:54] C:\Program Files\Mozilla Firefox
    [22/01/2009|19:42] C:\Program Files\Mozilla Thunderbird
    [26/10/2008|20:46] C:\Program Files\MSN
    [26/10/2008|20:46] C:\Program Files\MSN Gaming Zone
    [12/12/2008|21:29] C:\Program Files\MSXML 4.0
    [23/01/2009|19:01] C:\Program Files\Navilog1
    [20/12/2008|18:57] C:\Program Files\NetMeeting
    [06/12/2008|11:23] C:\Program Files\Nvu
    [26/10/2008|20:46] C:\Program Files\Online Services
    [31/10/2008|10:22] C:\Program Files\OpenOffice.org 3
    [30/12/2008|14:21] C:\Program Files\Outlook Express
    [08/11/2008|18:11] C:\Program Files\Outsim
    [18/12/2008|17:36] C:\Program Files\QuickTime
    [23/01/2009|15:21] C:\Program Files\Ref Hotkey
    [22/11/2008|17:28] C:\Program Files\RegCleaner
    [30/12/2008|12:28] C:\Program Files\RK Launcher
    [28/12/2008|11:14] C:\Program Files\RPG Maker VX
    [02/11/2008|12:09] C:\Program Files\SearchSpy
    [26/10/2008|20:48] C:\Program Files\Services en ligne
    [02/11/2008|17:38] C:\Program Files\Speeditup Free
    [13/01/2009|18:11] C:\Program Files\Spybot - Search & Destroy
    [04/11/2008|17:47] C:\Program Files\T4E
    [21/12/2008|15:02] C:\Program Files\VideoLAN
    [07/12/2008|13:14] C:\Program Files\Vietcong
    [21/12/2008|18:23] C:\Program Files\VirtualDJ
    [14/01/2009|14:17] C:\Program Files\VstPlugins
    [08/11/2008|10:34] C:\Program Files\Wakfu
    [21/12/2008|12:08] C:\Program Files\Winamp
    [29/12/2008|17:35] C:\Program Files\Windows Live
    [30/12/2008|14:21] C:\Program Files\Windows Media Player
    [20/12/2008|18:56] C:\Program Files\Windows NT
    [02/11/2008|17:59] C:\Program Files\WinRAR
    [26/10/2008|20:50] C:\Program Files\xerox
    [01/01/2009|15:09] C:\Program Files\Yahoo!

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [18/12/2008|17:43] C:\Program Files\Fichiers communs\Adobe
    [30/10/2008|14:51] C:\Program Files\Fichiers communs\Apple
    [31/12/2008|15:07] C:\Program Files\Fichiers communs\DirectX
    [16/01/2009|20:14] C:\Program Files\Fichiers communs\InstallShield
    [21/12/2008|18:14] C:\Program Files\Fichiers communs\logishrd
    [21/12/2008|18:22] C:\Program Files\Fichiers communs\Logitech
    [22/11/2008|12:22] C:\Program Files\Fichiers communs\Macrovision Shared
    [16/01/2009|13:46] C:\Program Files\Fichiers communs\Microsoft Shared
    [26/10/2008|20:47] C:\Program Files\Fichiers communs\MSSoap
    [06/12/2008|19:09] C:\Program Files\Fichiers communs\NSV
    [26/10/2008|20:47] C:\Program Files\Fichiers communs\Services
    [26/10/2008|21:01] C:\Program Files\Fichiers communs\SpeechEngines
    [30/12/2008|14:21] C:\Program Files\Fichiers communs\System
    [29/12/2008|17:22] C:\Program Files\Fichiers communs\Windows Live
    [22/11/2008|17:27] C:\Program Files\Fichiers communs\WindowsLiveInstaller

    --------------------\\ Process

    ( 28 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\Program Files\Circle Developement

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-23 19:03:07
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 67

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\Thomas\Application Data\Azureus\torrents\Fruity Loops Studio 8 0 0 XXL Producer Edition FINAL + Working CRACK [h33t][ziiiLi] [www.Fulldls.com]-1.torrent
    C:\DOCUME~1\Thomas\Application Data\Azureus\torrents\Fruity Loops Studio 8.0.0 XXL Producer Edition FINAL + Working CRACK! [h33t][ziiiLi] [mininova].torrent
    C:\DOCUME~1\Thomas\Application Data\Azureus\torrents\LMSOFT.Web.Creator.Pro.v4.0.0.5.Incl.Crack [mininova].torrent
    C:\DOCUME~1\Thomas\Application Data\Azureus\torrents\LMSOFT.Web.Creator.Pro.v4.0.0.5.Incl.Crack.torrent -moNova.org- .torrent
    C:\DOCUME~1\Thomas\Application Data\Azureus\torrents\LMSOFT.Web.Creator.Pro.v4.0.0.5.with.Crack.torrent
    C:\DOCUME~1\Thomas\Application Data\Azureus\torrents\Virtual Dj 4.3 + Crack By Dj Nilo.rar [mininova].torrent
    C:\DOCUME~1\Thomas\Application Data\Azureus\torrents\[isoHunt] LMSOFT.Web.Creator.Pro.v4.0.0.5.With.Crack.[ FOXI ] SANS SERIAL (ENG FR).rar.torrent
    C:\DOCUME~1\Thomas\Application Data\LimeWire\.AppSpecialShare\LMSOFT.Web.Creator.Pro.v4.0.0.5.With.Crack.[ FOXI ] SANS SERIAL (ENG FR).rar.torrent.bak
    C:\DOCUME~1\Thomas\Mes documents\Azureus Downloads\Adobe photoshop CS3 FRENCH\Crack
    C:\DOCUME~1\Thomas\Mes documents\Azureus Downloads\Adobe photoshop CS3 FRENCH\Crack\Install.txt


    [F:2][D:0]-> C:\DOCUME~1\Thomas\LOCALS~1\Temp
    [F:1][D:0]-> C:\DOCUME~1\Thomas\Cookies
    [F:6][D:4]-> C:\DOCUME~1\Thomas\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 23/01/2009|19:04 - Option : [1]

    --------------------\\ Fin du rapport a 19:04:19
    m
    0
    l
    a c 267 8 Sécurité
    23 Janvier 2009 19:14:26

  • Relance Lop S&D.
  • Choisis cette fois-ci l'option 2 (Suppression).
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré (C:\lopR.txt).

    (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
    m
    0
    l
    23 Janvier 2009 20:08:48

    Rapport :

    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
    BIOS : Default System BIOS
    USER : Thomas ( Administrator )
    BOOT : Normal boot
    Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:74 Go (Free:40 Go)
    D:\ (CD or DVD)
    E:\ (CD or DVD)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [2] ( 23/01/2009|20:04 )


    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

    Supprime! - C:\Program Files\Circle Developement

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    --------------------\\ Listing des dossiers dans APPLIC~1

    [26/10/2008|21:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
    [30/10/2008|13:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
    [30/10/2008|13:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
    [30/10/2008|11:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

    [30/10/2008|14:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    [18/12/2008|17:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [30/10/2008|14:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [30/10/2008|14:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [07/12/2008|20:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    [30/10/2008|15:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
    [03/11/2008|19:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
    [16/11/2008|16:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
    [18/01/2009|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [27/11/2008|19:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM
    [27/11/2008|19:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail
    [16/01/2009|20:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [21/12/2008|18:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
    [21/11/2008|18:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
    [31/10/2008|10:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [29/12/2008|17:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [29/10/2008|17:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
    [22/01/2009|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC SOFT
    [23/01/2009|16:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [07/12/2008|11:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
    [16/12/2008|16:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [30/10/2008|14:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

    [26/10/2008|20:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [26/10/2008|20:49] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [26/10/2008|20:49] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [04/11/2008|20:24] C:\DOCUME~1\Thomas\APPLIC~1\~LM00001.tmp
    [04/11/2008|20:25] C:\DOCUME~1\Thomas\APPLIC~1\~LM00002.tmp
    [04/11/2008|20:46] C:\DOCUME~1\Thomas\APPLIC~1\~LM00003.tmp
    [05/11/2008|21:05] C:\DOCUME~1\Thomas\APPLIC~1\~LM00004.tmp
    [05/11/2008|21:06] C:\DOCUME~1\Thomas\APPLIC~1\~LM00005.tmp
    [29/11/2008|12:59] C:\DOCUME~1\Thomas\APPLIC~1\~LM00006.tmp
    [29/11/2008|13:11] C:\DOCUME~1\Thomas\APPLIC~1\~LM00007.tmp
    [29/11/2008|13:51] C:\DOCUME~1\Thomas\APPLIC~1\~LM00008.tmp
    [17/01/2009|10:58] C:\DOCUME~1\Thomas\APPLIC~1\Adobe
    [03/11/2008|17:48] C:\DOCUME~1\Thomas\APPLIC~1\Apple Computer
    [16/01/2009|20:03] C:\DOCUME~1\Thomas\APPLIC~1\Azureus
    [31/10/2008|20:32] C:\DOCUME~1\Thomas\APPLIC~1\DAEMON Tools
    [16/11/2008|19:51] C:\DOCUME~1\Thomas\APPLIC~1\Dev-Cpp
    [30/10/2008|20:47] C:\DOCUME~1\Thomas\APPLIC~1\DivX
    [22/01/2009|15:32] C:\DOCUME~1\Thomas\APPLIC~1\dvdcss
    [23/01/2009|16:54] C:\DOCUME~1\Thomas\APPLIC~1\FileZilla
    [30/12/2008|12:40] C:\DOCUME~1\Thomas\APPLIC~1\FindeXer
    [12/01/2009|18:24] C:\DOCUME~1\Thomas\APPLIC~1\Google
    [30/10/2008|13:05] C:\DOCUME~1\Thomas\APPLIC~1\Identities
    [03/11/2008|19:41] C:\DOCUME~1\Thomas\APPLIC~1\InfraRecorder
    [14/11/2008|22:45] C:\DOCUME~1\Thomas\APPLIC~1\Leadertech
    [19/01/2009|17:50] C:\DOCUME~1\Thomas\APPLIC~1\LimeWire
    [30/10/2008|14:19] C:\DOCUME~1\Thomas\APPLIC~1\Macromedia
    [22/01/2009|21:33] C:\DOCUME~1\Thomas\APPLIC~1\Microsoft
    [14/12/2008|18:30] C:\DOCUME~1\Thomas\APPLIC~1\Mozilla
    [22/11/2008|18:06] C:\DOCUME~1\Thomas\APPLIC~1\Nvu
    [31/10/2008|10:25] C:\DOCUME~1\Thomas\APPLIC~1\OpenOffice.org
    [22/01/2009|20:00] C:\DOCUME~1\Thomas\APPLIC~1\Oxemis
    [14/11/2008|22:17] C:\DOCUME~1\Thomas\APPLIC~1\Sonic
    [30/10/2008|15:05] C:\DOCUME~1\Thomas\APPLIC~1\Sun
    [31/10/2008|16:05] C:\DOCUME~1\Thomas\APPLIC~1\TeamViewer
    [14/12/2008|18:30] C:\DOCUME~1\Thomas\APPLIC~1\Thunderbird
    [06/12/2008|16:07] C:\DOCUME~1\Thomas\APPLIC~1\Ulead Systems
    [27/12/2008|20:51] C:\DOCUME~1\Thomas\APPLIC~1\vlc
    [21/12/2008|14:59] C:\DOCUME~1\Thomas\APPLIC~1\Winamp
    [30/10/2008|15:18] C:\DOCUME~1\Thomas\APPLIC~1\WinRAR
    [31/12/2008|17:15] C:\DOCUME~1\Thomas\APPLIC~1\Yahoo!

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [30/10/2008 14:50][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [23/01/2009 18:51][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [18/12/2008|17:41] C:\Program Files\Adobe
    [15/01/2009|19:07] C:\Program Files\AIDA32 - Personal System Information
    [30/10/2008|14:13] C:\Program Files\Alwil Software
    [28/10/2008|12:59] C:\Program Files\Analog Devices
    [30/10/2008|14:50] C:\Program Files\Apple Software Update
    [07/12/2008|20:30] C:\Program Files\Avira
    [21/11/2008|18:12] C:\Program Files\Azureus
    [06/12/2008|11:26] C:\Program Files\Bonjour
    [31/12/2008|17:15] C:\Program Files\CCleaner
    [22/11/2008|17:29] C:\Program Files\Club-Internet
    [08/11/2008|10:55] C:\Program Files\Common Files
    [01/01/2009|15:05] C:\Program Files\CursorXP
    [05/11/2008|19:48] C:\Program Files\DAEMON Tools Lite
    [15/11/2008|11:35] C:\Program Files\DAEMON Tools Toolbar
    [21/12/2008|18:24] C:\Program Files\DivX
    [30/12/2008|17:51] C:\Program Files\Domain Tools
    [31/12/2008|14:58] C:\Program Files\EA GAMES
    [15/11/2008|11:35] C:\Program Files\Far
    [23/01/2009|17:54] C:\Program Files\Fichiers communs
    [30/10/2008|15:52] C:\Program Files\FileSubmit
    [21/11/2008|15:03] C:\Program Files\FileZilla FTP Client
    [23/01/2009|19:01] C:\Program Files\FindyKill
    [14/01/2009|17:20] C:\Program Files\Google
    [16/01/2009|20:14] C:\Program Files\Gpotato.eu
    [30/10/2008|13:15] C:\Program Files\Hercules
    [14/01/2009|14:18] C:\Program Files\Image-Line
    [23/01/2009|15:21] C:\Program Files\IncrediMail
    [16/01/2009|20:14] C:\Program Files\InstallShield Installation Information
    [30/12/2008|14:21] C:\Program Files\Internet Explorer
    [30/10/2008|14:52] C:\Program Files\iPod
    [02/11/2008|17:57] C:\Program Files\iTunes
    [07/12/2008|11:14] C:\Program Files\Java
    [30/10/2008|15:03] C:\Program Files\LimeWire
    [22/11/2008|17:22] C:\Program Files\LMOFT Web Creator Pro 4
    [07/12/2008|11:29] C:\Program Files\LMSOFT Web Creator Pro 4
    [21/12/2008|18:14] C:\Program Files\Logitech
    [20/12/2008|21:29] C:\Program Files\Messenger
    [15/01/2009|15:44] C:\Program Files\Messenger Plus! Live
    [29/12/2008|17:33] C:\Program Files\Microsoft
    [12/12/2008|21:30] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [26/10/2008|20:50] C:\Program Files\microsoft frontpage
    [22/01/2009|13:58] C:\Program Files\Microsoft Silverlight
    [30/12/2008|14:21] C:\Program Files\Movie Maker
    [23/01/2009|20:04] C:\Program Files\Mozilla Firefox
    [22/01/2009|19:42] C:\Program Files\Mozilla Thunderbird
    [26/10/2008|20:46] C:\Program Files\MSN
    [26/10/2008|20:46] C:\Program Files\MSN Gaming Zone
    [12/12/2008|21:29] C:\Program Files\MSXML 4.0
    [23/01/2009|19:01] C:\Program Files\Navilog1
    [20/12/2008|18:57] C:\Program Files\NetMeeting
    [06/12/2008|11:23] C:\Program Files\Nvu
    [26/10/2008|20:46] C:\Program Files\Online Services
    [31/10/2008|10:22] C:\Program Files\OpenOffice.org 3
    [30/12/2008|14:21] C:\Program Files\Outlook Express
    [08/11/2008|18:11] C:\Program Files\Outsim
    [18/12/2008|17:36] C:\Program Files\QuickTime
    [23/01/2009|15:21] C:\Program Files\Ref Hotkey
    [22/11/2008|17:28] C:\Program Files\RegCleaner
    [30/12/2008|12:28] C:\Program Files\RK Launcher
    [28/12/2008|11:14] C:\Program Files\RPG Maker VX
    [02/11/2008|12:09] C:\Program Files\SearchSpy
    [26/10/2008|20:48] C:\Program Files\Services en ligne
    [02/11/2008|17:38] C:\Program Files\Speeditup Free
    [13/01/2009|18:11] C:\Program Files\Spybot - Search & Destroy
    [04/11/2008|17:47] C:\Program Files\T4E
    [21/12/2008|15:02] C:\Program Files\VideoLAN
    [07/12/2008|13:14] C:\Program Files\Vietcong
    [21/12/2008|18:23] C:\Program Files\VirtualDJ
    [14/01/2009|14:17] C:\Program Files\VstPlugins
    [08/11/2008|10:34] C:\Program Files\Wakfu
    [21/12/2008|12:08] C:\Program Files\Winamp
    [29/12/2008|17:35] C:\Program Files\Windows Live
    [30/12/2008|14:21] C:\Program Files\Windows Media Player
    [20/12/2008|18:56] C:\Program Files\Windows NT
    [02/11/2008|17:59] C:\Program Files\WinRAR
    [26/10/2008|20:50] C:\Program Files\xerox
    [01/01/2009|15:09] C:\Program Files\Yahoo!

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [18/12/2008|17:43] C:\Program Files\Fichiers communs\Adobe
    [30/10/2008|14:51] C:\Program Files\Fichiers communs\Apple
    [31/12/2008|15:07] C:\Program Files\Fichiers communs\DirectX
    [16/01/2009|20:14] C:\Program Files\Fichiers communs\InstallShield
    [21/12/2008|18:14] C:\Program Files\Fichiers communs\logishrd
    [21/12/2008|18:22] C:\Program Files\Fichiers communs\Logitech
    [22/11/2008|12:22] C:\Program Files\Fichiers communs\Macrovision Shared
    [16/01/2009|13:46] C:\Program Files\Fichiers communs\Microsoft Shared
    [26/10/2008|20:47] C:\Program Files\Fichiers communs\MSSoap
    [06/12/2008|19:09] C:\Program Files\Fichiers communs\NSV
    [26/10/2008|20:47] C:\Program Files\Fichiers communs\Services
    [26/10/2008|21:01] C:\Program Files\Fichiers communs\SpeechEngines
    [30/12/2008|14:21] C:\Program Files\Fichiers communs\System
    [29/12/2008|17:22] C:\Program Files\Fichiers communs\Windows Live
    [22/11/2008|17:27] C:\Program Files\Fichiers communs\WindowsLiveInstaller

    --------------------\\ Process

    ( 26 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-23 20:05:54
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 67

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\Thomas\Application Data\Azureus\torrents\Fruity Loops Studio 8 0 0 XXL Producer Edition FINAL + Working CRACK [h33t][ziiiLi] [www.Fulldls.com]-1.torrent
    C:\DOCUME~1\Thomas\Application Data\Azureus\torrents\Fruity Loops Studio 8.0.0 XXL Producer Edition FINAL + Working CRACK! [h33t][ziiiLi] [mininova].torrent
    C:\DOCUME~1\Thomas\Application Data\Azureus\torrents\LMSOFT.Web.Creator.Pro.v4.0.0.5.Incl.Crack [mininova].torrent
    C:\DOCUME~1\Thomas\Application Data\Azureus\torrents\LMSOFT.Web.Creator.Pro.v4.0.0.5.Incl.Crack.torrent -moNova.org- .torrent
    C:\DOCUME~1\Thomas\Application Data\Azureus\torrents\LMSOFT.Web.Creator.Pro.v4.0.0.5.with.Crack.torrent
    C:\DOCUME~1\Thomas\Application Data\Azureus\torrents\Virtual Dj 4.3 + Crack By Dj Nilo.rar [mininova].torrent
    C:\DOCUME~1\Thomas\Application Data\Azureus\torrents\[isoHunt] LMSOFT.Web.Creator.Pro.v4.0.0.5.With.Crack.[ FOXI ] SANS SERIAL (ENG FR).rar.torrent
    C:\DOCUME~1\Thomas\Application Data\LimeWire\.AppSpecialShare\LMSOFT.Web.Creator.Pro.v4.0.0.5.With.Crack.[ FOXI ] SANS SERIAL (ENG FR).rar.torrent.bak
    C:\DOCUME~1\Thomas\Mes documents\Azureus Downloads\Adobe photoshop CS3 FRENCH\Crack
    C:\DOCUME~1\Thomas\Mes documents\Azureus Downloads\Adobe photoshop CS3 FRENCH\Crack\Install.txt


    [F:4][D:1]-> C:\DOCUME~1\Thomas\LOCALS~1\Temp
    [F:1][D:0]-> C:\DOCUME~1\Thomas\Cookies
    [F:6][D:4]-> C:\DOCUME~1\Thomas\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 23/01/2009|19:04 - Option : [1]
    2 - "C:\Lop SD\LopR_2.txt" - 23/01/2009|20:06 - Option : [2]

    --------------------\\ Fin du rapport a 20:06:48
    m
    0
    l
    a c 267 8 Sécurité
    23 Janvier 2009 20:11:42

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher.
  • L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    m
    0
    l
    23 Janvier 2009 20:20:05

    Rapport :

    Malwarebytes' Anti-Malware 1.33
    Version de la base de données: 1684
    Windows 5.1.2600 Service Pack 3

    23/01/2009 20:19:23
    mbam-log-2009-01-23 (20-19-23).txt

    Type de recherche: Examen rapide
    Eléments examinés: 49568
    Temps écoulé: 3 minute(s), 1 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    m
    0
    l
    a c 267 8 Sécurité
    23 Janvier 2009 20:25:23

    Bien.

    - Fais un scan en ligne ici : http://webscanner.kaspersky.fr/ (Avec Internet Explorer)

    - En bas à droite, clique sur Démarrer Online-scanner.

    - Dans la nouvelle fenêtre qui s'affiche, clique sur J'accepte.

    - Accepte les Contrôles ActiveX.

    - Choisis Poste de travail pour le scan.

    - Celui-ci terminé, sauvegarde (Choisis fichier texte) et poste le rapport.

    - Pour t'aider à utiliser le scan en ligne : Tutoriel

    Note : Si tu reçois le message La licence de Kaspersky On-line Scanner est périmée, va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.
    m
    0
    l
    23 Janvier 2009 22:32:55

    Rapport :

    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Friday, January 23, 2009 10:31:54 PM
    Système d'exploitation : Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
    Kaspersky On-line Scanner version : 5.0.84.2
    Dernière mise à jour de la base antivirus Kaspersky : 23/01/2009
    Enregistrements dans la base antivirus Kaspersky : 1505720
    -------------------------------------------------------------------------------

    Paramètres d'analyse:
    Analyser avec la base antivirus suivante: standard
    Analyser les archives: vrai
    Analyser les bases de messagerie: vrai

    Cible de l'analyse - Poste de travail:
    A:\
    C:\
    D:\
    E:\

    Statistiques de l'analyse:
    Total d'objets analysés: 107643
    Nombre de virus trouvés: 5
    Nombre d'objets infectés: 325 / 0
    Nombre d'objets suspects: 2
    Durée de l'analyse: 01:43:32

    Nom de l'objet infecté / Nom du virus / Dernière action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\4akfvo5p.default\cert8.db L'objet est verrouillé ignoré
    C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\4akfvo5p.default\content-prefs.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\4akfvo5p.default\cookies.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\4akfvo5p.default\downloads.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\4akfvo5p.default\formhistory.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\4akfvo5p.default\key3.db L'objet est verrouillé ignoré
    C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\4akfvo5p.default\parent.lock L'objet est verrouillé ignoré
    C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\4akfvo5p.default\permissions.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\4akfvo5p.default\places.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\4akfvo5p.default\places.sqlite-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\4akfvo5p.default\search.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\Thomas\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Thomas\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Thomas\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\4akfvo5p.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré
    C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\4akfvo5p.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré
    C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\4akfvo5p.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré
    C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\4akfvo5p.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré
    C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\4akfvo5p.default\urlclassifier3.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\Thomas\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Thomas\Local Settings\Historique\History.IE5\MSHist012009012320090124\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Thomas\Local Settings\temp\amt.log L'objet est verrouillé ignoré
    C:\Documents and Settings\Thomas\Local Settings\temp\etilqs_gA4PVaBZ875raUls4lVj L'objet est verrouillé ignoré
    C:\Documents and Settings\Thomas\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Thomas\Mes documents\LimeWire\Incomplete\Preview-T-3877633-i am dj - greatest hits.mp3 Infecté : Trojan-Downloader.WMA.GetCodec.n ignoré
    C:\Documents and Settings\Thomas\Mes documents\LimeWire\Incomplete\T-3877633-i am dj - greatest hits.mp3 Infecté : Trojan-Downloader.WMA.GetCodec.n ignoré
    C:\Documents and Settings\Thomas\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\Thomas\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\drivers\downld\15004546.exe.vir Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\drivers\downld\15189625.exe.vir Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\drivers\downld\180890.exe.vir Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\drivers\downld\186140.exe.vir Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\drivers\downld\204812.exe.vir Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\drivers\downld\241953.exe.vir Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\drivers\downld\294734.exe.vir Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\drivers\downld\297640.exe.vir Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\drivers\downld\299875.exe.vir Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\drivers\downld\338078.exe.vir Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\drivers\downld\491640.exe.vir Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\drivers\winupgro.exe.vir Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\drivers\_wfsintwq_.sys.zip/wfsintwq.sys Infecté : Trojan-Downloader.Win32.Bagle.amj ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\drivers\_wfsintwq_.sys.zip ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\data.oct.vir Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\flec006.exe.vir Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\.Net dll tool 0.11.zip.vir/setup.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\.Net dll tool 0.11.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\12Ghosts Backup 9.50.132.5502.zip.vir/serial.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\12Ghosts Backup 9.50.132.5502.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\3D Stacked Vertical Bar Graph Software 4.6.zip.vir/install_crack.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\3D Stacked Vertical Bar Graph Software 4.6.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\50-632 Free Test Exam Questions 10.0.zip.vir/install_patch.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\50-632 Free Test Exam Questions 10.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Abdio PDF Creator 6.2.zip.vir/key_gen.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Abdio PDF Creator 6.2.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Advanced Form Creator and Processor 2.0.zip.vir/install_patch.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Advanced Form Creator and Processor 2.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Afree DVD Ripper Platinum 5.2.zip.vir/run.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Afree DVD Ripper Platinum 5.2.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\AlterWind Log Analyzer Standard 4.0.zip.vir/serial.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\AlterWind Log Analyzer Standard 4.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Amazing Fractal Visions Screensaver 2.0.zip.vir/install_crack.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Amazing Fractal Visions Screensaver 2.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Amond DVD to Apple TV Converter 3.1.2.zip.vir/key_generator.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Amond DVD to Apple TV Converter 3.1.2.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Anti-Spy.Info adware remover 1.7.0.zip.vir/patch.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Anti-Spy.Info adware remover 1.7.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Anti-Twin 1.8.zip.vir/install.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Anti-Twin 1.8.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\APPOINT 2.7.zip.vir/install_patch.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\APPOINT 2.7.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Appointments 1.0.zip.vir/key_generator.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Appointments 1.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\ARIA Business Management 0.99.6.zip.vir/key_gen.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\ARIA Business Management 0.99.6.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\ASPNetVideo 2.0.zip.vir/keygen.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\ASPNetVideo 2.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Atomic Email Logger 4.04.zip.vir/install.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Atomic Email Logger 4.04.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Audio Convert Magic 7.4.0.10.zip.vir/setup.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Audio Convert Magic 7.4.0.10.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Audio MP3 Maker Deluxe 1.16.zip.vir/install_patch.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Audio MP3 Maker Deluxe 1.16.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Autorun Creator 1.9.zip.vir/serial.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Autorun Creator 1.9.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Avast!-kG.zip.vir/key_generator.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Avast!-kG.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\avast.4.5pro.fr.zip.vir/setup.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\avast.4.5pro.fr.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\AVG.Antivirus.7.5.433.904.Ita.+.serial.zip.vir/crac.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\AVG.Antivirus.7.5.433.904.Ita.+.serial.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Avg.Internet.Security.7.5.Keygen.zip.vir/patch.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Avg.Internet.Security.7.5.Keygen.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\AVR Pas2asm Editor 1.1.zip.vir/install_crack.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\AVR Pas2asm Editor 1.1.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Babya Wavettes 1.0.zip.vir/patch.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Babya Wavettes 1.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Basic Crystal Package - Icon Collections New.zip.vir/patch.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Basic Crystal Package - Icon Collections New.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Battery Doubler 1.2.1.zip.vir/keygen.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Battery Doubler 1.2.1.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Bestel Video to DVD Creator 1.2.5.zip.vir/crac.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Bestel Video to DVD Creator 1.2.5.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Beyond Sync 3.5.8.135.zip.vir/crac.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Beyond Sync 3.5.8.135.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Bidolay 1.00.zip.vir/install_crack.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Bidolay 1.00.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\BlueBox 1.0.0.0.zip.vir/install_patch.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\BlueBox 1.0.0.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Bookmarker Firefox Add-on 3.0.20080913.zip.vir/setup.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Bookmarker Firefox Add-on 3.0.20080913.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Bubbles Theme 2.0.zip.vir/install_patch.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Bubbles Theme 2.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Bullet Reader 1.0.zip.vir/key_generator.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Bullet Reader 1.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\BusinessCards 6.02.zip.vir/install_crack.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\BusinessCards 6.02.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Calendar Magic 17.11.zip.vir/setup.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Calendar Magic 17.11.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\ColorBtn 7.0.zip.vir/key_gen.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\ColorBtn 7.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Convert DVD to iPod 2.00.zip.vir/install_crack.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Convert DVD to iPod 2.00.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Daisy Pipeline GUI 1.0.zip.vir/install_patch.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Daisy Pipeline GUI 1.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Data Master 2003 11.8.0.335.zip.vir/keygen.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Data Master 2003 11.8.0.335.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\DBF to MDB (Access) 2.05.zip.vir/serial.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\DBF to MDB (Access) 2.05.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\DDert 1.0.zip.vir/install.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\DDert 1.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Digital Clock 1.0.0.zip.vir/key_generator.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Digital Clock 1.0.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Digital Photo Recovery 2.1.9.0.zip.vir/install_crack.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Digital Photo Recovery 2.1.9.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Displaying 86001 - 88000 of 107598.zip.vir/crac.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Displaying 86001 - 88000 of 107598.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\EngInSite CSS Editor 1.2.4.321.zip.vir/install_patch.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\EngInSite CSS Editor 1.2.4.321.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Estimator 2.0.zip.vir/install_crack.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Estimator 2.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\EventTracker 5.4 Build 19.zip.vir/key_gen.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\EventTracker 5.4 Build 19.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\EW0-100 - Extreme Networks Associate Practice Exam Questions 1.0.zip.vir/key_generator.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\EW0-100 - Extreme Networks Associate Practice Exam Questions 1.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Exit Windows 1.00.zip.vir/patch.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Exit Windows 1.00.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\eXPert PDF ViewerX Control 1.0.zip.vir/setup.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\eXPert PDF ViewerX Control 1.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\FileHelper 1.2.zip.vir/serial.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\FileHelper 1.2.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Financial Advisor for Excel Standard 3.0.zip.vir/install.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Financial Advisor for Excel Standard 3.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\First Borders Focus 1.1.2.zip.vir/keygen.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\First Borders Focus 1.1.2.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Flash in a Shell 1.0.zip.vir/keygen.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Flash in a Shell 1.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Flash Video MX SDK V2 2.0.4.0.zip.vir/setup.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Flash Video MX SDK V2 2.0.4.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\FORTUNA DOT REGULAR 1.0.zip.vir/setup.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\FORTUNA DOT REGULAR 1.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Garden Flash Template 1.0 build 2006.07.27.zip.vir/patch.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Garden Flash Template 1.0 build 2006.07.27.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\GIOCHI NOKIA-Crash n'burn.zip.vir/install_patch.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\GIOCHI NOKIA-Crash n'burn.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Glossy 1.0.zip.vir/run.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Glossy 1.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Goblins' Festival 3D Screensaver 1.0.zip.vir/run.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Goblins' Festival 3D Screensaver 1.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Gooey 1.0.zip.vir/crac.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Gooey 1.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\GW Debug 1.0.zip.vir/key_gen.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\GW Debug 1.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\HD Tune Pro 3.10.zip.vir/crac.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\HD Tune Pro 3.10.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\His Grepship 4.3.0.4.zip.vir/run.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\His Grepship 4.3.0.4.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Home Credit Card 3.0.050611.zip.vir/key_generator.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Home Credit Card 3.0.050611.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Horror of All Caps.zip.vir/key_generator.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Horror of All Caps.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Hypercube Time Stretcher 1.0.zip.vir/serial.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Hypercube Time Stretcher 1.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\iCoverArt 1.1.zip.vir/key_generator.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\iCoverArt 1.1.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Image armada freeware 1.5 1.5.zip.vir/key_gen.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Image armada freeware 1.5 1.5.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\InfoTainment Player 1.0.zip.vir/crac.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\InfoTainment Player 1.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\ITA Monitor 2.01.zip.vir/install_crack.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\ITA Monitor 2.01.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Japplis Toolbox 1.1.zip.vir/patch.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Japplis Toolbox 1.1.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\JDataGrid Spreadsheet Edition 2.7.0.zip.vir/install.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\JDataGrid Spreadsheet Edition 2.7.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Kaspersky.Anti.Virus.v6.0.0.299cue.zip.vir/setup.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Kaspersky.Anti.Virus.v6.0.0.299cue.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Kaspersky_Internet_Security_2006_6.0.0.300_RUS_Final_Cracked.zip.vir/install_crack.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Kaspersky_Internet_Security_2006_6.0.0.300_RUS_Final_Cracked.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Lanap BotDetect ASP.NET CAPTCHA 2.0.12.0.zip.vir/install.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Lanap BotDetect ASP.NET CAPTCHA 2.0.12.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\LingvoSoft Learning PhraseBook 2008 German - Armenian 2.3.86.zip.vir/key_generator.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\LingvoSoft Learning PhraseBook 2008 German - Armenian 2.3.86.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\LiteCommerce 2.1 build 50216.zip.vir/run.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\LiteCommerce 2.1 build 50216.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Lottery 1.10.zip.vir/install_crack.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Lottery 1.10.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\MaxtoCode Standard 3.0.7.zip.vir/key_generator.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\MaxtoCode Standard 3.0.7.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Microsoft Silverlight Tools for Visual Studio 2008 SP1 9.0.30729.143 RC1.zip.vir/serial.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Microsoft Silverlight Tools for Visual Studio 2008 SP1 9.0.30729.143 RC1.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\MiniMute 1.0.zip.vir/run.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\MiniMute 1.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Moyea PPT to DVD Burner Lite 1.2.3.30.zip.vir/setup.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Moyea PPT to DVD Burner Lite 1.2.3.30.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\mozillacons.zip.vir/key_generator.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\mozillacons.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\My3DEngine 1.0.18.zip.vir/install_patch.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\My3DEngine 1.0.18.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Navi's Web Downloader 1.0.zip.vir/crac.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Navi's Web Downloader 1.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\NOD32.for.Windows.NT20002003XP.32.64-bit.admin.rus.v2.51.26.zip.vir/run.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\NOD32.for.Windows.NT20002003XP.32.64-bit.admin.rus.v2.51.26.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Nod32_sufterraneo.tk.zip.vir/run.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Nod32_sufterraneo.tk.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\NoIndent 1.0.zip.vir/patch.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\NoIndent 1.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Outlook Express Backup Tiger 1.3.1.zip.vir/key_gen.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Outlook Express Backup Tiger 1.3.1.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Page O' Labels for File Folders 2.90.zip.vir/serial.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Page O' Labels for File Folders 2.90.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Panoramic Screensaver 1.1.zip.vir/install.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Panoramic Screensaver 1.1.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Photo Pos Pro 1.62.zip.vir/install.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Photo Pos Pro 1.62.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Photo Presenter 1.0.1.zip.vir/crac.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Photo Presenter 1.0.1.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Portable IMAPSize 0.3.6.zip.vir/run.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Portable IMAPSize 0.3.6.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Portable StreamFinder 1.2.0.0.zip.vir/install_patch.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Portable StreamFinder 1.2.0.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Portable WavRec 2.0.zip.vir/run.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Portable WavRec 2.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Precious Metals Quotes 1.0.zip.vir/patch.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Precious Metals Quotes 1.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Progressive Traffic Widget 1.05.zip.vir/install_patch.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Progressive Traffic Widget 1.05.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Protector Plus for NetWare 8.0.C89.zip.vir/setup.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Protector Plus for NetWare 8.0.C89.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\PubOOo 0.3.5.zip.vir/patch.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\PubOOo 0.3.5.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Radio JAPAN toolbar for IE 4.5.128.0.zip.vir/install.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Radio JAPAN toolbar for IE 4.5.128.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Recipe Finder 1.0.zip.vir/run.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Recipe Finder 1.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Registry Optimizer 2007 3.0.0.zip.vir/keygen.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Registry Optimizer 2007 3.0.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\RETROclock 1.2.zip.vir/key_gen.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\RETROclock 1.2.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Robosoft 3.1 Build 561.zip.vir/install_crack.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Robosoft 3.1 Build 561.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Rsyncrypto 1.04.zip.vir/key_gen.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Rsyncrypto 1.04.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\SecTok 1.00.00.zip.vir/crac.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\SecTok 1.00.00.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Secured Downloading of route mobile 7 crackeado n95 with New Secured eMule0.47c.zip.vir/crac.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Secured Downloading of route mobile 7 crackeado n95 with New Secured eMule0.47c.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Settings Sentry 1.1.zip.vir/crac.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Settings Sentry 1.1.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\SLInvest 1.3.zip.vir/key_generator.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\SLInvest 1.3.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Snacks Animated Cursors 1.0.zip.vir/keygen.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Snacks Animated Cursors 1.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Soccer Assistant 1.0.zip.vir/install_patch.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Soccer Assistant 1.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Softwebrity 2.0.zip.vir/key_gen.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Softwebrity 2.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Stop watch 1.0.zip.vir/install.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Stop watch 1.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\SWOT System 1.1.zip.vir/install_patch.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\SWOT System 1.1.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Sync For SQLServer 1.5.3191.31291.zip.vir/install_patch.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Sync For SQLServer 1.5.3191.31291.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Thunderled 0.2.3.9.zip.vir/install_patch.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Thunderled 0.2.3.9.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Ultra Passwords 1.01.zip.vir/install_crack.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Ultra Passwords 1.01.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Unit Converter 1.06.zip.vir/run.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Unit Converter 1.06.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\VPN-X Server 2.2.1.28.zip.vir/key_gen.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\VPN-X Server 2.2.1.28.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\What The Bible Says About 1.03.zip.vir/patch.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\What The Bible Says About 1.03.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Whizlabs Oracle 8i DBA Certification Exam (1Z0-023) Simulator 5.2.0.zip.vir/install.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Whizlabs Oracle 8i DBA Certification Exam (1Z0-023) Simulator 5.2.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Windows Tips 1.0.zip.vir/crac.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Windows Tips 1.0.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Wondershare Video to Walkman Converter 4.0.3.7.zip.vir/key_gen.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\Wondershare Video to Walkman Converter 4.0.3.7.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\World Clock 3.0.3.zip.vir/patch.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\Documents and Settings\Thomas\Application Data\m\shared\World Clock 3.0.3.zip.vir ZIP: infecté - 1 ignoré
    C:\Qoobox\Quarantine\C\Program Files\Windows Live\Messenger\msnmsgr.exe.vir Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\Qoobox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\Qoobox\Quarantine\C\WINDOWS\system32\wintems.exe.vir Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP28\A0011524.exe/data0001 Suspect : Worm.Win32.AutoTDSS.hn ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP28\A0011524.exe NSIS: suspect - 1 ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP39\A0015185.sys Infecté : Trojan-Downloader.Win32.Bagle.amj ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP39\A0015186.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP39\A0015203.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP39\A0015204.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP39\A0015213.sys Infecté : Trojan-Downloader.Win32.Bagle.amj ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP42\A0015466.sys Infecté : Trojan-Downloader.Win32.Bagle.amj ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP42\A0015474.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP42\A0015478.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP42\A0015479.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP42\A0015496.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP42\A0015562.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP42\A0015563.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP42\A0015583.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP42\A0015586.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP42\A0015595.sys Infecté : Trojan-Downloader.Win32.Bagle.amj ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP42\A0015597.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP42\A0015600.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP42\A0015602.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP42\A0015613.sys Infecté : Trojan-Downloader.Win32.Bagle.amj ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP42\A0015614.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP42\A0015617.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP42\A0015618.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP42\A0015645.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP42\A0015649.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP42\A0015652.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP42\A0015653.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP42\A0016613.sys Infecté : Trojan-Downloader.Win32.Bagle.amj ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP42\A0017615.sys Infecté : Trojan-Downloader.Win32.Bagle.amj ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP42\A0018613.sys Infecté : Trojan-Downloader.Win32.Bagle.amj ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP42\A0018614.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP42\A0018617.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP42\A0018618.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP43\A0018743.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP43\A0018744.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP43\A0018755.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP43\A0018772.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP43\A0018784.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP43\A0018785.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP43\A0018787.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP43\A0018821.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP43\A0018844.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP43\A0018845.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP43\A0018846.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP43\A0018867.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP43\A0018916.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP43\A0018939.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP43\A0018940.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP43\A0018944.exe Infecté : Trojan-Downloader.Win32.Bagle.amp ignoré
    C:\System Volume Information\_restore{6F0C4E7D-50F6-4F4C-BA04-A430AFC0FB29}\RP43\change.log L'objet est verrouillé ignoré
    C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
    C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\Temp\Perflib_Perfdata_64c.dat L'objet est verrouillé ignoré
    C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
    C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
    C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

    Analyse terminée.
    m
    0
    l
    a c 267 8 Sécurité
    23 Janvier 2009 22:52:09

    A faire en mode sans échec :

  • Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
  • Double-clique sur OTMoveIt3.exe afin de le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :files
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\Thomas\Mes documents\LimeWire\Incomplete\Preview-T-3877633-i am dj - greatest hits.mp3
    C:\Documents and Settings\Thomas\Mes documents\LimeWire\Incomplete\T-3877633-i am dj - greatest hits.mp3

    :commands
    [purity]
    [emptytemp]
    [reboot]


  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    m
    0
    l
    24 Janvier 2009 09:54:55

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
    C:\Documents and Settings\Thomas\Mes documents\LimeWire\Incomplete\Preview-T-3877633-i am dj - greatest hits.mp3 moved successfully.
    C:\Documents and Settings\Thomas\Mes documents\LimeWire\Incomplete\T-3877633-i am dj - greatest hits.mp3 moved successfully.
    ========== COMMANDS ==========
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_64c.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Java cache emptied.
    FireFox cache emptied.
    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01242009_094915

    Files moved on Reboot...
    File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
    C:\WINDOWS\temp\Perflib_Perfdata_64c.dat moved successfully.
    m
    0
    l
    a c 267 8 Sécurité
    24 Janvier 2009 13:49:59

    Je pense que tu ne l'as pas fait en mode sans échec.

    Pour redémarrer en mode sans échec :
  • Redémarre ton PC.
  • Au démarrage, tapote sur F8 (F5 sur certains PC) juste après l'affichage du BIOS et juste avant le chargement de Windows.
  • Dans le menu d'options avancées, choisis Mode sans échec.
  • Choisis ta session.
    m
    0
    l
    24 Janvier 2009 13:57:49

    Rapport :

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat moved successfully.
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat moved successfully.
    File/Folder C:\Documents and Settings\Thomas\Mes documents\LimeWire\Incomplete\Preview-T-3877633-i am dj - greatest hits.mp3 not found.
    File/Folder C:\Documents and Settings\Thomas\Mes documents\LimeWire\Incomplete\T-3877633-i am dj - greatest hits.mp3 not found.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\Thomas\LOCALS~1\Temp\etilqs_wc0MNznffAH7ThyuEc34 scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    Local Service Temporary Internet Files folder emptied.
    Windows Temp folder emptied.
    Java cache emptied.
    File delete failed. C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\4akfvo5p.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\4akfvo5p.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\4akfvo5p.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\4akfvo5p.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\4akfvo5p.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\4akfvo5p.default\XUL.mfl scheduled to be deleted on reboot.
    FireFox cache emptied.
    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01242009_135454

    Files moved on Reboot...
    File C:\DOCUME~1\Thomas\LOCALS~1\Temp\etilqs_wc0MNznffAH7ThyuEc34 not found!
    C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\4akfvo5p.default\Cache\_CACHE_001_ moved successfully.
    C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\4akfvo5p.default\Cache\_CACHE_002_ moved successfully.
    C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\4akfvo5p.default\Cache\_CACHE_003_ moved successfully.
    C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\4akfvo5p.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\4akfvo5p.default\urlclassifier3.sqlite moved successfully.
    C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\4akfvo5p.default\XUL.mfl moved successfully.
    m
    0
    l
    a c 267 8 Sécurité
    24 Janvier 2009 14:10:04

    C'est mieux. Ton PC se comporte comment ?

  • Télécharge HijackThis v2.0.2 sur ton Bureau.
  • Double-clique sur HJTInstall afin de lancer l'installation.
  • Clique sur Install ensuite sur I Accept.
  • Clique sur Do a system scan and save a logfile.
  • Le Bloc-notes s'ouvrira, fais un copier/coller de tout son contenu ici dans ton prochain message.
    m
    0
    l
    24 Janvier 2009 14:12:25

    Il est un peut plus rapide
    Rapport :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:11:53, on 24/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Hercules\WiFi Station\WifiStation.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {20001E7A-823D-4E19-ADE2-D6AB53C7C81E} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - (no file)
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: WiFi Station.lnk = ?
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 5951 bytes
    m
    0
    l
    a c 267 8 Sécurité
    24 Janvier 2009 14:17:29

    1/

  • Démarre Spybot, clique sur Mode, coche Mode avancé.
  • A gauche, clique sur Outils, puis sur Résident.
  • Décoche la case devant Résident "TeaTimer" :

  • Quitte Spybot.


    2/

  • Relance HijackThis et choisis Do a system scan only.
  • Coche les cases qui sont devant les lignes suivantes :

    R3 - URLSearchHook: (no name) - {20001E7A-823D-4E19-ADE2-D6AB53C7C81E} - (no file)

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    O2 - BHO: (no name) - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - (no file)

  • Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.
  • Redémarre ton PC et poste un nouveau rapport HijackThis.
    m
    0
    l
    24 Janvier 2009 14:37:37

    Rapport :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:35:56, on 24/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hercules\WiFi Station\WifiStation.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: WiFi Station.lnk = ?
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 6047 bytes
    m
    0
    l
    24 Janvier 2009 15:17:10

    Voila j'ai installer IE7 et Désinstalle HijackThis .
    m
    0
    l
    a c 267 8 Sécurité
    24 Janvier 2009 15:22:01

    1/

  • Menu Démarrer > Exécuter > Tape combofix /u et valide.

  • Télécharge ToolsCleaner2 sur ton Bureau.
  • Double-clique sur ToolsCleaner2.exe pour le lancer.
  • Clique sur Recherche et laisse le scan agir.
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options Facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


    2/

  • Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar).
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
  • Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).


    3/

  • Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.

  • Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème.


    4/

    Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

    Comme navigateur, utilise plutôt Mozilla Firefox qu'Internet Explorer. Tu peux utiliser l'extension NoScript pour plus de sécurité.

    Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, Onglet Mises à jour automatiques).

    Tu peux aussi modifier le fichier Hosts pour améliorer la sécurité de ton PC :
    http://www.commentcamarche.net/faq/sujet-5993-modifier-...
    http://www.sosordi.net/Article/Article.117-6.html

    Par rapport au P2P :
    http://www.libellules.ch/phpBB2/les-risques-securitaire...

    Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) :
    http://www.malekal.com/fichiers/projetantimalwares/prev...


    Sois plus vigilant sur Internet ;) 
    m
    0
    l
    24 Janvier 2009 15:31:49

    Rapport :

    [ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]

    -->- Recherche:

    C:\Combofix.txt: trouvé !
    C:\fixnavi.txt: trouvé !
    C:\cleannavi.txt: trouvé !
    C:\lopR.txt: trouvé !
    C:\FindyKill.txt: trouvé !
    C:\Lop SD: trouvé !
    C:\Program Files\Navilog1: trouvé !
    C:\Program Files\FindyKill: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Combofix.txt: supprimé !
    C:\fixnavi.txt: supprimé !
    C:\cleannavi.txt: supprimé !
    C:\lopR.txt: supprimé !
    C:\FindyKill.txt: supprimé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
    C:\Lop SD: supprimé !
    C:\Program Files\Navilog1: supprimé !
    C:\Program Files\FindyKill: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !
    m
    0
    l
    a c 267 8 Sécurité
    24 Janvier 2009 15:41:38

    Ok, tu peux supprimer ToolsCleaner et passer à la suite.
    m
    0
    l
    a c 267 8 Sécurité
    24 Janvier 2009 15:51:11

    Si c'est OK :

    ---> Ajoute maintenant [Résolu] au titre. Pour cela :
  • Clique, dans ton premier message, sur le bouton Editer .
  • Rajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.
    m
    0
    l
    24 Janvier 2009 15:56:04

    Ok nickel et merci pour tous !
    m
    0
    l
    a c 267 8 Sécurité
    24 Janvier 2009 15:58:48

    N'hésite pas à revenir si tu as un soucis, bonne journée ;) 
    m
    0
    l
    9 Février 2009 22:00:56

    oh lala! Ich verstehe leider kein Franzöisch. Ich verstehe nur soviel dass ich einen Virus habe? :) 
    m
    0
    l
    10 Février 2009 19:56:00

    Betrüben meine ich spreche nicht Deutsch also dir wird es dauert ich denke :( 

    Abgesehen davon, ob es einen Deutschen in die Ecke! :) 
    m
    0
    l
    a c 267 8 Sécurité
    10 Février 2009 19:59:13

    Je ne comprends pas l'allemand :( 
    m
    0
    l
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS