Virus Bagle

Bonjour Dou-I

Le crack a été supprimé
Cependant, je n'ai pas réussi à démarrer en mode sans échec => page d'erreur MS bleue
ni en mode débogage => erreur "invalid Kernel handle"

Donc démarrage normal, avec un scan avec elibagle

voici le rapport ci-dessous : il détecte toujours un fichier googletoolbarnotifier.exe infecté par bagle.dldr
visiblement d'apres le rapport, il y a des fichiers infectés qu'il ne peut supprimer

De plus une fenetre "Select file to crack" s'ouvre automatiquement au démarrage de windows XP

Nouvel essais de lancer Hijackthis => erreur " Hijackthis.exe n'est pas une application WIN32 valide"
Toujours impossible d'utiliser IE

Voici le rapport elibagle :


Sat Apr 19 21:54:44 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Sat Apr 19 21:55:47 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Sat Apr 19 22:17:01 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Sun Apr 20 10:16:35 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Sun Apr 20 10:17:31 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 3008
Nº Total de Ficheros: 24394
Nº de Ficheros Analizados: 6897
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Apr 20 10:19:29 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\

Nº Total de Directorios: 457
Nº Total de Ficheros: 3042
Nº de Ficheros Analizados: 9
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Apr 20 10:19:38 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad E:\
E:\Téléchargements\Logiciels\Emule\KASPERSKY.ANTI-VIRUS.V6.0.0.303.FR.INCL-KEY.ZIP --> Eliminado Bagle.dldr

Nº Total de Directorios: 1007
Nº Total de Ficheros: 24876
Nº de Ficheros Analizados: 2204
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Sun Apr 20 10:20:52 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad E:\

Nº Total de Directorios: 1007
Nº Total de Ficheros: 24875
Nº de Ficheros Analizados: 2203
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Apr 20 10:21:08 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\

Nº Total de Directorios: 457
Nº Total de Ficheros: 3042
Nº de Ficheros Analizados: 9
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Apr 20 10:21:12 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 3008
Nº Total de Ficheros: 24394
Nº de Ficheros Analizados: 6897
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Apr 20 10:26:22 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Sun Apr 20 10:31:09 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Sun Apr 20 10:36:22 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Sun Apr 20 10:36:57 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Program Files\Google\GoogleToolbarNotifier\GOOGLETOOLBARNOTIFIER.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 3007
Nº Total de Ficheros: 23437
Nº de Ficheros Analizados: 6896
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Sun Apr 20 10:38:58 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\

Nº Total de Directorios: 458
Nº Total de Ficheros: 3030
Nº de Ficheros Analizados: 9
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Apr 20 10:39:05 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad E:\

Nº Total de Directorios: 1007
Nº Total de Ficheros: 24860
Nº de Ficheros Analizados: 2203
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Apr 20 10:43:19 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Sun Apr 20 10:43:53 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Program Files\Google\GoogleToolbarNotifier\GOOGLETOOLBARNOTIFIER.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 3007
Nº Total de Ficheros: 23434
Nº de Ficheros Analizados: 6889
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Sun Apr 20 10:45:55 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\

Nº Total de Directorios: 458
Nº Total de Ficheros: 3030
Nº de Ficheros Analizados: 9
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Apr 20 10:46:00 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad E:\

Nº Total de Directorios: 989
Nº Total de Ficheros: 24699
Nº de Ficheros Analizados: 2120
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Apr 20 10:50:51 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Sun Apr 20 10:51:24 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Program Files\Google\GoogleToolbarNotifier\GOOGLETOOLBARNOTIFIER.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 3007
Nº Total de Ficheros: 23434
Nº de Ficheros Analizados: 6889
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Sun Apr 20 10:53:20 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad E:\

Nº Total de Directorios: 815
Nº Total de Ficheros: 21817
Nº de Ficheros Analizados: 1214
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario.

Sun Apr 20 11:45:23 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Sun Apr 20 11:45:58 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Program Files\Google\GoogleToolbarNotifier\GOOGLETOOLBARNOTIFIER.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 3017
Nº Total de Ficheros: 23616
Nº de Ficheros Analizados: 6924
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Sun Apr 20 11:48:06 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\

Nº Total de Directorios: 458
Nº Total de Ficheros: 3030
Nº de Ficheros Analizados: 9
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Apr 20 11:48:13 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad E:\

Nº Total de Directorios: 989
Nº Total de Ficheros: 24696
Nº de Ficheros Analizados: 2118
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0




Merci pour ton aide

Salut
Ca y est voici le rapport Combofix

Pour info, Internet Explorer, fonctionne mais très lentement

J'ai également vu sur ce forum que d'autres sont victimes de ce virus, qui semble très difficile à éradiquer


ComboFix 08-04-18.3 - Administrateur 2008-04-20 13:07:22.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.509 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur.TITANIUM\Bureau\Combo-Fix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install\install.exe
C:\WINDOWS\system32\{036F7403-2873-40DA-A774-D8D6971CE037}.exe
C:\WINDOWS\system32\{29A63939-723F-4CE7-B015-37A89170BF66}.exe
C:\WINDOWS\system32\{F5287A29-BA64-40F8-9A79-7888127AA948}.exe
C:\WINDOWS\system32\{FD2B0D0D-E43F-423B-AC0A-ABC6DE485A6E}.exe
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\1777656.exe
C:\WINDOWS\system32\drivers\downld\1780900.exe
C:\WINDOWS\system32\drivers\downld\1859754.exe
C:\WINDOWS\system32\drivers\downld\1865252.exe
C:\WINDOWS\system32\drivers\downld\1945417.exe
C:\WINDOWS\system32\drivers\downld\1949953.exe
C:\WINDOWS\system32\drivers\downld\1966157.exe
C:\WINDOWS\system32\drivers\downld\2098317.exe
C:\WINDOWS\system32\drivers\downld\2118996.exe
C:\WINDOWS\system32\drivers\downld\2666844.exe
C:\WINDOWS\system32\drivers\downld\2692381.exe
C:\WINDOWS\system32\drivers\downld\2944103.exe
C:\WINDOWS\system32\drivers\downld\2952325.exe
C:\WINDOWS\system32\drivers\downld\339718.exe
C:\WINDOWS\system32\drivers\downld\350874.exe
C:\WINDOWS\system32\drivers\downld\352476.exe
C:\WINDOWS\system32\drivers\downld\381037.exe
C:\WINDOWS\system32\drivers\downld\406224.exe
C:\WINDOWS\system32\drivers\downld\429798.exe
C:\WINDOWS\system32\drivers\downld\430018.exe
C:\WINDOWS\system32\drivers\downld\4462837.exe
C:\WINDOWS\system32\drivers\downld\4471319.exe
C:\WINDOWS\system32\drivers\downld\448114.exe
C:\WINDOWS\system32\drivers\downld\4554208.exe
C:\WINDOWS\system32\drivers\downld\4557873.exe
C:\WINDOWS\system32\drivers\downld\4562109.exe
C:\WINDOWS\system32\drivers\downld\4572264.exe
C:\WINDOWS\system32\drivers\downld\4591762.exe
C:\WINDOWS\system32\drivers\downld\4641263.exe
C:\WINDOWS\system32\drivers\downld\4651698.exe
C:\WINDOWS\system32\drivers\downld\4681141.exe
C:\WINDOWS\system32\drivers\downld\480380.exe
C:\WINDOWS\system32\drivers\downld\500770.exe
C:\WINDOWS\system32\drivers\downld\508971.exe
C:\WINDOWS\system32\drivers\downld\509472.exe
C:\WINDOWS\system32\drivers\downld\518275.exe
C:\WINDOWS\system32\drivers\downld\528379.exe
C:\WINDOWS\system32\drivers\downld\542319.exe
C:\WINDOWS\system32\drivers\downld\542590.exe
C:\WINDOWS\system32\drivers\downld\561737.exe
C:\WINDOWS\system32\drivers\downld\5646669.exe
C:\WINDOWS\system32\drivers\downld\5656663.exe
C:\WINDOWS\system32\drivers\downld\5685996.exe
C:\WINDOWS\system32\drivers\downld\5703641.exe
C:\WINDOWS\system32\drivers\downld\5723950.exe
C:\WINDOWS\system32\drivers\downld\5772220.exe
C:\WINDOWS\system32\drivers\downld\5791397.exe
C:\WINDOWS\system32\drivers\downld\5801762.exe
C:\WINDOWS\system32\drivers\downld\5835561.exe
C:\WINDOWS\system32\drivers\downld\598791.exe
C:\WINDOWS\system32\drivers\downld\644877.exe
C:\WINDOWS\system32\drivers\downld\668651.exe
C:\WINDOWS\system32\drivers\downld\677794.exe
C:\WINDOWS\system32\drivers\downld\708368.exe
C:\WINDOWS\system32\drivers\downld\722308.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\kernel32.exe
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))))))))
.

2008-04-20 12:42 . 2008-04-20 12:42 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-19 22:24 . 2008-04-19 21:33 34,688,749 --a------ C:\WINDOWS\LPT$VPN.227
2008-04-19 22:23 . 2008-04-19 22:24 <REP> d-------- C:\WINDOWS\AU_Temp
2008-04-19 21:34 . 2008-04-19 21:34 <REP> d-------- C:\WINDOWS\report
2008-04-19 21:33 . 2008-04-19 22:22 <REP> d-------- C:\WINDOWS\AU_Backup
2008-04-19 21:33 . 2008-04-19 21:33 34,688,749 --a------ C:\WINDOWS\VPTNFILE.227
2008-04-19 21:33 . 2008-04-19 21:33 1,949,879 --a------ C:\WINDOWS\tsc.ptn
2008-04-19 21:33 . 2008-04-19 22:24 1,213,784 --a------ C:\WINDOWS\vsapi32.dll
2008-04-19 21:33 . 2008-04-19 21:33 333,576 --a------ C:\WINDOWS\TSC.exe
2008-04-19 21:33 . 2008-04-19 22:24 91,744 --a------ C:\WINDOWS\BPMNT.dll
2008-04-19 21:33 . 2008-04-19 21:33 71,749 --a------ C:\WINDOWS\hcextoutput.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 09:49 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-04-19 19:26 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-04-19 19:26 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-04-19 19:26 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-04-19 16:52 72,512 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-19 16:52 686,880 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-19 16:52 250,256 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-19 16:52 17,903,904 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-12 13:10 27,262,976 ----a-w C:\VIRTPART.DAT
2008-04-12 10:02 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-03-05 10:35 --------- d-----w C:\Documents and Settings\Administrateur.TITANIUM\Application Data\Thunderbird
2008-03-01 16:08 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-28 07:33 --------- d-----w C:\Program Files\components
2006-07-16 14:28 13,824 ------w C:\Program Files\micosoft.xls
2006-07-13 20:30 7,799 ------w C:\Program Files\regxpcom.exe
2006-07-13 20:30 6,426 ------w C:\Program Files\LICENSE.txt
2006-07-13 20:30 3,071 ------w C:\Program Files\install_wizard.log
2006-07-13 20:30 229 ------w C:\Program Files\README.txt
2006-07-13 20:30 162 ------w C:\Program Files\updater.ini
2006-07-13 20:30 1,876 ------w C:\Program Files\install_status.log
2006-07-13 20:30 0 ------w C:\Program Files\.autoreg
1995-09-20 13:16 456,976 ------w C:\Program Files\Fichiers communs\dao3032.dll
2006-09-17 16:21 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
2006-10-15 20:26 56 --sha-w C:\WINDOWS\system32\617F835F63.sys
2006-10-15 20:26 10,022 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2004-08-23 00:35 1036288 998f3f568f6074a35ab08cd3395a9dc2 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="E:\Utilitaires\Antivirus - Firewall\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-07-26 19:14 1867776]
"RoboForm"="E:\Utilitaires\Divers\AirRoboForm\RoboTaskBarIcon.exe" [2006-11-19 15:01 160832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 22:05 32881]
"SMSERIAL"="sm56hlpr.exe" [2000-11-22 05:40 462848 C:\WINDOWS\sm56hlpr.exe]
"GhostStartTrayApp"="C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-19 11:58 94208]
"CloneCDElbyCDFL"="E:\Utilitaires\Utilitaires Copie\CloneCD\ElbyCheck.exe" [2002-11-02 08:33 45056]
"eCarteBleue-LP-P1"="E:\Utilitaires\Utilitaires Internet\e-carte Bleue\ECB.exe" [2005-12-13 15:37 200704]
"OpwareSE2"="E:\Utilitaires\Utilitaires Gestion Matériel\Imprimante\Omnipage\OpwareSE2.exe" [ ]
"DownloadAccelerator"="E:\Utilitaires\Utilitaires Internet\DAP\DAP.exe" [2007-04-07 21:20 4376328]
"nwiz"="nwiz.exe" [2006-08-11 21:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43 7630848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"E:\\Utilitaires\\Utilitaires Internet\\Torrent\\utorrent.exe"=

R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys [2004-10-23 09:01]
R0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [2002-11-28 12:43]
R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 15:11]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2006-05-09 16:08]
R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys [2004-10-23 09:01]
R2 PDSched;PDScheduler;"E:\Utilitaires\Utilitaires Gestion Matériel\Perfect Disk v7\Perfect disk\PDSched.exe" []
S4 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2006-05-09 16:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66999471-0e30-11dd-8a84-0040f4c143e6}]
\Shell\AutoRun\command - I:\nideiect.com
\Shell\explore\Command - I:\nideiect.com
\Shell\open\Command - I:\nideiect.com

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 13:14:17
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
E:\Utilitaires\Antivirus - Firewall\Kerio\KPF\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
E:\Utilitaires\Antivirus - Firewall\Kerio\KPF\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
E:\Utilitaires\Antivirus - Firewall\Kerio\KPF\Personal Firewall\kpf4gui.exe
E:\Téléchargements\Logiciels\ELIBAGLA.BG%D8DB%D8%D8H.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-20 13:16:10 - machine was rebooted [Administrateur]
ComboFix-quarantined-files.txt 2008-04-20 11:16:04

Pre-Run: 3,092,738,048 octets libres
Post-Run: 3,030,937,600 octets libres

196



Merci pour ton aide

Salut Dou-I
Désolé , mais j'ai du m'absenter pendant 3 jours (ce qui explique mon silence)

J'espere que tu es tjrs dispo pour m'aider
Car même s'il semble que les fichiers infectés ont disparus, les memes symptomes persistent (impossible de lancer antivirus , firewall, ghosyt, spyboot)
J'ai meme essayé d'installer Antivir sans succés
Voici des rapports , qui j'espère te permettront de diagnostiquer le niveau d'infection de mon ordi

1) rapport Safe Boot Key repair :

Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NBF]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\nbf.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\nm]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\nm.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ProtectedStorage]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

========================

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\PSEXESVC


2) rapport Elibagla :


Sat Apr 19 21:54:44 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Sat Apr 19 21:55:47 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Sat Apr 19 22:17:01 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Sun Apr 20 10:16:35 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Sun Apr 20 10:17:31 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 3008
Nº Total de Ficheros: 24394
Nº de Ficheros Analizados: 6897
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Apr 20 10:19:29 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\

Nº Total de Directorios: 457
Nº Total de Ficheros: 3042
Nº de Ficheros Analizados: 9
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Apr 20 10:19:38 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad E:\
E:\Téléchargements\Logiciels\Emule\KASPERSKY.ANTI-VIRUS.V6.0.0.303.FR.INCL-KEY.ZIP --> Eliminado Bagle.dldr

Nº Total de Directorios: 1007
Nº Total de Ficheros: 24876
Nº de Ficheros Analizados: 2204
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Sun Apr 20 10:20:52 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad E:\

Nº Total de Directorios: 1007
Nº Total de Ficheros: 24875
Nº de Ficheros Analizados: 2203
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Apr 20 10:21:08 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\

Nº Total de Directorios: 457
Nº Total de Ficheros: 3042
Nº de Ficheros Analizados: 9
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Apr 20 10:21:12 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 3008
Nº Total de Ficheros: 24394
Nº de Ficheros Analizados: 6897
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Apr 20 10:26:22 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Sun Apr 20 10:31:09 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Sun Apr 20 10:36:22 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Sun Apr 20 10:36:57 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Program Files\Google\GoogleToolbarNotifier\GOOGLETOOLBARNOTIFIER.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 3007
Nº Total de Ficheros: 23437
Nº de Ficheros Analizados: 6896
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Sun Apr 20 10:38:58 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\

Nº Total de Directorios: 458
Nº Total de Ficheros: 3030
Nº de Ficheros Analizados: 9
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Apr 20 10:39:05 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad E:\

Nº Total de Directorios: 1007
Nº Total de Ficheros: 24860
Nº de Ficheros Analizados: 2203
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Apr 20 10:43:19 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Sun Apr 20 10:43:53 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Program Files\Google\GoogleToolbarNotifier\GOOGLETOOLBARNOTIFIER.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 3007
Nº Total de Ficheros: 23434
Nº de Ficheros Analizados: 6889
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Sun Apr 20 10:45:55 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\

Nº Total de Directorios: 458
Nº Total de Ficheros: 3030
Nº de Ficheros Analizados: 9
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Apr 20 10:46:00 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad E:\

Nº Total de Directorios: 989
Nº Total de Ficheros: 24699
Nº de Ficheros Analizados: 2120
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Apr 20 10:50:51 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Sun Apr 20 10:51:24 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Program Files\Google\GoogleToolbarNotifier\GOOGLETOOLBARNOTIFIER.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 3007
Nº Total de Ficheros: 23434
Nº de Ficheros Analizados: 6889
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Sun Apr 20 10:53:20 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad E:\

Nº Total de Directorios: 815
Nº Total de Ficheros: 21817
Nº de Ficheros Analizados: 1214
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario.

Sun Apr 20 11:45:23 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Sun Apr 20 11:45:58 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Program Files\Google\GoogleToolbarNotifier\GOOGLETOOLBARNOTIFIER.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 3017
Nº Total de Ficheros: 23616
Nº de Ficheros Analizados: 6924
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Sun Apr 20 11:48:06 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\

Nº Total de Directorios: 458
Nº Total de Ficheros: 3030
Nº de Ficheros Analizados: 9
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Apr 20 11:48:13 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad E:\

Nº Total de Directorios: 989
Nº Total de Ficheros: 24696
Nº de Ficheros Analizados: 2118
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Apr 20 13:03:05 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Sun Apr 20 13:03:30 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Program Files\Google\GoogleToolbarNotifier\GOOGLETOOLBARNOTIFIER.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 3024
Nº Total de Ficheros: 23901
Nº de Ficheros Analizados: 6952
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Sun Apr 20 13:05:35 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Sun Apr 20 13:06:00 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad E:\

Nº Total de Directorios: 989
Nº Total de Ficheros: 24697
Nº de Ficheros Analizados: 2118
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Apr 20 13:14:12 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sun Apr 20 14:45:01 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sun Apr 20 14:45:55 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\4557873.EXE.VIR --> Eliminado Bagle

Nº Total de Directorios: 3024
Nº Total de Ficheros: 23832
Nº de Ficheros Analizados: 6963
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Wed Apr 23 14:47:37 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Wed Apr 23 14:47:39 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 3025
Nº Total de Ficheros: 23974
Nº de Ficheros Analizados: 6961
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Wed Apr 23 14:51:01 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad E:\

Nº Total de Directorios: 989
Nº Total de Ficheros: 24692
Nº de Ficheros Analizados: 2116
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0


3) rapport Combo Fix :

ComboFix 08-04-18.3 - Administrateur 2008-04-20 13:07:22.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.509 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur.TITANIUM\Bureau\Combo-Fix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install\install.exe
C:\WINDOWS\system32\{036F7403-2873-40DA-A774-D8D6971CE037}.exe
C:\WINDOWS\system32\{29A63939-723F-4CE7-B015-37A89170BF66}.exe
C:\WINDOWS\system32\{F5287A29-BA64-40F8-9A79-7888127AA948}.exe
C:\WINDOWS\system32\{FD2B0D0D-E43F-423B-AC0A-ABC6DE485A6E}.exe
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\1777656.exe
C:\WINDOWS\system32\drivers\downld\1780900.exe
C:\WINDOWS\system32\drivers\downld\1859754.exe
C:\WINDOWS\system32\drivers\downld\1865252.exe
C:\WINDOWS\system32\drivers\downld\1945417.exe
C:\WINDOWS\system32\drivers\downld\1949953.exe
C:\WINDOWS\system32\drivers\downld\1966157.exe
C:\WINDOWS\system32\drivers\downld\2098317.exe
C:\WINDOWS\system32\drivers\downld\2118996.exe
C:\WINDOWS\system32\drivers\downld\2666844.exe
C:\WINDOWS\system32\drivers\downld\2692381.exe
C:\WINDOWS\system32\drivers\downld\2944103.exe
C:\WINDOWS\system32\drivers\downld\2952325.exe
C:\WINDOWS\system32\drivers\downld\339718.exe
C:\WINDOWS\system32\drivers\downld\350874.exe
C:\WINDOWS\system32\drivers\downld\352476.exe
C:\WINDOWS\system32\drivers\downld\381037.exe
C:\WINDOWS\system32\drivers\downld\406224.exe
C:\WINDOWS\system32\drivers\downld\429798.exe
C:\WINDOWS\system32\drivers\downld\430018.exe
C:\WINDOWS\system32\drivers\downld\4462837.exe
C:\WINDOWS\system32\drivers\downld\4471319.exe
C:\WINDOWS\system32\drivers\downld\448114.exe
C:\WINDOWS\system32\drivers\downld\4554208.exe
C:\WINDOWS\system32\drivers\downld\4557873.exe
C:\WINDOWS\system32\drivers\downld\4562109.exe
C:\WINDOWS\system32\drivers\downld\4572264.exe
C:\WINDOWS\system32\drivers\downld\4591762.exe
C:\WINDOWS\system32\drivers\downld\4641263.exe
C:\WINDOWS\system32\drivers\downld\4651698.exe
C:\WINDOWS\system32\drivers\downld\4681141.exe
C:\WINDOWS\system32\drivers\downld\480380.exe
C:\WINDOWS\system32\drivers\downld\500770.exe
C:\WINDOWS\system32\drivers\downld\508971.exe
C:\WINDOWS\system32\drivers\downld\509472.exe
C:\WINDOWS\system32\drivers\downld\518275.exe
C:\WINDOWS\system32\drivers\downld\528379.exe
C:\WINDOWS\system32\drivers\downld\542319.exe
C:\WINDOWS\system32\drivers\downld\542590.exe
C:\WINDOWS\system32\drivers\downld\561737.exe
C:\WINDOWS\system32\drivers\downld\5646669.exe
C:\WINDOWS\system32\drivers\downld\5656663.exe
C:\WINDOWS\system32\drivers\downld\5685996.exe
C:\WINDOWS\system32\drivers\downld\5703641.exe
C:\WINDOWS\system32\drivers\downld\5723950.exe
C:\WINDOWS\system32\drivers\downld\5772220.exe
C:\WINDOWS\system32\drivers\downld\5791397.exe
C:\WINDOWS\system32\drivers\downld\5801762.exe
C:\WINDOWS\system32\drivers\downld\5835561.exe
C:\WINDOWS\system32\drivers\downld\598791.exe
C:\WINDOWS\system32\drivers\downld\644877.exe
C:\WINDOWS\system32\drivers\downld\668651.exe
C:\WINDOWS\system32\drivers\downld\677794.exe
C:\WINDOWS\system32\drivers\downld\708368.exe
C:\WINDOWS\system32\drivers\downld\722308.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\kernel32.exe
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))))))))
.

2008-04-20 12:42 . 2008-04-20 12:42 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-19 22:24 . 2008-04-19 21:33 34,688,749 --a------ C:\WINDOWS\LPT$VPN.227
2008-04-19 22:23 . 2008-04-19 22:24 <REP> d-------- C:\WINDOWS\AU_Temp
2008-04-19 21:34 . 2008-04-19 21:34 <REP> d-------- C:\WINDOWS\report
2008-04-19 21:33 . 2008-04-19 22:22 <REP> d-------- C:\WINDOWS\AU_Backup
2008-04-19 21:33 . 2008-04-19 21:33 34,688,749 --a------ C:\WINDOWS\VPTNFILE.227
2008-04-19 21:33 . 2008-04-19 21:33 1,949,879 --a------ C:\WINDOWS\tsc.ptn
2008-04-19 21:33 . 2008-04-19 22:24 1,213,784 --a------ C:\WINDOWS\vsapi32.dll
2008-04-19 21:33 . 2008-04-19 21:33 333,576 --a------ C:\WINDOWS\TSC.exe
2008-04-19 21:33 . 2008-04-19 22:24 91,744 --a------ C:\WINDOWS\BPMNT.dll
2008-04-19 21:33 . 2008-04-19 21:33 71,749 --a------ C:\WINDOWS\hcextoutput.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 09:49 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-04-19 19:26 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-04-19 19:26 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-04-19 19:26 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-04-19 16:52 72,512 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-19 16:52 686,880 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-19 16:52 250,256 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-19 16:52 17,903,904 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-12 13:10 27,262,976 ----a-w C:\VIRTPART.DAT
2008-04-12 10:02 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-03-05 10:35 --------- d-----w C:\Documents and Settings\Administrateur.TITANIUM\Application Data\Thunderbird
2008-03-01 16:08 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-28 07:33 --------- d-----w C:\Program Files\components
2006-07-16 14:28 13,824 ------w C:\Program Files\micosoft.xls
2006-07-13 20:30 7,799 ------w C:\Program Files\regxpcom.exe
2006-07-13 20:30 6,426 ------w C:\Program Files\LICENSE.txt
2006-07-13 20:30 3,071 ------w C:\Program Files\install_wizard.log
2006-07-13 20:30 229 ------w C:\Program Files\README.txt
2006-07-13 20:30 162 ------w C:\Program Files\updater.ini
2006-07-13 20:30 1,876 ------w C:\Program Files\install_status.log
2006-07-13 20:30 0 ------w C:\Program Files\.autoreg
1995-09-20 13:16 456,976 ------w C:\Program Files\Fichiers communs\dao3032.dll
2006-09-17 16:21 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
2006-10-15 20:26 56 --sha-w C:\WINDOWS\system32\617F835F63.sys
2006-10-15 20:26 10,022 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2004-08-23 00:35 1036288 998f3f568f6074a35ab08cd3395a9dc2 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="E:\Utilitaires\Antivirus - Firewall\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-07-26 19:14 1867776]
"RoboForm"="E:\Utilitaires\Divers\AirRoboForm\RoboTaskBarIcon.exe" [2006-11-19 15:01 160832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 22:05 32881]
"SMSERIAL"="sm56hlpr.exe" [2000-11-22 05:40 462848 C:\WINDOWS\sm56hlpr.exe]
"GhostStartTrayApp"="C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-19 11:58 94208]
"CloneCDElbyCDFL"="E:\Utilitaires\Utilitaires Copie\CloneCD\ElbyCheck.exe" [2002-11-02 08:33 45056]
"eCarteBleue-LP-P1"="E:\Utilitaires\Utilitaires Internet\e-carte Bleue\ECB.exe" [2005-12-13 15:37 200704]
"OpwareSE2"="E:\Utilitaires\Utilitaires Gestion Matériel\Imprimante\Omnipage\OpwareSE2.exe" [ ]
"DownloadAccelerator"="E:\Utilitaires\Utilitaires Internet\DAP\DAP.exe" [2007-04-07 21:20 4376328]
"nwiz"="nwiz.exe" [2006-08-11 21:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43 7630848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"E:\\Utilitaires\\Utilitaires Internet\\Torrent\\utorrent.exe"=

R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys [2004-10-23 09:01]
R0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [2002-11-28 12:43]
R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 15:11]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2006-05-09 16:08]
R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys [2004-10-23 09:01]
R2 PDSched;PDScheduler;"E:\Utilitaires\Utilitaires Gestion Matériel\Perfect Disk v7\Perfect disk\PDSched.exe" []
S4 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2006-05-09 16:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66999471-0e30-11dd-8a84-0040f4c143e6}]
\Shell\AutoRun\command - I:\nideiect.com
\Shell\explore\Command - I:\nideiect.com
\Shell\open\Command - I:\nideiect.com

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 13:14:17
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
E:\Utilitaires\Antivirus - Firewall\Kerio\KPF\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
E:\Utilitaires\Antivirus - Firewall\Kerio\KPF\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
E:\Utilitaires\Antivirus - Firewall\Kerio\KPF\Personal Firewall\kpf4gui.exe
E:\Téléchargements\Logiciels\ELIBAGLA.BG%D8DB%D8%D8H.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-20 13:16:10 - machine was rebooted [Administrateur]
ComboFix-quarantined-files.txt 2008-04-20 11:16:04

Pre-Run: 3,092,738,048 octets libres
Post-Run: 3,030,937,600 octets libres

196



A bientot
Thierry

Concernant Safe Boot Key Repair

il s'agit d'un utilitaire de réparation du mode sans echec (info trouvée sur ce site)

J'essaie un démarrage en mode sans echec pour lancer elibagla
et je me re connecte

A+

Salut
J'ai réussi à démarrer en mode sans echec et lancer un elibagla

J'ai réussi à installer avast antivirus et lancer un scan de mon PC => pas de virus détecté
J'ai pu lancer un spybot => espions bagle éliminés
J'ai pu installer Ghost et Kerio

Je pense etre sur la bonne voie

Dois je effectuer d'autres analyses (malwarebytes anti malware ?)
ou puis je considérer le PB comme réglé ?

Peux tu me donner un conseil : quel antivirus : avast ou antivir
Quel firewall (Kerio ou un autre ?)


Merci pour ton aide

Merci Dou_i
J'ai lancé un malwarebyte en mode sans echec qui a détécté 2 fichiers infectés =>que dois je faire ?

Concernant antivir, je n'ai pas réussi à configurer la mise à jour "not valid licence file available"
donc pour l'instant ma base virale n'est pas à jour avec antivir

Sais tu comment configurer antivir ?

Autre question : Kaspersky n'a pas du se désinstaller proprement car régulièrement un message 'cannot execute file kav.exe - chemin introuvable' apparait

merci pour ton aide

Voici le rapport malwarebyte :

Malwarebytes' Anti-Malware 1.11
Version de la base de données: 674

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 84364
Temps écoulé: 50 minute(s), 30 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\5723950.exe.vir (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP181\A0141288.exe (Trojan.Downloader) -> No action taken.

Merci Dou_i
J'ai lancé un malwarebyte en mode sans echec qui a détécté 2 fichiers infectés =>que dois je faire ?

Concernant antivir, je n'ai pas réussi à configurer la mise à jour "not valid licence file available"
donc pour l'instant ma base virale n'est pas à jour avec antivir

Sais tu comment configurer antivir ?

Autre question : Kaspersky n'a pas du se désinstaller proprement car régulièrement un message 'cannot execute file kav.exe - chemin introuvable' apparait

merci pour ton aide

Voici le rapport malwarebyte :

Malwarebytes' Anti-Malware 1.11
Version de la base de données: 674

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 84364
Temps écoulé: 50 minute(s), 30 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\5723950.exe.vir (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP181\A0141288.exe (Trojan.Downloader) -> No action taken.

Dou-i
J'ai lancé un scan avec Antivir (que j'ai enfin pu mettre à jour)

Il m'a détecté plus de 50 fichiers infectés !!!

Que dois je en faire : ils sont actuellement tous en quarantaine

Voici le rapport antivir

A bientôt

Rapport scan Antivir :



Avira AntiVir Personal
Report file date: jeudi 24 avril 2008 23:21

Scanning for 1236771 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: TITANIUM

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.3.197 1260032 Bytes 22/04/2008 21:01:44
ANTIVIR3.VDF : 7.0.3.210 113664 Bytes 24/04/2008 21:01:47
Engineversion : 8.1.0.32
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.26 233850 Bytes 24/04/2008 21:02:10
AESCN.DLL : 8.1.0.14 119156 Bytes 24/04/2008 21:02:08
AERDL.DLL : 8.1.0.19 418164 Bytes 07/04/2008 15:34:44
AEPACK.DLL : 8.1.1.2 364917 Bytes 24/04/2008 21:02:07
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 24/04/2008 21:02:03
AEHEUR.DLL : 8.1.0.18 1167735 Bytes 24/04/2008 21:02:01
AEHELP.DLL : 8.1.0.14 115063 Bytes 24/04/2008 21:01:53
AEGEN.DLL : 8.1.0.17 299380 Bytes 24/04/2008 21:01:52
AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:43
AECORE.DLL : 8.1.0.27 168310 Bytes 24/04/2008 21:01:49
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 24 avril 2008 23:21

Starting search for hidden objects.
Error in ARK lib

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'thunderbird.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
Scan process 'PDSched.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'HOTSYNC.EXE' - '1' Module(s) have been scanned
Scan process 'dslmon.exe' - '1' Module(s) have been scanned
Scan process 'robotaskbaricon.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'GhostStartTrayApp.exe' - '1' Module(s) have been scanned
Scan process 'DAP.exe' - '1' Module(s) have been scanned
Scan process 'opwareSE2.exe' - '1' Module(s) have been scanned
Scan process 'ECB.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'GhostStartService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
38 processes with 38 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '27' files ).


Starting the file scan:

Begin scan in 'C:\' <Système>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Satsuki Decodeur Pack\wmv\WMVPostpross.exe
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was moved to '4866fc72.qua'!
C:\QooBox\Quarantine\catchme2008-04-20_131145,40.zip
[0] Archive type: ZIP
--> srosa.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
--> wintems.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
--> mdelk.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
--> hldrrr.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.NI
--> mdelk.exe.1
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.NI
[NOTE] The file was moved to '4884fcaf.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '4875fcbd.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\wintems.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '487efcc7.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\hldrrr.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '4874fcce.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\mdelk.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '4875fcca.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\1780900.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '4848fca3.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\1865252.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '4846fcaa.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\2952325.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '4845fcb2.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\352476.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '4842fcb5.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\4471319.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '4847fcbc.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\4651698.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '4845fcc3.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\518275.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '4848fcc0.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\5656663.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '4845fcc7.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP178\A0137472.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.NI
[NOTE] The file was moved to '4841fcd8.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP178\A0137474.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.NI
[NOTE] The file was moved to '4841fcdb.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP178\A0137480.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.NI
[NOTE] The file was moved to '4841fcdf.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP178\A0137570.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '4841fce2.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP178\A0137572.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.NI
[NOTE] The file was moved to '4841fce4.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP178\A0137573.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.NI
[NOTE] The file was moved to '4841fce6.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP179\A0137702.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '4841fcea.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP180\A0137834.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '4841fcf2.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP180\A0137993.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.NI
[NOTE] The file was moved to '4841fcf9.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP180\A0138993.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.NI
[NOTE] The file was moved to '4841fcfc.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP180\A0139989.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.NI
[NOTE] The file was moved to '4841fcfe.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP180\A0140092.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.NI
[NOTE] The file was moved to '4841fd00.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP180\A0141092.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.NI
[NOTE] The file was moved to '4841fd02.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP180\A0141095.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.NI
[NOTE] The file was moved to '4841fd03.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP180\A0141096.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.NI
[NOTE] The file was moved to '4841fd05.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP180\A0141097.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '4841fd0b.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP180\A0141191.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.NI
[NOTE] The file was moved to '4841fd0e.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP180\A0141198.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.NI
[NOTE] The file was moved to '4841fd0f.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP180\A0141199.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.NI
[NOTE] The file was moved to '49c17f98.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP180\A0141200.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was moved to '4841fd10.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP181\A0141245.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '4841fd12.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP181\A0141247.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '4841fd13.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP181\A0141256.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '4841fd14.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP181\A0141259.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '49c17f9d.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP181\A0141265.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '4841fd15.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP181\A0141268.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '49c17f9e.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP181\A0141273.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '4841fd16.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP181\A0141279.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '4841fd17.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP181\A0141285.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '49c17f90.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP181\A0141318.exe
[DETECTION] Is the Trojan horse TR/Agent.684032.3
[NOTE] The file was moved to '4841fd18.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP181\A0141319.exe
[DETECTION] Is the Trojan horse TR/Agent.684032.3
[NOTE] The file was moved to '4841fd19.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP181\A0141321.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '493e66d2.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP181\A0141322.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '4841fd1a.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP189\A0143468.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/32768.B
[NOTE] The file was moved to '4841fd28.qua'!
C:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP193\A0144994.exe
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was moved to '4841fd32.qua'!
C:\WINDOWS\system32\drivers\atapi.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Données>
Begin scan in 'E:\' <Logiciels>
E:\System Volume Information\_restore{45D1DBA8-AE7D-432F-802A-3C8C81199D1F}\RP178\A0137478.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.NI
[NOTE] The file was moved to '48420129.qua'!
E:\Téléchargements\Logiciels\ImgBurn_1.0.0.0_Fr.exe
[DETECTION] Is the Trojan horse TR/Ransom.A.5
[NOTE] The file was moved to '4878017e.qua'!


End of the scan: jeudi 24 avril 2008 23:58
Used time: 37:00 min

The scan has been done completely.

4478 Scanning directories
186986 Files were scanned
55 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
51 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
186931 Files not concerned
2102 Archives were scanned
2 Warnings
51 Notes
13062 Objects were scanned with rootkit scan
0 Hidden objects were found