Antivirus n est pas 1Application Win32 valide Résolu/Fermé

Question

Bonjour à tous, Et bien voilà, je viens également d'etre contaminé par un virus (Baggle?) et , (HONTE A MOI!!), je n'avais pas d'anti virus au moment de l'infection. J'ai donc evidemment immédiatement tenté d'installer un anti virus mais sans succès. Soit l'installation n'allait pas jusqu'au bout (erreur de démarrage de service) , soit l'installation d'un autre antivirus allait jusqu'au bout mais il ne se lançait pas au démarrage du PC et envoulant le lancer manuellement, j'ai le message d'erreur " . .. N'est pas une application Win32 valide" Ne voulant pas rester sur cet échec, j'ai tenté d'autres anti virus gratuits (AVG, Avast) comme payant (Kapersky, Nod32) mais avec toujours ce même message à la clé. ( pas une application Win 32 valide) :-( En parcourant les conseils prodigués par vos précieux experts (notamment ce post qui semblait avoir le même problème que moi : http://www.commentcamarche.net/forum/affich 6660016 exe n est pas une application win32 valide#0) , combofix avait été conseillé afin de fournir un rapport J'ai donc fait tourner combofix une fois, et le log indiquait que plusieurs fichiers infectés avaient été supprimés et je pensais donc que le virus était éradiqué (à tort) J'ai alors retenté l'installation d'antivirus, mais .. . en vain ! J'ai alors relancé une deuxième exécution de combofix et, à mon grand désespoir, de nouveaux fichiers infectés etaient apparus .. D'habitude, je parviens tjs à me débrouiller seul pour résoudre ce genre de problème mais cette fois-ci, je préfère faire appel a des gens experts en la matière :) J'espère que vous pourrez m'aider PS : Je vous joins le dernier log de Combofix (j'ai toujours le 1er log à votre disposition, si vous le voulez) J'ai essayé de vous fournir un log de Hijackthis, mais pas de bol, là aussi , j'ai le message comme quoi ce n'est pas une application Win32 valide) :-( ComboFix 08-06-20.4 - Tintino 2008-06-29 21:38:29.2 - [color=red][b]FAT32/b/colorx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1611 [GMT 2:00] Endroit: C:\Documents and Settings\Tintino\Bureau\Domi.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Tintino\Application Data\m\data.oct C:\Documents and Settings\Tintino\Application Data\m\list.oct C:\Documents and Settings\Tintino\Application Data\m\shared C:\Documents and Settings\Tintino\Application Data\m\shared\Digi].zip C:\Documents and Settings\Tintino\Application Data\m\shared\Digitalizer for Photoshop 1.24.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Digitalk Easy Recorder 1.4.1.2363.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Digitally Imported Radio 1.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DigitalMedia IPN Lightweight Label Printer 3.1.1.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DigitalVideo Converter 1.7.0.24.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DigitalWeb NetPatrol 2.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DigitalX Local Keylogger 1.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DigitByte MPEG Joiner 2.0.0381.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DigitByte Video Converter 3.0.3.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DigitByte WMA to WAV Converter 1.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DigitByte WMV To Wav Converter 1.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DigitClock 1.02.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Digiters DVD Cloner 3.6.6.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Digiters DVD to iPhone ConverterDigiters DVD to iPhone Converter 3.6.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Digiters DVD to iPod Converter + Video 3.6.6.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Digiters DVD to iPod Converter 3.6.6.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Digiters DVD to PSP Converter + Video to PSP Converter Suite 3.6.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Digiters DVD to PSP Converter 3.6.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Digiters DVD to Zune Converter 3.6.6.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Digiters Sound Recorder 3.6.6.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Digiters Video to iPhone Converter 3.6.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Digiters Video to iPod Converter 3.6.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Digiters Video to PSP Converter 3.6.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Digiters Video to Zune Converter 3.6.6.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DigitizeIt 1.5.8.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Digitizer 1.1.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Digitope Picture Converter 1.0.16.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DigiTv Full 1.0.6.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DigitWiz 1.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Digitzone PDF Text Converter 1.3.0.6.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Digitzone PDF to PNG Converter.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Digiview 1.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DigiWaiter DesktopClient 1.0.100.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DigiWaiter Server 1.31.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DigiWatch 1.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DigiWeather 1.2.zip C:\Documents and Settings\Tintino\Application Data\m\shared\digiXMAS Article Submiter 1.0.1.zip C:\Documents and Settings\Tintino\Application Data\m\shared\digiXMAS Submitter 3.2.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\digsby Build 13706 Beta.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Diino 4.1.1.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Diji Album Editor 7.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Diji Album Viewer 7.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dijkstra Algorithm 1.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DIKO Free 2.35.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Diko Matrix Creator 1.2.0.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Diktuon 2.0.1.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DILauncher 1.1.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dilbert 1.01.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dilbert Daily 1.0.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DILEMMA 1.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dilution Wizard 1.0 Beta.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DIManagerX 7.0.0.123 Final.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dimenes 1.5 RF.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dimension 4 5.0.35.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dimension Browser 5.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dimensional Analysis 4.2.2.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dimensions of Culture Software, Hofstede 2.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DimichSoft Advanced File Tracer 1.5.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DimichSoft Mail List Receiver 5.3.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DimichSoft SecurityDog 2.1.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DIMIN HotKeys for Winamp 0.5.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DIMIN HTML Directory Structure Creator 2.4.5.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DIMIN Image Viewer n5 5.2.1.111.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DIMIN irCommander 0.3.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DIMIN OSD 0.3.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DIMIN ShutCountDown 0.0.2.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DIMIN Smart Capturer 0.1.6.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DIMIN Viewer 5.2.5 Build 140.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dimlog 1.3.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dimon - Tinted Glasses 1.0.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DimSaver 2.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dimwit's Dictionary 1.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DIN Settings Calculator 1.1.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dina Programming Font 2.89.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DinamoMania Analog Clock 1.00.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Ding 1.05.005.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DiningPlus 1.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dinky AutoComplete Tool 1.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dinner Timer Lite 1.0.6.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dino Glade 1.3.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dino Glade Advanced 1.39.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dino Icons.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dino Island 1.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dino ScreenMate 1.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dinosaur Dystopia 1.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dinosaur Screensaver 1.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dinosaur Valley - Animated Screensaver 5.07.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dinosaur Valley - Animated Wallpaper 5.07.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dinosaurs 3D Screensaver 1.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dinosaurs Art SlideShow 1.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dinosaurs Toys Icons 1.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DINT 0.82.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Diogenes 3.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DionOnlineBackup 2.3.3..zip C:\Documents and Settings\Tintino\Application Data\m\shared\diPacker 1.4.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DiProtector 1.2.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dipstick 3.1.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DipTrace 1.50.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DipTrace Free 1.50.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dir-To-List 1.51.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dir 2 File 1.2.2.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dir Info 2.2.40.73.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dir QuickView 1.61.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dir Utils 1.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dir2Clpbrd 1.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\dir2html 1.0.6.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DIR2HTML 1.1.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\dir2html 2.7.41.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dir2HTML 3.32.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Dir2XML 0.1.zip C:\Documents and Settings\Tintino\Application Data\m\shared\dIRC 2.2.0.1.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DirCase 1.0.0.1.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DirCmp 1.0 Build 4.4.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DirCollector 1.0.1.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DirComp 2.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DirCompare 2.1.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DirDate 4.1.2.zip C:\Documents and Settings\Tintino\Application Data\m\shared\DirDup 1.0g.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Direcscape 1.1.0.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Direct Access 1.6.6.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Direct Audio CD 3.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Direct Audio Converter and CD Ripper 2.0.7.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Direct Audio Recorder 3.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Direct Click 1.0.0.114.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Direct Connect Hub 2.2.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Direct dial XP 4.0.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Direct Draw 1.zip C:\Documents and Settings\Tintino\Application Data\m\shared\Direct e-mail 1.0.zip C:\Documents and Settings\Tintino\Application Data\m\srvlist.oct C:\WINDOWS\system32\drivers\downld C:\Documents and Settings\Tintino\Application Data\m . . . . Echec de suppression C:\WINDOWS\system32\drivers\hldrrr.exe . . . . Echec de suppression C:\WINDOWS\system32\drivers\mdelk.exe . . . . Echec de suppression C:\WINDOWS\system32\drivers\srosa.sys . . . . Echec de suppression . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SROSA ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))))))) . 2008-06-29 18:34 . 2008-06-29 18:34 d-------- C:\Program Files\Trend Micro 2008-06-29 16:19 . 2008-06-29 16:19 d-------- C:\Program Files\CCleaner 2008-06-29 15:59 . 2008-06-29 15:59 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-06-29 15:47 . 2008-06-29 15:47 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-28 23:22 . 2008-06-28 23:22 d-------- C:\Documents and Settings\Tintino\Application Data\CyberLink 2008-06-28 23:22 . 2008-06-28 23:22 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink 2008-06-28 11:29 . 2008-06-28 11:29 d-------- C:\Program Files\DJ Mix Pro 2008-06-28 00:51 . 2008-06-28 00:51 d-------- C:\WINDOWS\BDOSCAN8 2008-06-28 00:26 . 2008-06-28 00:26 d--h----- C:\Documents and Settings\Tintino\Application Data\m 2008-06-28 00:15 . 2008-06-28 00:15 d-------- C:\Documents and Settings\Tintino\Application Data\MSNInstaller 2008-06-28 00:00 . 2008-06-28 00:00 d-------- C:\Documents and Settings\Tintino\Application Data\AVGTOOLBAR 2008-06-28 00:00 . 2008-06-28 00:00 d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-06-27 22:56 . 2008-06-27 22:56 34,143 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys 2008-06-27 22:56 . 2008-06-27 22:56 29,730 --a------ C:\WINDOWS\system32\drivers\HookCentre.sys 2008-06-11 20:52 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 20:52 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-04 10:30 . 2008-06-04 10:30 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-06-04 10:30 . 2007-10-19 20:16 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-06-04 10:30 . 2007-10-19 20:16 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-06-04 10:29 . 2008-06-04 10:29 d-------- C:\Program Files\QuickTime Alternative 2008-06-04 10:13 . 2008-06-22 14:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-06-04 10:13 . 2008-06-04 10:13 1,409 --a------ C:\WINDOWS\QTFont.for 2008-06-03 23:01 . 2008-06-03 23:01 d-------- C:\Documents and Settings\Tintino\iWizz 2008-06-03 22:59 . 2008-06-03 22:59 d-------- C:\Program Files\iWizz 2008-06-02 22:58 . 2008-06-02 22:58 d-------- C:\Documents and Settings\Tintino\Application Data\.trackballs 2008-05-29 21:46 . 2008-05-29 21:46 d-------- C:\Program Files\NewsLeecher 2008-05-29 20:37 . 2008-05-29 20:37 d-------- C:\Documents and Settings\Tintino\Downloads 2008-05-29 20:37 . 2008-05-29 20:37 d-------- C:\Documents and Settings\Tintino\Application Data\NewsLeecher . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-29 15:03 70,656 ----a-w C:\WINDOWS\system32\dllcache\sysinfo.exe 2008-06-29 15:03 15,360 ----a-w C:\WINDOWS\system32\dllcache egister.exe 2008-06-27 18:16 98,304 ----a-w C:\WINDOWS\DUMP47d6.tmp 2008-05-26 20:26 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll 2008-05-26 20:26 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll 2008-05-26 20:26 --------- d-----w C:\Program Files\Auralog 2008-05-25 19:58 --------- d-----w C:\Documents and Settings\Flo\Application Data\U3 2008-05-25 17:13 --------- d-----w C:\Documents and Settings\Flo\Application Data\IEPro 2008-05-17 09:30 --------- d-----w C:\Documents and Settings\Flo\Application Data\Thunderbird 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache mcast.sys 2008-05-07 04:55 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 04:55 1,294,336 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-04-22 07:41 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-04-22 07:41 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll . ((((((((((((((((((((((((((((( snapshot@2008-06-29_18.14.27.68 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-29 16:10:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-29 19:49:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-29 19:49:56 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_13c.dat + 2008-06-29 19:50:38 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_a20.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360] "POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [2008-03-12 00:09 1429504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512] "preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 17:09 32768] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 02:10 700416] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 20:51 53248] "AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 14:50 88204 C:\WINDOWS\AGRSMMSG.exe] "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7 tiMUI.exe" [2005-05-11 17:15 45056] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 05:00 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 05:00 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 05:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 05:00 455168] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 20:58 7581696] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 20:58 86016] "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 17:56 16261632 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe] "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768] "LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2006-04-19 15:08 69632] "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480] "LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664] "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2006-04-20 09:23 86016] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00 345088] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-03-30 18:47 421888] "Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584] "Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-06-23 10:39 225280] "LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 15:47 331776] "LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 15:55 73728] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 05:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme "EnableLUA"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Messenger\msmsgs.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HelpCtr.exe"= "C:\Program Files\Internet Explorer\IEXPLORE.EXE"= "C:\Program Files\VideoLAN\VLC\vlc.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\CounterPath\X-Lite\x-lite.exe"= "C:\WINDOWS\System32\muzapp.exe"= "C:\Documents and Settings\Tintino\Application Data\m\flec006.exe"= R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27] R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57] R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-19 12:20] R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40] S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys [] S3 GDMnIcpt;GDMnIcpt;C:\WINDOWS\system32\drivers\MiniIcpt.sys [2008-06-27 22:56] S3 HookCentre;HookCentre;C:\WINDOWS\system32\drivers\HookCentre.sys [2008-06-27 22:56] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] S4 AVKService;AVK Service;C:\Program Files\G DATA InternetSecurity\AVK\AVKService.exe [] S4 AVKWCtl;Gardien d'AVK;C:\Program Files\G DATA InternetSecurity\AVK\AVKWCtl.exe [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8399962-559d-11dc-92d8-0018de78e39a}] \Shell\AutoRun\command - F:\LaunchU3.exe -a *Newly Created Service* - SROSA . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-29 21:50:43 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cach‚s ... C:\Documents and Settings\Tintino\Application Data\m\flec006.exe [2980] 0x8969E6B8 Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"="C:\WINDOWS\system32\drivers\hldrrr.exe" "mule_st_key"="C:\Documents and Settings\Tintino\Application Data\m\flec006.exe" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\srosa] "ImagePath"="\??\C:\WINDOWS\system32\drivers\srosa.sys" . ------------------------ Other Running Processes ------------------------ . C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\LOGITECH\LVMVFM\LVPRCSRV.EXE C:\ACER\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE C:\WINDOWS\EHOME\EHRECVR.EXE C:\WINDOWS\EHOME\EHSCHED.EXE C:\WINDOWS\SYSTEM32\NVSVC32.EXE C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE C:\ACER\EMPOWERING TECHNOLOGY\ELOCK\SERVICE\ELOCKSERV.EXE C:\WINDOWS\EHOME\MCRDSVC.EXE C:\WINDOWS\SYSTEM32\DLLHOST.EXE C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\EHOME\EHMSAS.EXE C:\WINDOWS\system32\wbem\unsecapp.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\WINDOWS\SYSTEM32\IMAPI.EXE . ************************************************************************** . Temps d'accomplissement: 2008-06-29 21:54:50 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-29 19:54:38 Pre-Run: 43,296,522,240 octets libres Post-Run: 42,111,664,128 octets libres 329 --- E O F --- 2008-06-21 11:01:09

sKe69 · Answer

Salut,
A-IMPORTANT : 
je rappelle que bagle est amené par un crack et qu'il se relance dès que tu te sers de celui ci; même si tu ne sers pas, il peut se relancer de lui même au démarrage de ton PC . En claire : 
Essayes surtout de te rappeler si récemment tu n' as pas clicker sur un "patch" ou un "keygen" pour instaler un logiciel, un jeu cracké ou avoir une version complète d'un soft , et qu'il ne se soit rien passé de particulier ... C'est la que les beagles s'infiltrent ! Si tu retrouves ce crack en particulier ,scratch tout ( le crack, le soft ou encore les zip concernés). Si tu ne te rappelles plus trop , je te conseille fortement de supprimer tous les patchs qui sont sur ton PC ... ;)

B - 1-Télécharge ceci sur ton bureau : http://perso.orange.fr/aeternum/Miscs/KillB.zip 
Clic droit sur "KillB.zip" -> Extraire tout  sur ton bureau et pas ailleur ! 
Sur ton bureau tu auras maintenant un dossier nommé KillB. 
A l'intérieur de ce dossier, clic sur le fichier Go.bat. 
En fin d'analyse le programme va te demander d'appuyer sur une touche pour redemarrer le pc, fais le et laisse le pc redémarrer.

2- Rends toi sur ce site : 
http://www.zonavirus.com/datos/descargas/95/elibagla.asp 

Tout en bas de cette page tu trouveras un outil à télécharger, 
cliques droit sur "escargar Elibagla" (le numéro de version change au fur et à mesure des mises à jour) 
choisis --->"enregistrer la cible sous" --->instales ce fichier sur le bureau (et pas ailleurs !). 

Déconnectes toi et fermes toutes tes applications en cours (si tu en as ...). 

Ensuite double-clic sur  Elibagla.exe :
-->laisses la case "eliminar ficheros automaticamente" coché 
-->cliques sur"explorar" 
-->laisses-le travailler 
-->Enfin postes le rapport final qui sera dans "C:infosat.txt" accompagné du rapport "KB.txt" situé dans le dossier KillB ... 

PS : Si, dans le rapport, tu vois un texte semblable à celui-ci 

Por favor, envienos una muestra del fichero 
C:MuestrasHLDRRR.EXE.Muestra EliBagle v10.24 
a "virus@satinfo.es". Gracias; 

Envoies ce(s) fichier(s) (dans l'exemple C:MuestrasHLDRRR.EXE.Muestra EliBagle v10.24 ) à l'adresse e-mail indiquée (virus@satinfo.es). 

L'outil a rencontré un fichier qu'il reconnaît mais ne sait pas encore éradiquer ...

Tintino · Answer

Bonjour Ske6,
Tout d'abord, merci pour ta réaction HYPER RAPIDE !!!  :))

effectivement, j'ai eu les 1er symptomes après téléchargé ce que je croyais être un crack pour un programme (Humm, pas bien pas bien, je l'avoue) 
Dès que j'ai double clické sur l'exe (2eme erreur de ma part, je le reconnais), j'ai eu droit a un écran bleu .  Je me suis directement rendu compte que je venais de me faire piéger par un virus  :-(  C'est suite à cela que j'ai essayé d'installer l'anti virus que j'utilise déjà sur mon 2ème PC et que, comme dit plus haut, ca n'a pas marché
J'ai supprimé ce fichier téléchargé un peu plus tard,  mais il était déjà trop tard

Maintenant, je vais suivre les recommandations que tu me donnes et te donnerai ici les résultats obtenus ! 
Mais déjà , un tout grand merci de ta réponse :)

Lyonnais92 · Answer

Re,

 déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Lyonnais92 · Answer

Re,

désolé, j'ai posté sans voir les réponses.

Mais je pense qu'on est sur la dernière variante de bagle.

Je voulais voir ce que donnait un 2ème passage :

C:\Documents and Settings\Tintino\Application Data\m . . . . Echec de suppression
C:\WINDOWS\system32\drivers\hldrrr.exe . . . . Echec de suppression
C:\WINDOWS\system32\drivers\mdelk.exe . . . . Echec de suppression
C:\WINDOWS\system32\drivers\srosa.sys . . . . Echec de suppression

sKe69 · Answer

Impec ... A - Télécharges et installes le logiciel HijackThis : ici :ftp://ftp.commentcamarche.com/download/HJTInstall.exe ou ici : http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe 1-Cliquer sur le setup pour lancer l'installe : laisses toi guider et ne modifies pas les paramètres d'instalation . A la fin tu doit avoir un raccouci sur ton bureau et aussi un cheminement comme : "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe " . Important : Renommer le prg HijackThis : Rends toi sur ton PC ici "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe"<---cliques droit sur ce dernier et choisis "renommer" : tapes monjack et valide . tuto pour utilisation Regardes ici, c'est parfaitement expliqué en images : http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm 2-!!Déconnectes toi et fermes toute tes applications en cours !! Cliques sur le raccourci du bureau, Fais un scan monjack (ou HijackThis renommé) en cliquant sur : "Do a system scan and save a logfile" ---> Postes le rapport généré pour analyse ... Une fois le rapport posté enchaine de suite par ce-ci : B - Télécharges ComboFix (par sUBs) sur ton Bureau (et pas ailleur !): http://download.bleepingcomputer.com/sUBs/ComboFix.exe <--- clik droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix et valide . --------------------------------------------- [ ! ATTENTION ! ] ---------------------------------------------------------- !! déconnectes toi,fermes tes applications en cours et DESACTIVES TOUTES TES DEFENCES (anti-virus, guardes anti spy-ware, pare-feu) le temps de la manipe : en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !! --->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ... Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix --------------------------------------------------------------------------------------------------------------------------------- Ensuite : double-cliques C-Fix.exe ( = combofix.exe ) . Appuyes sur la touche Y (Yes) pour démarrer le scan . Attention : n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi. ---> si un message d'erreur windows apparait à un momment : clik sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... ) Le rapport sera crée dans: C:\Combofix.txt Postes le rapport Combofix accompagné d'un nouveau rapport hijackthis pour analyse ...

Tintino · Answer

Lyonnais92,

tu veux que je refasse tourner combofix encore une fois ?
Après KB et Eligabla alors ? ?

En tout cas, merci de vous occuper de mon cas :)

Tintino · Answer

Alors, voici le PREMIER rapport de Hijackthis 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:14:31, on 30/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\MonJack.exe
C:\WINDOWS\system32\wscntfy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://myprivacy.dpgmedia.be/?siteKey=atXMVFeyFP1Ki09i&callbackUrl=https%3a%2f%2fwww.7sur7.be%2fprivacy-gate%2faccept%3fredirectUri%3d%252f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7
tiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://fwdservice.com
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: eLock Service (eLockService) -   - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcappcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

Tintino · Answer

Oups, j'avais laissé Interet Explorer Ouvert durant la manip, j'ai donc recommencé en prenant le soin de le fermer avant

Revoici le log , au cas ou ca aurait des implications

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:17:26, on 30/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\MonJack.exe
C:\WINDOWS\system32\wscntfy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://myprivacy.dpgmedia.be/?siteKey=atXMVFeyFP1Ki09i&callbackUrl=https%3a%2f%2fwww.7sur7.be%2fprivacy-gate%2faccept%3fredirectUri%3d%252f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7
tiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://fwdservice.com
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: eLock Service (eLockService) -   - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcappcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

Tintino · Answer

Bon, ben pour la suite, il faudra attendre ce lundi soir
car j'ai voulu lancer le Combofix  et après plus d' une heure (!!!), le programme continuait a tourner 
et comme il est déjà 1h30 du mat, ben la, je dois me coucher car demain matin boulot :(
Donc, demain soir, je reprends les tests

PS : en cliquant sur c-fix.exe , j'ai eu un pop up qui me demandait si j voulais arreter le programme "VisageON" (programme associé a la webcam integrée au portable). Est-ce normal ?
PS 2 : mes 2 premières exécutions de combofix avaient mis beauuuuucoup moins de temps pour terminer leur job .  quelque chose d'anormal ? Quand je l'ai bloqué, il était dans la création du compte rendu et me disait de lancer aucune autre application. et je n'avais pas encore du faire le restart du PC 

JE reviens donc demain avec , je l'espère, une exécution plus rapide de c-fix.
Ske69, Si  vous avez deja un commentaire suite à mes remarques , n'hésie pas :)
Bonne nuit

Tintino

fgdfgdrdfg · Answer

utilise unlocker c ce que je fais quand windows refuse, faut le faire manuellement

Tintino · Answer

Bonjour a tous me revoilà pour la suite des nouvelles comme promis ! ! JE viens d'exécuter combofix et il est passsé sans lenteur cette fois ci (moins de 10 minutes !!Alllelujah) Et jijackthis s'est déroulé san difficultés également . Alors voici les résultats des 2 logs PS : je vois dans ces 2 logs des traces de Kapersky et de Avg8 alors que je n'ai pas parvenu à installer ces anivirus :( 1) Log Combofix ComboFix 08-06-20.4 - Tintino 2008-06-30 19:49:57.4 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1690 [GMT 2:00] Endroit: C:\Documents and Settings\Tintino\Bureau\C-fix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\system32\drivers\downld . ((((((((((((((((((((((((((((( Fichiers créés 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))))))) . 2008-06-30 14:47 . 2008-06-30 14:47 d--hs---- C:\FOUND.000 2008-06-29 18:34 . 2008-06-29 18:34 d-------- C:\Program Files\Trend Micro 2008-06-29 16:19 . 2008-06-29 16:19 d-------- C:\Program Files\CCleaner 2008-06-29 15:59 . 2008-06-29 15:59 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-06-29 15:47 . 2008-06-29 15:47 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-28 23:22 . 2008-06-28 23:22 d-------- C:\Documents and Settings\Tintino\Application Data\CyberLink 2008-06-28 23:22 . 2008-06-28 23:22 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink 2008-06-28 11:29 . 2008-06-28 11:29 d-------- C:\Program Files\DJ Mix Pro 2008-06-28 00:51 . 2008-06-28 00:51 d-------- C:\WINDOWS\BDOSCAN8 2008-06-28 00:15 . 2008-06-28 00:15 d-------- C:\Documents and Settings\Tintino\Application Data\MSNInstaller 2008-06-28 00:00 . 2008-06-28 00:00 d-------- C:\Documents and Settings\Tintino\Application Data\AVGTOOLBAR 2008-06-28 00:00 . 2008-06-28 00:00 d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-06-27 22:56 . 2008-06-27 22:56 34,143 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys 2008-06-27 22:56 . 2008-06-27 22:56 29,730 --a------ C:\WINDOWS\system32\drivers\HookCentre.sys 2008-06-11 20:52 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 20:52 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-04 10:30 . 2008-06-04 10:30 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-06-04 10:30 . 2007-10-19 20:16 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-06-04 10:30 . 2007-10-19 20:16 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-06-04 10:29 . 2008-06-04 10:29 d-------- C:\Program Files\QuickTime Alternative 2008-06-04 10:13 . 2008-06-22 14:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-06-04 10:13 . 2008-06-04 10:13 1,409 --a------ C:\WINDOWS\QTFont.for 2008-06-03 23:01 . 2008-06-03 23:01 d-------- C:\Documents and Settings\Tintino\iWizz 2008-06-03 22:59 . 2008-06-03 22:59 d-------- C:\Program Files\iWizz 2008-06-02 22:58 . 2008-06-02 22:58 d-------- C:\Documents and Settings\Tintino\Application Data\.trackballs 2008-05-29 21:46 . 2008-05-29 21:46 d-------- C:\Program Files\NewsLeecher 2008-05-29 20:37 . 2008-05-29 20:37 d-------- C:\Documents and Settings\Tintino\Downloads 2008-05-29 20:37 . 2008-05-29 20:37 d-------- C:\Documents and Settings\Tintino\Application Data\NewsLeecher 2008-05-26 22:26 . 2008-05-26 22:26 d-------- C:\Program Files\Auralog 2008-05-25 21:58 . 2008-05-25 21:58 d-------- C:\Documents and Settings\Flo\Application Data\U3 2008-05-25 19:13 . 2008-05-25 19:13 d-------- C:\Documents and Settings\Flo\Application Data\IEPro 2008-05-17 11:30 . 2008-05-17 11:30 d-------- C:\Documents and Settings\Flo\Application Data\Thunderbird . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-29 15:03 70,656 ----a-w C:\WINDOWS\system32\dllcache\sysinfo.exe 2008-06-29 15:03 15,360 ----a-w C:\WINDOWS\system32\dllcache egister.exe 2008-06-27 18:16 98,304 ----a-w C:\WINDOWS\DUMP47d6.tmp 2008-05-26 20:26 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll 2008-05-26 20:26 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache mcast.sys 2008-05-07 04:55 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 04:55 1,294,336 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-04-22 07:41 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-04-22 07:41 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys . ((((((((((((((((((((((((((((( snapshot@2008-06-29_18.14.27.68 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-29 16:10:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-30 16:44:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2004-08-10 03:00:00 102,463 ----a-w C:\WINDOWS\ime\shared\imepadsm.dll + 2004-08-10 03:00:00 311,359 ----a-w C:\WINDOWS\ime\shared\imepadsv.exe + 2004-08-10 03:00:00 102,456 ----a-w C:\WINDOWS\ime\shared\imlang.dll + 2004-08-10 03:00:00 15,872 ----a-w C:\WINDOWS\ime\shared es\PADRS404.DLL + 2004-08-10 03:00:00 36,927 ----a-w C:\WINDOWS\ime\shared es\padrs411.dll + 2004-08-10 03:00:00 14,336 ----a-w C:\WINDOWS\ime\shared es\padrs412.dll + 2004-08-10 03:00:00 15,360 ----a-w C:\WINDOWS\ime\shared es\padrs804.dll - 2008-06-29 16:10:28 232,776 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-06-29 21:48:28 206,512 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-06-30 16:44:20 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_fc.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360] "POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [2008-03-12 00:09 1429504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512] "preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 17:09 32768] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 20:51 53248] "AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 14:50 88204 C:\WINDOWS\AGRSMMSG.exe] "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7 tiMUI.exe" [2005-05-11 17:15 45056] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 05:00 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 05:00 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 05:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 05:00 455168] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 20:58 7581696] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 20:58 86016] "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 17:56 16261632 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe] "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768] "LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2006-04-19 15:08 69632] "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480] "LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664] "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2006-04-20 09:23 86016] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00 345088] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-03-30 18:47 421888] "Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584] "Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-06-23 10:39 225280] "LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 15:47 331776] "LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 15:55 73728] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 05:00 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-12-08 22:30:30 45056] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Messenger\msmsgs.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HelpCtr.exe"= "C:\Program Files\Internet Explorer\IEXPLORE.EXE"= "C:\Program Files\VideoLAN\VLC\vlc.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\CounterPath\X-Lite\x-lite.exe"= "C:\WINDOWS\System32\muzapp.exe"= R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27] R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57] R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-19 12:20] R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40] S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys [] S3 GDMnIcpt;GDMnIcpt;C:\WINDOWS\system32\drivers\MiniIcpt.sys [2008-06-27 22:56] S3 HookCentre;HookCentre;C:\WINDOWS\system32\drivers\HookCentre.sys [2008-06-27 22:56] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] S4 AVKService;AVK Service;C:\Program Files\G DATA InternetSecurity\AVK\AVKService.exe [] S4 AVKWCtl;Gardien d'AVK;C:\Program Files\G DATA InternetSecurity\AVK\AVKWCtl.exe [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8399962-559d-11dc-92d8-0018de78e39a}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-30 19:52:04 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-06-30 19:55:55 ComboFix-quarantined-files.txt 2008-06-30 17:54:40 ComboFix2.txt 2008-06-29 19:54:54 Pre-Run: 40,700,542,976 octets libres Post-Run: 40,692,613,120 octets libres 179 --- E O F --- 2008-06-21 11:01:09 2) HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:57:39, on 30/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32 vsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Acer\Empowering Technology\ePresentation\ePresentation.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\MonJack.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://myprivacy.dpgmedia.be/?siteKey=atXMVFeyFP1Ki09i&callbackUrl=https%3a%2f%2fwww.7sur7.be%2fprivacy-gate%2faccept%3fredirectUri%3d%252f R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7 tiMUI.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1 O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Acer Empowering Technology.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://fwdservice.com O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - https://www.eset.com/ O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32 vsvc32.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap pcapd.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

Tintino · Answer

NB : C'est depuis ces 1er symptomes que mon bouton clavier me permetant le défilement dans les pages et documents ne fonctionne plus .  Je suppose qu'il y a un lien ... ? 
Et le portable souffre aussi de lenteur (lors du surf notamment) par moment

sKe69 · Answer

Salut,

1-Crée un doc texte sur ton bureau : 
pointes ta souris sur ton bureau , click droit : vas dans "nouveau" et choisis "document texte" . 

Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de crée : 

Driver::
C:\WINDOWS\system32\drivers\downld 

File:: 
C:\WINDOWS\system32\dllcache\sysinfo.exe 


Puis vas dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi : 
CFScript puis valides ...
 

2-Nettoyage :
!! Déconnectes toi,fermes toute tes application et désactive ton antivirus le temps de la manipe ( tu le réactiveras après )  !! 

--->Sur ton bureau, fais un glisser avec ta souris le fichier CFScript sur l'icone de ComboFix.exe . 

(Regarde ici : http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif )

Cette manipulation va relancer combofix .
--> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tape 1 puis valide. 

Puis patientes le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!) 

!! Ne touche à rien tant que le scan n'est pas terminé !! 

Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire. 

Une fois le scan achevé, un rapport va s'afficher : Postes le accompagné d' un nouveau rapport HijackThis pour analyse ...

( Attention : cette manipe a été fait pour ce PC . Toute réutilisation peut endommager sévèrement le système d'exploitation )

Tintino · Answer

Voila Ske69, j'ai fait tes manips Voici le resultat de tout ca : 1) Combofix ComboFix 08-06-20.4 - Tintino 2008-06-30 22:20:53.6 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1653 [GMT 2:00] Endroit: C:\Documents and Settings\Tintino\Bureau\C-fix.exe Command switches used :: C:\Documents and Settings\Tintino\Bureau\CFScript.txt * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] FILE :: C:\WINDOWS\system32\dllcache\sysinfo.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\dllcache\sysinfo.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))))))) . 2008-06-30 14:47 . 2008-06-30 14:47 d--hs---- C:\FOUND.000 2008-06-29 18:34 . 2008-06-29 18:34 d-------- C:\Program Files\Trend Micro 2008-06-29 16:19 . 2008-06-29 16:19 d-------- C:\Program Files\CCleaner 2008-06-29 15:59 . 2008-06-29 15:59 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-06-29 15:47 . 2008-06-29 15:47 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-28 23:22 . 2008-06-28 23:22 d-------- C:\Documents and Settings\Tintino\Application Data\CyberLink 2008-06-28 23:22 . 2008-06-28 23:22 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink 2008-06-28 11:29 . 2008-06-28 11:29 d-------- C:\Program Files\DJ Mix Pro 2008-06-28 00:51 . 2008-06-28 00:51 d-------- C:\WINDOWS\BDOSCAN8 2008-06-28 00:15 . 2008-06-28 00:15 d-------- C:\Documents and Settings\Tintino\Application Data\MSNInstaller 2008-06-28 00:00 . 2008-06-28 00:00 d-------- C:\Documents and Settings\Tintino\Application Data\AVGTOOLBAR 2008-06-28 00:00 . 2008-06-28 00:00 d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-06-27 22:56 . 2008-06-27 22:56 34,143 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys 2008-06-27 22:56 . 2008-06-27 22:56 29,730 --a------ C:\WINDOWS\system32\drivers\HookCentre.sys 2008-06-11 20:52 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 20:52 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-04 10:30 . 2008-06-04 10:30 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-06-04 10:30 . 2007-10-19 20:16 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-06-04 10:30 . 2007-10-19 20:16 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-06-04 10:29 . 2008-06-04 10:29 d-------- C:\Program Files\QuickTime Alternative 2008-06-04 10:13 . 2008-06-22 14:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-06-04 10:13 . 2008-06-04 10:13 1,409 --a------ C:\WINDOWS\QTFont.for 2008-06-03 23:01 . 2008-06-03 23:01 d-------- C:\Documents and Settings\Tintino\iWizz 2008-06-03 22:59 . 2008-06-03 22:59 d-------- C:\Program Files\iWizz 2008-06-02 22:58 . 2008-06-02 22:58 d-------- C:\Documents and Settings\Tintino\Application Data\.trackballs 2008-05-29 21:46 . 2008-05-29 21:46 d-------- C:\Program Files\NewsLeecher 2008-05-29 20:37 . 2008-05-29 20:37 d-------- C:\Documents and Settings\Tintino\Downloads 2008-05-29 20:37 . 2008-05-29 20:37 d-------- C:\Documents and Settings\Tintino\Application Data\NewsLeecher 2008-05-26 22:26 . 2008-05-26 22:26 d-------- C:\Program Files\Auralog 2008-05-25 21:58 . 2008-05-25 21:58 d-------- C:\Documents and Settings\Flo\Application Data\U3 2008-05-25 19:13 . 2008-05-25 19:13 d-------- C:\Documents and Settings\Flo\Application Data\IEPro 2008-05-17 11:30 . 2008-05-17 11:30 d-------- C:\Documents and Settings\Flo\Application Data\Thunderbird . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-29 15:03 15,360 ----a-w C:\WINDOWS\system32\dllcache egister.exe 2008-06-27 18:16 98,304 ----a-w C:\WINDOWS\DUMP47d6.tmp 2008-05-26 20:26 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll 2008-05-26 20:26 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache mcast.sys 2008-05-07 04:55 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 04:55 1,294,336 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-04-22 07:41 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-04-22 07:41 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys . ((((((((((((((((((((((((((((( snapshot@2008-06-29_18.14.27.68 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-29 15:08:32 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe - 2008-06-29 16:10:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-30 20:10:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2004-08-10 03:00:00 102,463 ----a-w C:\WINDOWS\ime\shared\imepadsm.dll + 2004-08-10 03:00:00 311,359 ----a-w C:\WINDOWS\ime\shared\imepadsv.exe + 2004-08-10 03:00:00 102,456 ----a-w C:\WINDOWS\ime\shared\imlang.dll + 2004-08-10 03:00:00 15,872 ----a-w C:\WINDOWS\ime\shared es\PADRS404.DLL + 2004-08-10 03:00:00 36,927 ----a-w C:\WINDOWS\ime\shared es\padrs411.dll + 2004-08-10 03:00:00 14,336 ----a-w C:\WINDOWS\ime\shared es\padrs412.dll + 2004-08-10 03:00:00 15,360 ----a-w C:\WINDOWS\ime\shared es\padrs804.dll - 2008-06-29 16:10:28 232,776 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-06-29 21:48:28 206,512 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-06-30 20:10:16 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_690.dat + 2008-06-30 20:10:36 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_b30.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360] "POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [2008-03-12 00:09 1429504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512] "preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 17:09 32768] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 20:51 53248] "AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 14:50 88204 C:\WINDOWS\AGRSMMSG.exe] "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7 tiMUI.exe" [2005-05-11 17:15 45056] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 05:00 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 05:00 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 05:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 05:00 455168] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 20:58 7581696] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 20:58 86016] "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 17:56 16261632 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe] "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768] "LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2006-04-19 15:08 69632] "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480] "LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664] "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2006-04-20 09:23 86016] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00 345088] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-03-30 18:47 421888] "Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584] "Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-06-23 10:39 225280] "LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 15:47 331776] "LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 15:55 73728] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 05:00 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-12-08 22:30:30 45056] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Messenger\msmsgs.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HelpCtr.exe"= "C:\Program Files\Internet Explorer\IEXPLORE.EXE"= "C:\Program Files\VideoLAN\VLC\vlc.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\CounterPath\X-Lite\x-lite.exe"= "C:\WINDOWS\System32\muzapp.exe"= R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27] R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57] R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-19 12:20] R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40] S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys [] S3 GDMnIcpt;GDMnIcpt;C:\WINDOWS\system32\drivers\MiniIcpt.sys [2008-06-27 22:56] S3 HookCentre;HookCentre;C:\WINDOWS\system32\drivers\HookCentre.sys [2008-06-27 22:56] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] S4 AVKService;AVK Service;C:\Program Files\G DATA InternetSecurity\AVK\AVKService.exe [] S4 AVKWCtl;Gardien d'AVK;C:\Program Files\G DATA InternetSecurity\AVK\AVKWCtl.exe [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8399962-559d-11dc-92d8-0018de78e39a}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-30 22:23:02 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-06-30 22:24:13 ComboFix-quarantined-files.txt 2008-06-30 20:24:10 ComboFix3.txt 2008-06-29 19:54:54 ComboFix2.txt 2008-06-30 19:05:14 Pre-Run: 40,596,439,040 octets libres Post-Run: 40,573,566,976 octets libres 180 --- E O F --- 2008-06-30 19:00:45 2) HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:25:44, on 30/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Acer\Empowering Technology\ePresentation\ePresentation.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Acer\OrbiCam\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32 vsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\MonJack.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://myprivacy.dpgmedia.be/?siteKey=atXMVFeyFP1Ki09i&callbackUrl=https%3a%2f%2fwww.7sur7.be%2fprivacy-gate%2faccept%3fredirectUri%3d%252f R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7 tiMUI.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1 O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Acer Empowering Technology.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://fwdservice.com O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - https://www.eset.com/ O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32 vsvc32.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap pcapd.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

Tintino · Answer

C'est grave, Doc ?    :-o

sKe69 · Answer

De retour ^^

bien ...

Télécharges : - CCleaner 
https://www.pcastuces.com/logitheque/ccleaner.htm 
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corrigé ton registre .Lors de l'installation, avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 première.
Une fois le prg instalé et lancé, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures"( Par la suite, laisse-le avec ses réglages par défaut. C'est tout ). 

Un tuto ( aide ): 
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm 

Utilisation:
vas dans "nettoyeur" : fait analyse puis nettoyage 
et vas dans "registre" : fait chercher les erreurs et réparer ( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) . 

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )

Après cela , dis moi où en sont tes soucis de "  . .. N'est pas une application Win32 valide" ? Puis ensuite, on poursuivra ...

Tintino · Answer

Aaaah te revoila donc !  Tu es donc plutôt un nocturne toi aussi :)

Et bien voilà, j'ai fait tourner CCleaner (c'est un programme que j'utilisais déjà auparavant)  et nettoyé ce qui pouvait être nettoyé 
Il y avait plusieurs entrées dans le registre qui ont été corrigées

LE message "pas une application Win 32 valide" apparaissait quand j'avais voulu installer divers antivirus afin d'irradier le virus que je devinais bien présent sur mon PC

Mais comme aucun antivirus n'a pu être installé avec succés , veux tu que j'essaie d'en réinstaller un maintenant ? (AVG ou autre)


NB : Lors de mes essais hier, l'installation de Kapersky foirait et me disait qu'il y avait déjà AVG8 .   Or, le programme AVG je n'etais pas arrivé au bout de l'installation (message d'erreur du type "failed to start service" ou qqch dans le style, je ne me souviens plus par coeur)

sKe69 · Answer

comme AntiVirus je te conseille celui-ci :

Télécharges AntiVir ici :
https://www.pcastuces.com/logitheque/antivir.htm
ou
https://www.avira.com/

Anti-virus gratuit ( en anglais ) 
Installes le et mets le à jour (fais ce-ci très régulièrement ) .

Aide AntiVir : https://www.malekal.com/avira-free-security-antivirus-gratuit/

Si jamais tu as un problème avec la mise à jour , regardes ici :
http://www.commentcamarche.net/faq/sujet 8622 mise a jour d antivir impossible  


petit réglage :

***************************************
Une fois AntiVir ouvert click sur configuration et coches la case "expert mode" . 
*Puis click sur configuration en haut a droite; dans la nouvelle fenetre à gauche ->scanner -> coches "scan all files" et en dessous ->scanner priority = High 
*coches : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir. 
*puis sur la droite, coches les cases suivantes : 
scan boot sectors of selected drives 
scan master boot sectors 
scan memory 
search for rootkit before scan 
et décoches : 
ignore off line files 
*toujours a gauche -> scan -> deploie -> heuristique -> macrovirus heuristic = coché et en dessous -> win32 heuristic la case cochée et high detection level aussi ...

---> cliques sur "OK" pour valider le réglage ...
****************************************

---> redémarres en mode sans échec
Comment aller en Mode sans échec 
1) Redémarre ton ordi 
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" 
3) Tu verras un écran avec options de démarrage apparaître 
4) Choisis la première option : Sans Échec, et valide avec "Entrée" 
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )

fais un scan complet de ton PC : mets tous ce qu'il peut trouver en quarantaine et poste moi le rapport obtenu ... (aides toi du tuto )

Tintino · Answer

Impeccable !
Je vais télécharger et installer ce programme et t'envoyer le log obtenu dès que tout ca est fini

En attendant, je constate que le pad intégré à mon clavier (celui qui me permet de faire défiler les pages sans passer par l'ascenseur présent sur les pages) ne fonctionne toujours pas depuis que j'ai eu ce virus :(
Tu as une idée ?  :-/

sKe69 · Answer

En attendant, je constate que le pad intégré à mon clavier (celui qui me permet de faire défiler les pages sans passer par l'ascenseur présent sur les pages) ne fonctionne toujours pas depuis que j'ai eu ce virus :( 
Tu as une idée ? :-/
---> pas pour l'instant ...

Tintino · Answer

Bonsoir 

Me voilà de retour et je constate que les derniers messages de Ske69 ont été supprimes ?
que s'est il passé ?
Normalement, il y avait déjà une 2ème page ou Ske69 me conseillait de mettre Antivir 

heuuuuu, c'est moi qui ai un problème ?

Tintino · Answer

Oups, c'etait l'affichage incorrect,  le reresh de la page a tout fait rentrer dans l'ordre
Alors, Ske69, voici les rapports en question 

(Désolé pour le retard mais je n'ai pas eu le temps de venir poster le log hier soi)
J'ai fait le scan du PC en 2 fois car il a pris beaucoup de temps . Je te joins donc les 2 logs



Avira AntiVir Personal
Report file date: lundi 30 juin 2008  23:48

Scanning for 1369578 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Boot mode:        Save mode
Username:         Tintino
Computer name:    TINTINOBILE

Version information:
BUILD.DAT     : 8.1.00.295      16479 Bytes  09/04/2008 16:24:00
AVSCAN.EXE    : 8.1.2.12       311553 Bytes  18/03/2008 09:02:58
AVSCAN.DLL    : 8.1.1.0         53505 Bytes  07/02/2008 08:43:38
LUKE.DLL      : 8.1.2.9        151809 Bytes  28/02/2008 08:41:24
LUKERES.DLL   : 8.1.2.1         12033 Bytes  21/02/2008 08:28:42
ANTIVIR0.VDF  : 6.40.0.0     11030528 Bytes  18/07/2007 10:33:34
ANTIVIR1.VDF  : 7.0.5.1       8182784 Bytes  24/06/2008 21:36:52
ANTIVIR2.VDF  : 7.0.5.20       142336 Bytes  30/06/2008 21:36:54
ANTIVIR3.VDF  : 7.0.5.25        18432 Bytes  30/06/2008 21:36:54
Engineversion : 8.1.0.59  
AEVDF.DLL     : 8.1.0.5        102772 Bytes  25/02/2008 09:58:22
AESCRIPT.DLL  : 8.1.0.44       278907 Bytes  30/06/2008 21:37:10
AESCN.DLL     : 8.1.0.22       119157 Bytes  30/06/2008 21:37:08
AERDL.DLL     : 8.1.0.20       418165 Bytes  30/06/2008 21:37:06
AEPACK.DLL    : 8.1.1.6        364918 Bytes  30/06/2008 21:37:04
AEOFFICE.DLL  : 8.1.0.20       192891 Bytes  30/06/2008 21:37:02
AEHEUR.DLL    : 8.1.0.32      1274231 Bytes  30/06/2008 21:37:02
AEHELP.DLL    : 8.1.0.15       115063 Bytes  30/06/2008 21:36:58
AEGEN.DLL     : 8.1.0.29       307573 Bytes  30/06/2008 21:36:58
AEEMU.DLL     : 8.1.0.6        430451 Bytes  30/06/2008 21:36:56
AECORE.DLL    : 8.1.0.31       168310 Bytes  30/06/2008 21:36:56
AVWINLL.DLL   : 1.0.0.7         14593 Bytes  23/01/2008 17:07:54
AVPREF.DLL    : 8.0.0.1         25857 Bytes  18/02/2008 10:37:52
AVREP.DLL     : 7.0.0.1        155688 Bytes  16/04/2007 13:26:48
AVREG.DLL     : 8.0.0.0         30977 Bytes  23/01/2008 17:07:50
AVARKT.DLL    : 1.0.0.23       307457 Bytes  12/02/2008 08:29:24
AVEVTLOG.DLL  : 8.0.0.11       114945 Bytes  28/02/2008 08:31:32
SQLITE3.DLL   : 3.3.17.1       339968 Bytes  22/01/2008 17:28:04
SMTPLIB.DLL   : 1.2.0.19        28929 Bytes  23/01/2008 17:08:40
NETNT.DLL     : 8.0.0.1          7937 Bytes  25/01/2008 12:05:12
RCIMAGE.DLL   : 8.0.0.35      2371841 Bytes  10/03/2008 14:37:26
RCTEXT.DLL    : 8.0.32.0        86273 Bytes  06/03/2008 12:02:12

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, 
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: lundi 30 juin 2008  23:48

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
      [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
      [INFO]      No virus was found!
Boot sector 'D:\'
      [INFO]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '47' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
      [WARNING]   The file could not be opened!
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP174\A0039982.exe
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE]      The file was moved to '48996256.qua'!
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP174\A0039985.exe
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '4899625d.qua'!
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP175\A0041641.exe
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [NOTE]      The file was moved to '489962a1.qua'!
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP175\A0041643.EXE
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [NOTE]      The file was moved to '489962a6.qua'!
C:\QooBox\Quarantine\catchme2008-06-29_180359,07.zip
  [0] Archive type: ZIP
  --> hldrrr.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.TA
  --> mdelk.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.TA
      [NOTE]      The file was moved to '48dd62fc.qua'!
C:\QooBox\Quarantine\catchme2008-06-29_214558,26.zip
  [0] Archive type: ZIP
  --> hldrrr.exe
      [DETECTION] Is the Trojan horse TR/Trash.Gen
  --> mdelk.exe
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [NOTE]      The file was moved to '48dd6301.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\146171.exe.vir
      [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
      [NOTE]      The file was moved to '489f62db.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\3794218.exe.vir
      [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
      [NOTE]      The file was moved to '48a262e1.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\data.oct.vir
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48dd6310.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\NOD32.v.2.51.20.+.Crack.NOD.Fix.v.2.zip.vir
  [0] Archive type: ZIP
  --> NOD32.v.2.51.20.+.Crack.NOD.Fix.v.2.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48ad6304.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dynaxa Anti-Spam 4.2.0.zip.vir
  [0] Archive type: ZIP
  --> Dynaxa Anti-Spam 4.2.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d76332.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\AT Electronics 4.1.14.zip.vir
  [0] Archive type: ZIP
  --> AT Electronics 4.1.14.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48896311.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\The Sims 2 Albino skin.zip.vir
  [0] Archive type: ZIP
  --> The Sims 2 Albino skin.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48ce6328.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\AdTextBox - OCX 1.0.zip.vir
  [0] Archive type: ZIP
  --> AdTextBox - OCX 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48bd6329.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\EventReporter 6.1.zip.vir
  [0] Archive type: ZIP
  --> EventReporter 6.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48ce633e.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared
od32.2.7.zip.vir
  [0] Archive type: ZIP
  --> nod32.2.7.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48cd633c.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\YASA 3GP Video Converter 3.7.55.1682 Cracked.zip.vir
  [0] Archive type: ZIP
  --> YASA 3GP Video Converter 3.7.55.1682 Cracked.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48bc6315.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\EngCalc (Pneumatic Engineering) 1.2.zip.vir
  [0] Archive type: ZIP
  --> EngCalc (Pneumatic Engineering) 1.2.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d06347.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\EZOutlookSync Pro 1.6 (Key).zip.vir
  [0] Archive type: ZIP
  --> EZOutlookSync Pro 1.6 (Key).exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48b86338.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Deadlock Avoidance Simulation 1.00.zip.vir
  [0] Archive type: ZIP
  --> Deadlock Avoidance Simulation 1.00.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48ca6348.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Microsoft Image Resizer 1.0.zip.vir
  [0] Archive type: ZIP
  --> Microsoft Image Resizer 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48cc6352.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Java Script Mutator 2.5 RC3 (KeyGen).zip.vir
  [0] Archive type: ZIP
  --> Java Script Mutator 2.5 RC3 (KeyGen).exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48df634e.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\WiPeer 0.572.zip.vir
  [0] Archive type: ZIP
  --> WiPeer 0.572.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48b9635b.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Free Option Calculator 1.42.zip.vir
  [0] Archive type: ZIP
  --> Free Option Calculator 1.42.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48ce6369.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\StopPop 2.0.7.zip.vir
  [0] Archive type: ZIP
  --> StopPop 2.0.7.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d8636f.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Date Calculator 2.68.zip.vir
  [0] Archive type: ZIP
  --> Date Calculator 2.68.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48dd6360.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\ShortcutsMan 1.01.zip.vir
  [0] Archive type: ZIP
  --> ShortcutsMan 1.01.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d8636b.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Accio Italian-English Dictionary (Win) 1.0.3.zip.vir
  [0] Archive type: ZIP
  --> Accio Italian-English Dictionary (Win) 1.0.3.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48cc636a.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Commodity Prices 1.1.zip.vir
  [0] Archive type: ZIP
  --> Commodity Prices 1.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d6637b.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Call Accounting Mate 2.6.1.98b.zip.vir
  [0] Archive type: ZIP
  --> Call Accounting Mate 2.6.1.98b.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d56375.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\TubeHD 1.1.0.0 (With Crack).zip.vir
  [0] Archive type: ZIP
  --> TubeHD 1.1.0.0 (With Crack).exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48cb638c.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\PortMarshaller 1.2.49.zip.vir
  [0] Archive type: ZIP
  --> PortMarshaller 1.2.49.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48db6389.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dupy Scan 1.0.0.zip.vir
  [0] Archive type: ZIP
  --> Dupy Scan 1.0.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d96391.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Game of Lives 1.3.zip.vir
  [0] Archive type: ZIP
  --> Game of Lives 1.3.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d6637f.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Web Control for Parents 4.0.zip.vir
  [0] Archive type: ZIP
  --> Web Control for Parents 4.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48cb6387.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\NRITB Indian Radio Toolbar 0507.zip.vir
  [0] Archive type: ZIP
  --> NRITB Indian Radio Toolbar 0507.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48b26376.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\PChord 1.zip.vir
  [0] Archive type: ZIP
  --> PChord 1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d16369.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Altdo Mp3 Record&Edit Audio Master 2.0 [Key+Serial].zip.vir
  [0] Archive type: ZIP
  --> Altdo Mp3 Record&Edit Audio Master 2.0 [Key+Serial].exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48dd6394.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\My Collections 1.0 Beta [With Crack].zip.vir
  [0] Archive type: ZIP
  --> My Collections 1.0 Beta [With Crack].exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '488963a5.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Scrabble Complete 1.0.zip.vir
  [0] Archive type: ZIP
  --> Scrabble Complete 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48db6391.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Microsoft Office XP Update SP-2.zip.vir
  [0] Archive type: ZIP
  --> Microsoft Office XP Update SP-2.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48cc6399.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DreamCalc Professional 3.5.1.zip.vir
  [0] Archive type: ZIP
  --> DreamCalc Professional 3.5.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48ce63a6.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Shellbook 1.1.3.zip.vir
  [0] Archive type: ZIP
  --> Shellbook 1.1.3.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48ce639e.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Mobile CricketCast for Windows Smartphone 2005 1.zip.vir
  [0] Archive type: ZIP
  --> Mobile CricketCast for Windows Smartphone 2005 1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48cb63a6.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Unreal Tournament 2003 - Angelina Jolie skin.zip.vir
  [0] Archive type: ZIP
  --> Unreal Tournament 2003 - Angelina Jolie skin.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48db63aa.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Stylist Style Generator 3.0.0.4.zip.vir
  [0] Archive type: ZIP
  --> Stylist Style Generator 3.0.0.4.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48e263b4.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\LinkStash 1.7.2.zip.vir
  [0] Archive type: ZIP
  --> LinkStash 1.7.2.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d763aa.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DS Snow 1.0.zip.vir
  [0] Archive type: ZIP
  --> DS Snow 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48896397.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\AutoKeys Automatic Typing Macros 2.1 (Key+Serial).zip.vir
  [0] Archive type: ZIP
  --> AutoKeys Automatic Typing Macros 2.1 (Key+Serial).exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48dd63bd.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Table Animator 1.1.zip.vir
  [0] Archive type: ZIP
  --> Table Animator 1.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48cb63ab.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Convert My Records 1.02.zip.vir
  [0] Archive type: ZIP
  --> Convert My Records 1.02.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d763bb.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Online Privacy Pro 3.zip.vir
  [0] Archive type: ZIP
  --> Online Privacy Pro 3.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d563bb.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\KernelDriver 6.1.zip.vir
  [0] Archive type: ZIP
  --> KernelDriver 6.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48db63b4.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Kristanna Loken sex-IE- Screensaver - BabeSavers 1.zip.vir
  [0] Archive type: ZIP
  --> Kristanna Loken sex-IE- Screensaver - BabeSavers 1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d263c3.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Atomic AIM Password Recovery 1.10 (KeyGen).zip.vir
  [0] Archive type: ZIP
  --> Atomic AIM Password Recovery 1.10 (KeyGen).exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d863c9.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\StrataSearch 3.01a.zip.vir
  [0] Archive type: ZIP
  --> StrataSearch 3.01a.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48db63cb.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Legends of Might and Magic demo patch.zip.vir
  [0] Archive type: ZIP
  --> Legends of Might and Magic demo patch.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d063bf.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DC Form Flipper 1.zip.vir
  [0] Archive type: ZIP
  --> DC Form Flipper 1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '4889639e.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Group Mail Manager Professional 2.2.33.zip.vir
  [0] Archive type: ZIP
  --> Group Mail Manager Professional 2.2.33.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d863cf.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Avex DVD Ripper Platinum 4 build 05.zip.vir
  [0] Archive type: ZIP
  --> Avex DVD Ripper Platinum 4 build 05.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48ce63d5.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Absolute Blue 1.5.2.zip.vir
  [0] Archive type: ZIP
  --> Absolute Blue 1.5.2.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48dc63c3.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Sun Certified Programmer for JAVA 2 Platform [310-025] 6.10.05.zip.vir
  [0] Archive type: ZIP
  --> Sun Certified Programmer for JAVA 2 Platform [310-025] 6.10.05.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d763db.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Windows XP RDP Protocol Security Vulnerability Patch MS02-051.zip.vir
  [0] Archive type: ZIP
  --> Windows XP RDP Protocol Security Vulnerability Patch MS02-051.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d763d1.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Sort it Later 0.2.zip.vir
  [0] Archive type: ZIP
  --> Sort it Later 0.2.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48db63d9.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Maintaining Weight Loss 1.0.zip.vir
  [0] Archive type: ZIP
  --> Maintaining Weight Loss 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d263cd.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Advanced Data Export 3.4.7.0.zip.vir
  [0] Archive type: ZIP
  --> Advanced Data Export 3.4.7.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48df63d3.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\AW WordNet English Dictionary 2.1.zip.vir
  [0] Archive type: ZIP
  --> AW WordNet English Dictionary 2.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '488963c9.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Tornado Flash Player 1.7 Crack.zip.vir
  [0] Archive type: ZIP
  --> Tornado Flash Player 1.7 Crack.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48db63e4.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\AReporter 1.06.zip.vir
  [0] Archive type: ZIP
  --> AReporter 1.06.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48ce63ca.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\StaffTracker 1.1.35.zip.vir
  [0] Archive type: ZIP
  --> StaffTracker 1.1.35.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48ca63f1.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\SpeedFiler 1.1.2 (Patch).zip.vir
  [0] Archive type: ZIP
  --> SpeedFiler 1.1.2 (Patch).exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48ce63ef.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\eRez Imaging Server 4.1.1 (Key).zip.vir
  [0] Archive type: ZIP
  --> eRez Imaging Server 4.1.1 (Key).exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '496dc96e.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Aquatica 3D 2.0 Crack.zip.vir
  [0] Archive type: ZIP
  --> Aquatica 3D 2.0 Crack.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48de63f8.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\The Software Safe 2.0.zip.vir
  [0] Archive type: ZIP
  --> The Software Safe 2.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48ce63f0.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\3D Grapher 1.21 Crack.zip.vir
  [0] Archive type: ZIP
  --> 3D Grapher 1.21 Crack.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '488963cf.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Unreal Tournament 2003 - Hurt Conveyor skin.zip.vir
  [0] Archive type: ZIP
  --> Unreal Tournament 2003 - Hurt Conveyor skin.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48db63fd.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Xlpd 2.1 Build 0304.zip.vir
  [0] Archive type: ZIP
  --> Xlpd 2.1 Build 0304.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d963ff.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Circle-U 1.zip.vir
  [0] Archive type: ZIP
  --> Circle-U 1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48db63ff.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\honestech VHS to DVD 3.0.zip.vir
  [0] Archive type: ZIP
  --> honestech VHS to DVD 3.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d76407.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Showcalc 5.1.zip.vir
  [0] Archive type: ZIP
  --> Showcalc 5.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d86403.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\SQLClean 2.3.76 (Serial).zip.vir
  [0] Archive type: ZIP
  --> SQLClean 2.3.76 (Serial).exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48b563f0.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\BeaTunes 1.2.1.zip.vir
  [0] Archive type: ZIP
  --> BeaTunes 1.2.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48ca6405.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Daisy Reversi 3.1.zip.vir
  [0] Archive type: ZIP
  --> Daisy Reversi 3.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d26405.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\IBM WebSphere IIS DataStage Enterprise Edition Practice Test Questions 1.0.zip.vir
  [0] Archive type: ZIP
  --> IBM WebSphere IIS DataStage Enterprise Edition Practice Test Questions 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48b663e9.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\E20-540 Practice Exam Testing Engine Software 1.0.zip.vir
  [0] Archive type: ZIP
  --> E20-540 Practice Exam Testing Engine Software 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '489963db.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Holidays Manager 1.0 Patch.zip.vir
  [0] Archive type: ZIP
  --> Holidays Manager 1.0 Patch.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d56419.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Symantec.Norton.Antivirus.2007.Full.version.+.Keygen.updated-fixed.Release.01-2007.zip.vir
  [0] Archive type: ZIP
  --> Symantec.Norton.Antivirus.2007.Full.version.+.Keygen.updated-fixed.Release.01-2007.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d66425.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Mobile Jigsaw (Treo 700w) 1.01.zip.vir
  [0] Archive type: ZIP
  --> Mobile Jigsaw (Treo 700w) 1.01.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48cb641e.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\CenturionPlayer 2.5.5 [Serial].zip.vir
  [0] Archive type: ZIP
  --> CenturionPlayer 2.5.5 [Serial].exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d76416.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Click'n View 4.2.0.8 Serial.zip.vir
  [0] Archive type: ZIP
  --> Click'n View 4.2.0.8 Serial.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d2641f.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\File Access Scheduler 4.56.zip.vir
  [0] Archive type: ZIP
  --> File Access Scheduler 4.56.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d5641d.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Unreal Tournament 2003 - First deathmatch map.zip.vir
  [0] Archive type: ZIP
  --> Unreal Tournament 2003 - First deathmatch map.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48db6424.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Launcher 1.5.7.zip.vir
  [0] Archive type: ZIP
  --> Launcher 1.5.7.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48de641b.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\GSGlossary 1.0.zip.vir
  [0] Archive type: ZIP
  --> GSGlossary 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48b06411.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Super MP3 Converter 4.2.11.zip.vir
  [0] Archive type: ZIP
  --> Super MP3 Converter 4.2.11.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d96434.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Halo Combat Evolved Super Stunt Track map.zip.vir
  [0] Archive type: ZIP
  --> Halo Combat Evolved Super Stunt Track map.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d56422.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\BlatBatch - Buisness Edition 0.9.2.zip.vir
  [0] Archive type: ZIP
  --> BlatBatch - Buisness Edition 0.9.2.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48ca6430.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Code Amber Amber Alert Desktop Ticker 1.1 (Patch).zip.vir
  [0] Archive type: ZIP
  --> Code Amber Amber Alert Desktop Ticker 1.1 (Patch).exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48cd6436.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Wild Horses 3D 1.zip.vir
  [0] Archive type: ZIP
  --> Wild Horses 3D 1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d56432.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\LandscapeHelper 1.0 [Cracked].zip.vir
  [0] Archive type: ZIP
  --> LandscapeHelper 1.0 [Cracked].exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d76430.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\LingvoSoft Talking Picture Dictionary 2007 Russian - Czech 1.1.18 [With Crack].zip.vir
  [0] Archive type: ZIP
  --> LingvoSoft Talking Picture Dictionary 2007 Russian - Czech 1.1.18 [With Crack].exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d7643a.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Multiple Text Files to MS Word Document Convert Software 7.0 [Serial].zip.vir
  [0] Archive type: ZIP
  --> Multiple Text Files to MS Word Document Convert Software 7.0 [Serial].exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d5644a.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Earthquake 3D 2.42.zip.vir
  [0] Archive type: ZIP
  --> Earthquake 3D 2.42.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48db6439.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Visual Mortgage Loan Calculator 1.31.zip.vir
  [0] Archive type: ZIP
  --> Visual Mortgage Loan Calculator 1.31.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48dc6442.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Active GIF Creator 3.0.zip.vir
  [0] Archive type: ZIP
  --> Active GIF Creator 3.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48dd643d.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\TrlD File Identifier for .NET 1.8.zip.vir
  [0] Archive type: ZIP
  --> TrlD File Identifier for .NET 1.8.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d5644d.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\The Library of Cooking 1.0.zip.vir
  [0] Archive type: ZIP
  --> The Library of Cooking 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48ce6448.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\FotoFinish 3.01.zip.vir
  [0] Archive type: ZIP
  --> FotoFinish 3.01.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48dd6451.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\PCMaid 1.0.1626.zip.vir
  [0] Archive type: ZIP
  --> PCMaid 1.0.1626.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48b66428.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Mailing List Deluxe 6.21.zip.vir
  [0] Archive type: ZIP
  --> Mailing List Deluxe 6.21.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d26448.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Brief text editor 4.00 [Key].zip.vir
  [0] Archive type: ZIP
  --> Brief text editor 4.00 [Key].exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d2645a.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Fox DVD Ripper 8.0.1.1 [Serial].zip.vir
  [0] Archive type: ZIP
  --> Fox DVD Ripper 8.0.1.1 [Serial].exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48e1645c.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\4D AudioPlayer SGLX 1.5.zip.vir
  [0] Archive type: ZIP
  --> 4D AudioPlayer SGLX 1.5.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48896434.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Pretty Printer for Visual Basic 6.0.134.zip.vir
  [0] Archive type: ZIP
  --> Pretty Printer for Visual Basic 6.0.134.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48ce6465.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared
aisQuest 1.0.2 build 4966.zip.vir
  [0] Archive type: ZIP
  --> naisQuest 1.0.2 build 4966.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d26458.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\FINDMIDI 1.0.zip.vir
  [0] Archive type: ZIP
  --> FINDMIDI 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48b76442.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\SMS Forwarder 1.2.zip.vir
  [0] Archive type: ZIP
  --> SMS Forwarder 1.2.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48bc6447.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DotMouse 1.2.zip.vir
  [0] Archive type: ZIP
  --> DotMouse 1.2.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48dd646b.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\FlexiGallery 1.0.zip.vir
  [0] Archive type: ZIP
  --> FlexiGallery 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48ce646b.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\EBook Maestro PRO 1.80 KeyGen.zip.vir
  [0] Archive type: ZIP
  --> EBook Maestro PRO 1.80 KeyGen.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d86443.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\AssociativeLogview 2.1.zip.vir
  [0] Archive type: ZIP
  --> AssociativeLogview 2.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48dc6476.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Acez MP3 WAV Converter 3.0.6.zip.vir
  [0] Archive type: ZIP
  --> Acez MP3 WAV Converter 3.0.6.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48ce6468.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Paquete.Avg.7.5.--.Antivirus.Y.Antispyware.NÃºmero.De.Licencia.--.(By.Fasu).zip.vir
  [0] Archive type: ZIP
  --> Paquete.Avg.7.5.--.Antivirus.Y.Antispyware.N&#65475;&#65466;mero.De.Licencia.--.(By.Fasu).exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48da6468.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\1-ACT Personal Firewall 2006 1.0.zip.vir
  [0] Archive type: ZIP
  --> 1-ACT Personal Firewall 2006 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48aa6438.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\WebSlower 2.0.2.zip.vir
  [0] Archive type: ZIP
  --> WebSlower 2.0.2.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48cb6473.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\dToolz 1.02.zip.vir
  [0] Archive type: ZIP
  --> dToolz 1.02.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d86465.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Software Update Service StandAlone 1.004 Key+Serial.zip.vir
  [0] Archive type: ZIP
  --> Software Update Service StandAlone 1.004 Key+Serial.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48cf6483.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\QuickWrite Professional (Spanish) 2.3.zip.vir
  [0] Archive type: ZIP
  --> QuickWrite Professional (Spanish) 2.3.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d2648c.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Bricksoft MSN Messenger VCL Component 1.10 [Serial].zip.vir
  [0] Archive type: ZIP
  --> Bricksoft MSN Messenger VCL Component 1.10 [Serial].exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d2648b.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Video to FLV and SWF Converter 2.0.zip.vir
  [0] Archive type: ZIP
  --> Video to FLV and SWF Converter 2.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48cd6484.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\iAppoint 0.5.1.zip.vir
  [0] Archive type: ZIP
  --> iAppoint 0.5.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d96463.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Unreal Tournament 2003 - Sophia skin.zip.vir
  [0] Archive type: ZIP
  --> Unreal Tournament 2003 - Sophia skin.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48db6492.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Absolute DVD Copy 1.3.5.zip.vir
  [0] Archive type: ZIP
  --> Absolute DVD Copy 1.3.5.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48dc6489.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Datacatch Librarian Standard 1.0.1.9.zip.vir
  [0] Archive type: ZIP
  --> Datacatch Librarian Standard 1.0.1.9.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48dd648c.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Multi-Task Schedulers 7.8 (Patch).zip.vir
  [0] Archive type: ZIP
  --> Multi-Task Schedulers 7.8 (Patch).exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d564a2.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\McAfee VirusScan Enterprise 8.0i.zip.vir
  [0] Archive type: ZIP
  --> McAfee VirusScan Enterprise 8.0i.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48aa6495.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Mallik's MoneyWise 2.0.zip.vir
  [0] Archive type: ZIP
  --> Mallik's MoneyWise 2.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d56497.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Peer Impact 3.0.0.167.zip.vir
  [0] Archive type: ZIP
  --> Peer Impact 3.0.0.167.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48ce649d.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digiters Video to PSP Converter 3.6.zip.vir
  [0] Archive type: ZIP
  --> Digiters Video to PSP Converter 3.6.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d064a3.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigitByte WMV To Wav Converter 1.0.zip.vir
  [0] Archive type: ZIP
  --> DigitByte WMV To Wav Converter 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d064a6.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigitClock 1.02.zip.vir
  [0] Archive type: ZIP
  --> DigitClock 1.02.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d064a8.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digiters DVD Cloner 3.6.6.zip.vir
  [0] Archive type: ZIP
  --> Digiters DVD Cloner 3.6.6.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d064ac.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digiters DVD to PSP Converter 3.6.zip.vir
  [0] Archive type: ZIP
  --> Digiters DVD to PSP Converter 3.6.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d064ae.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigiWaiter Server 1.31.zip.vir
  [0] Archive type: ZIP
  --> DigiWaiter Server 1.31.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d064b0.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digiters DVD to iPhone ConverterDigiters DVD to iPhone Converter 3.6.zip.vir
  [0] Archive type: ZIP
  --> Digiters DVD to iPhone ConverterDigiters DVD to iPhone Converter 3.6.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d064b3.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digiters DVD to iPod Converter + Video 3.6.6.zip.vir
  [0] Archive type: ZIP
  --> Digiters DVD to iPod Converter + Video 3.6.6.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d064b5.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digiters DVD to iPod Converter 3.6.6.zip.vir
  [0] Archive type: ZIP
  --> Digiters DVD to iPod Converter 3.6.6.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d064b7.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digiters DVD to PSP Converter + Video to PSP Converter Suite 3.6.zip.vir
  [0] Archive type: ZIP
  --> Digiters DVD to PSP Converter + Video to PSP Converter Suite 3.6.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d064bd.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digiters Sound Recorder 3.6.6.zip.vir
  [0] Archive type: ZIP
  --> Digiters Sound Recorder 3.6.6.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d064be.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digiters DVD to Zune Converter 3.6.6.zip.vir
  [0] Archive type: ZIP
  --> Digiters DVD to Zune Converter 3.6.6.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d064c0.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigitizeIt 1.5.8.zip.vir
  [0] Archive type: ZIP
  --> DigitizeIt 1.5.8.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d064c4.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DINT 0.82.zip.vir
  [0] Archive type: ZIP
  --> DINT 0.82.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48b764a8.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digiters Video to iPhone Converter 3.6.zip.vir
  [0] Archive type: ZIP
  --> Digiters Video to iPhone Converter 3.6.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d064ca.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digiters Video to iPod Converter 3.6.zip.vir
  [0] Archive type: ZIP
  --> Digiters Video to iPod Converter 3.6.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d064cd.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digiters Video to Zune Converter 3.6.6.zip.vir
  [0] Archive type: ZIP
  --> Digiters Video to Zune Converter 3.6.6.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d064d2.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digitizer 1.1.zip.vir
  [0] Archive type: ZIP
  --> Digitizer 1.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d064d4.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigiTv Full 1.0.6.zip.vir
  [0] Archive type: ZIP
  --> DigiTv Full 1.0.6.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d064d6.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digitope Picture Converter 1.0.16.zip.vir
  [0] Archive type: ZIP
  --> Digitope Picture Converter 1.0.16.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d064d7.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigitWiz 1.0.zip.vir
  [0] Archive type: ZIP
  --> DigitWiz 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d064da.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digiview 1.0.zip.vir
  [0] Archive type: ZIP
  --> Digiview 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d064dc.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digitzone PDF Text Converter 1.3.0.6.zip.vir
  [0] Archive type: ZIP
  --> Digitzone PDF Text Converter 1.3.0.6.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d064de.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digitzone PDF to PNG Converter.zip.vir
  [0] Archive type: ZIP
  --> Digitzone PDF to PNG Converter.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d064e2.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DimichSoft Advanced File Tracer 1.5.zip.vir
  [0] Archive type: ZIP
  --> DimichSoft Advanced File Tracer 1.5.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d664e5.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigiWaiter DesktopClient 1.0.100.zip.vir
  [0] Archive type: ZIP
  --> DigiWaiter DesktopClient 1.0.100.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d064e7.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigiWatch 1.0.zip.vir
  [0] Archive type: ZIP
  --> DigiWatch 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d064ea.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigiWeather 1.2.zip.vir
  [0] Archive type: ZIP
  --> DigiWeather 1.2.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d064ec.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\digiXMAS Article Submiter 1.0.1.zip.vir
  [0] Archive type: ZIP
  --> digiXMAS Article Submiter 1.0.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d064ef.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\digiXMAS Submitter 3.2.0.zip.vir
  [0] Archive type: ZIP
  --> digiXMAS Submitter 3.2.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d064f1.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\digsby Build 13706 Beta.zip.vir
  [0] Archive type: ZIP
  --> digsby Build 13706 Beta.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d064f5.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Diino 4.1.1.zip.vir
  [0] Archive type: ZIP
  --> Diino 4.1.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d264f8.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Diji Album Editor 7.0.zip.vir
  [0] Archive type: ZIP
  --> Diji Album Editor 7.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d364fb.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Diji Album Viewer 7.0.zip.vir
  [0] Archive type: ZIP
  --> Diji Album Viewer 7.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d364ff.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dijkstra Algorithm 1.0.zip.vir
  [0] Archive type: ZIP
  --> Dijkstra Algorithm 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d36501.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DIKO Free 2.35.zip.vir
  [0] Archive type: ZIP
  --> DIKO Free 2.35.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48b464e4.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Diko Matrix Creator 1.2.0.0.zip.vir
  [0] Archive type: ZIP
  --> Diko Matrix Creator 1.2.0.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d46506.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Diktuon 2.0.1.zip.vir
  [0] Archive type: ZIP
  --> Diktuon 2.0.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d46508.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DILauncher 1.1.zip.vir
  [0] Archive type: ZIP
  --> DILauncher 1.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48b564ea.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dilbert 1.01.zip.vir
  [0] Archive type: ZIP
  --> Dilbert 1.01.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d5650c.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dilbert Daily 1.0.0.zip.vir
  [0] Archive type: ZIP
  --> Dilbert Daily 1.0.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d56511.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DILEMMA 1.0.zip.vir
  [0] Archive type: ZIP
  --> DILEMMA 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48b564f3.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dilution Wizard 1.0 Beta.zip.vir
  [0] Archive type: ZIP
  --> Dilution Wizard 1.0 Beta.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d56515.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DIManagerX 7.0.0.123 Final.zip.vir
  [0] Archive type: ZIP
  --> DIManagerX 7.0.0.123 Final.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48b664f7.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dimenes 1.5 RF.zip.vir
  [0] Archive type: ZIP
  --> Dime

Tintino · Answer

Et voici le 2ème log Avira AntiVir Personal Report file date: mardi 1 juillet 2008 22:09 Scanning for 1369578 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Save mode Username: Tintino Computer name: TINTINOBILE Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:58 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:38 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:24 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:42 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 21:36:52 ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 21:36:54 ANTIVIR3.VDF : 7.0.5.25 18432 Bytes 30/06/2008 21:36:54 Engineversion : 8.1.0.59 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:22 AESCRIPT.DLL : 8.1.0.44 278907 Bytes 30/06/2008 21:37:10 AESCN.DLL : 8.1.0.22 119157 Bytes 30/06/2008 21:37:08 AERDL.DLL : 8.1.0.20 418165 Bytes 30/06/2008 21:37:06 AEPACK.DLL : 8.1.1.6 364918 Bytes 30/06/2008 21:37:04 AEOFFICE.DLL : 8.1.0.20 192891 Bytes 30/06/2008 21:37:02 AEHEUR.DLL : 8.1.0.32 1274231 Bytes 30/06/2008 21:37:02 AEHELP.DLL : 8.1.0.15 115063 Bytes 30/06/2008 21:36:58 AEGEN.DLL : 8.1.0.29 307573 Bytes 30/06/2008 21:36:58 AEEMU.DLL : 8.1.0.6 430451 Bytes 30/06/2008 21:36:56 AECORE.DLL : 8.1.0.31 168310 Bytes 30/06/2008 21:36:56 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:54 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:52 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:48 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:50 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:32 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:26 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:12 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: high Start of the scan: mardi 1 juillet 2008 22:09 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'Explorer.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '47' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Diogenes 3.0.zip.vir [0] Archive type: ZIP --> Diogenes 3.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48d9a882.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DionOnlineBackup 2.3.3..zip.vir [0] Archive type: ZIP --> DionOnlineBackup 2.3.3..exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48d9a884.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\diPacker 1.4.zip.vir [0] Archive type: ZIP --> diPacker 1.4.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48baa886.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DiProtector 1.2.zip.vir [0] Archive type: ZIP --> DiProtector 1.2.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48baa888.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dipstick 3.1.zip.vir [0] Archive type: ZIP --> Dipstick 3.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48daa88b.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DipTrace 1.50.zip.vir [0] Archive type: ZIP --> DipTrace 1.50.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48daa88c.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DipTrace Free 1.50.zip.vir [0] Archive type: ZIP --> DipTrace Free 1.50.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48daa88f.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dir 2 File 1.2.2.zip.vir [0] Archive type: ZIP --> Dir 2 File 1.2.2.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48dca894.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dir Info 2.2.40.73.zip.vir [0] Archive type: ZIP --> Dir Info 2.2.40.73.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48dca896.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dir QuickView 1.61.zip.vir [0] Archive type: ZIP --> Dir QuickView 1.61.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48dca89a.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dir Utils 1.0.zip.vir [0] Archive type: ZIP --> Dir Utils 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48dca89d.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dir-To-List 1.51.zip.vir [0] Archive type: ZIP --> Dir-To-List 1.51.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48dca89f.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dir2Clpbrd 1.0.zip.vir [0] Archive type: ZIP --> Dir2Clpbrd 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48dca8a3.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\dir2html 1.0.6.zip.vir [0] Archive type: ZIP --> dir2html 1.0.6.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48dca8a8.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DIR2HTML 1.1.0.zip.vir [0] Archive type: ZIP --> DIR2HTML 1.1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48bca88b.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\dir2html 2.7.41.zip.vir [0] Archive type: ZIP --> dir2html 2.7.41.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48dca8ac.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dir2HTML 3.32.zip.vir [0] Archive type: ZIP --> Dir2HTML 3.32.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48dca8ae.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dir2XML 0.1.zip.vir [0] Archive type: ZIP --> Dir2XML 0.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48dca8b2.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\dIRC 2.2.0.1.zip.vir [0] Archive type: ZIP --> dIRC 2.2.0.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48bca896.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DirCase 1.0.0.1.zip.vir [0] Archive type: ZIP --> DirCase 1.0.0.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48dca8b8.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DirCmp 1.0 Build 4.4.zip.vir [0] Archive type: ZIP --> DirCmp 1.0 Build 4.4.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48dca8bc.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DirCollector 1.0.1.zip.vir [0] Archive type: ZIP --> DirCollector 1.0.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48dca8bd.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DirComp 2.0.zip.vir [0] Archive type: ZIP --> DirComp 2.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48dca8c1.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DirCompare 2.1.zip.vir [0] Archive type: ZIP --> DirCompare 2.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48dca8c2.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DirDate 4.1.2.zip.vir [0] Archive type: ZIP --> DirDate 4.1.2.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48dca8c6.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DirDup 1.0g.zip.vir [0] Archive type: ZIP --> DirDup 1.0g.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48dca8c9.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Direcscape 1.1.0.0.zip.vir [0] Archive type: ZIP --> Direcscape 1.1.0.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48dca8cb.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Direct Access 1.6.6.zip.vir [0] Archive type: ZIP --> Direct Access 1.6.6.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48dca8cc.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Direct Audio CD 3.0.zip.vir [0] Archive type: ZIP --> Direct Audio CD 3.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48dca8d0.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Direct Audio Converter and CD Ripper 2.0.7.zip.vir [0] Archive type: ZIP --> Direct Audio Converter and CD Ripper 2.0.7.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48dca8d3.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Direct Audio Recorder 3.0.zip.vir [0] Archive type: ZIP --> Direct Audio Recorder 3.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48dca8d6.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Direct Click 1.0.0.114.zip.vir [0] Archive type: ZIP --> Direct Click 1.0.0.114.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48dca8da.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Direct Connect Hub 2.2.zip.vir [0] Archive type: ZIP --> Direct Connect Hub 2.2.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48dca8dc.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Direct dial XP 4.0.zip.vir [0] Archive type: ZIP --> Direct dial XP 4.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48dca8e1.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Direct Draw 1.zip.vir [0] Archive type: ZIP --> Direct Draw 1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48dca8e4.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Direct e-mail 1.0.zip.vir [0] Archive type: ZIP --> Direct e-mail 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48dca8e5.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digitalizer for Photoshop 1.24.zip.vir [0] Archive type: ZIP --> Digitalizer for Photoshop 1.24.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48d1a8e8.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digitalk Easy Recorder 1.4.1.2363.zip.vir [0] Archive type: ZIP --> Digitalk Easy Recorder 1.4.1.2363.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48d1a8eb.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digitally Imported Radio 1.0.zip.vir [0] Archive type: ZIP --> Digitally Imported Radio 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48d1a8ef.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigitalMedia IPN Lightweight Label Printer 3.1.1.zip.vir [0] Archive type: ZIP --> DigitalMedia IPN Lightweight Label Printer 3.1.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48d1a8f2.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigitalVideo Converter 1.7.0.24.zip.vir [0] Archive type: ZIP --> DigitalVideo Converter 1.7.0.24.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48d1a8f4.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigitalWeb NetPatrol 2.0.zip.vir [0] Archive type: ZIP --> DigitalWeb NetPatrol 2.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48d1a8f8.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigitalX Local Keylogger 1.0.zip.vir [0] Archive type: ZIP --> DigitalX Local Keylogger 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48d1a8fb.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigitByte MPEG Joiner 2.0.0381.zip.vir [0] Archive type: ZIP --> DigitByte MPEG Joiner 2.0.0381.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48d1a8ff.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigitByte Video Converter 3.0.3.zip.vir [0] Archive type: ZIP --> DigitByte Video Converter 3.0.3.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48d1a901.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigitByte WMA to WAV Converter 1.0.zip.vir [0] Archive type: ZIP --> DigitByte WMA to WAV Converter 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1 [NOTE] The file was moved to '48d1a902.qua'! Begin scan in 'D:\' End of the scan: mercredi 2 juillet 2008 00:30 Used time: 2:20:46 min The scan has been done completely. 4821 Scanning directories 194364 Files were scanned 46 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 46 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 194318 Files not concerned 7546 Archives were scanned 2 Warnings 46 Notes

Tintino · Answer

Et toujours le problème avec le "bouton 4 directions" en dessous du touchpad, bouton qui permet de faire défiler les pages . . .  :/

Tintino · Answer

oups, le 1er log n'a pu être posté en une seule fois, on dirait bien :(
tu as besoin de la suite, je suppose ...
alors voici la suite et fin du log 1:

C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DIManagerX 7.0.0.123 Final.zip.vir
  [0] Archive type: ZIP
  --> DIManagerX 7.0.0.123 Final.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48b664f7.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dimenes 1.5 RF.zip.vir
  [0] Archive type: ZIP
  --> Dimenes 1.5 RF.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d6651a.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dimension 4 5.0.35.zip.vir
  [0] Archive type: ZIP
  --> Dimension 4 5.0.35.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d6651c.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dimension Browser 5.0.zip.vir
  [0] Archive type: ZIP
  --> Dimension Browser 5.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d66520.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dimensional Analysis 4.2.2.zip.vir
  [0] Archive type: ZIP
  --> Dimensional Analysis 4.2.2.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d66522.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dimensions of Culture Software, Hofstede 2.0.zip.vir
  [0] Archive type: ZIP
  --> Dimensions of Culture Software, Hofstede 2.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d66524.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DimichSoft Mail List Receiver 5.3.zip.vir
  [0] Archive type: ZIP
  --> DimichSoft Mail List Receiver 5.3.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d66527.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DimichSoft SecurityDog 2.1.zip.vir
  [0] Archive type: ZIP
  --> DimichSoft SecurityDog 2.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d66529.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DIMIN HotKeys for Winamp 0.5.zip.vir
  [0] Archive type: ZIP
  --> DIMIN HotKeys for Winamp 0.5.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48b6650c.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DIMIN HTML Directory Structure Creator 2.4.5.zip.vir
  [0] Archive type: ZIP
  --> DIMIN HTML Directory Structure Creator 2.4.5.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48b66510.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DIMIN Image Viewer n5 5.2.1.111.zip.vir
  [0] Archive type: ZIP
  --> DIMIN Image Viewer n5 5.2.1.111.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48b66514.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DIMIN irCommander 0.3.zip.vir
  [0] Archive type: ZIP
  --> DIMIN irCommander 0.3.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48b66516.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DIMIN OSD 0.3.zip.vir
  [0] Archive type: ZIP
  --> DIMIN OSD 0.3.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48b66519.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DIMIN ShutCountDown 0.0.2.zip.vir
  [0] Archive type: ZIP
  --> DIMIN ShutCountDown 0.0.2.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48b6651d.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DIMIN Smart Capturer 0.1.6.zip.vir
  [0] Archive type: ZIP
  --> DIMIN Smart Capturer 0.1.6.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48b66521.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DIMIN Viewer 5.2.5 Build 140.zip.vir
  [0] Archive type: ZIP
  --> DIMIN Viewer 5.2.5 Build 140.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48b66523.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dimlog 1.3.zip.vir
  [0] Archive type: ZIP
  --> Dimlog 1.3.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d66544.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dimon - Tinted Glasses 1.0.0.zip.vir
  [0] Archive type: ZIP
  --> Dimon - Tinted Glasses 1.0.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d66546.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DimSaver 2.0.zip.vir
  [0] Archive type: ZIP
  --> DimSaver 2.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d6654b.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dimwit's Dictionary 1.0.zip.vir
  [0] Archive type: ZIP
  --> Dimwit's Dictionary 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d6654c.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DIN Settings Calculator 1.1.zip.vir
  [0] Archive type: ZIP
  --> DIN Settings Calculator 1.1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48b7652e.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dina Programming Font 2.89.zip.vir
  [0] Archive type: ZIP
  --> Dina Programming Font 2.89.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d76551.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DinamoMania Analog Clock 1.00.zip.vir
  [0] Archive type: ZIP
  --> DinamoMania Analog Clock 1.00.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d76555.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Ding 1.05.005.zip.vir
  [0] Archive type: ZIP
  --> Ding 1.05.005.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d76557.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DiningPlus 1.0.zip.vir
  [0] Archive type: ZIP
  --> DiningPlus 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d7655c.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dinky AutoComplete Tool 1.0.zip.vir
  [0] Archive type: ZIP
  --> Dinky AutoComplete Tool 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d7655d.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dinner Timer Lite 1.0.6.0.zip.vir
  [0] Archive type: ZIP
  --> Dinner Timer Lite 1.0.6.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d76560.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dino Glade 1.3.zip.vir
  [0] Archive type: ZIP
  --> Dino Glade 1.3.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d76562.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dino Glade Advanced 1.39.zip.vir
  [0] Archive type: ZIP
  --> Dino Glade Advanced 1.39.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d76566.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dino Icons.zip.vir
  [0] Archive type: ZIP
  --> Dino Icons.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d76568.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dino Island 1.0.zip.vir
  [0] Archive type: ZIP
  --> Dino Island 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d7656b.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dino ScreenMate 1.0.zip.vir
  [0] Archive type: ZIP
  --> Dino ScreenMate 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d7656d.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dinosaur Dystopia 1.0.zip.vir
  [0] Archive type: ZIP
  --> Dinosaur Dystopia 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d7656f.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dinosaur Screensaver 1.0.zip.vir
  [0] Archive type: ZIP
  --> Dinosaur Screensaver 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d76573.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dinosaur Valley - Animated Screensaver 5.07.zip.vir
  [0] Archive type: ZIP
  --> Dinosaur Valley - Animated Screensaver 5.07.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d76576.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dinosaur Valley - Animated Wallpaper 5.07.zip.vir
  [0] Archive type: ZIP
  --> Dinosaur Valley - Animated Wallpaper 5.07.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d76577.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dinosaurs 3D Screensaver 1.0.zip.vir
  [0] Archive type: ZIP
  --> Dinosaurs 3D Screensaver 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d7657a.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dinosaurs Art SlideShow 1.0.zip.vir
  [0] Archive type: ZIP
  --> Dinosaurs Art SlideShow 1.0.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
      [NOTE]      The file was moved to '48d7657e.qua'!


End of the scan: mardi 1 juillet 2008  00:59
Used time:  1:11:16 min

The scan has been canceled!

   4366 Scanning directories
 154757 Files were scanned
    221 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
    219 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
 154536 Files not concerned
   7227 Archives were scanned
      2 Warnings
    219 Notes

sKe69 · Answer

bien ...

Supprime tout ce que AntiVir à en quarantaine ( via celle-ci biensûr )

Puis refais un scan hijackthis et postes moi le nouveau rapport obtenu ...

Tintino · Answer

Parfait! Revoici un log de HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:13:19, on 2/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Thunderbird	hunderbird.exe
C:\Program Files\Trend Micro\HijackThis\MonJack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://myprivacy.dpgmedia.be/?siteKey=atXMVFeyFP1Ki09i&callbackUrl=https%3a%2f%2fwww.7sur7.be%2fprivacy-gate%2faccept%3fredirectUri%3d%252f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7
tiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://fwdservice.com
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: eLock Service (eLockService) -   - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcappcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

sKe69 · Answer

Bon ... AntiVir ok mais Norton est de trop .... Il va falloir le nettoyer :

Télécharges Norton removal tool sur ton bureau :
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe

Déconnectes toi . 
Ensuite désinstales Norton avec Norton removal tool :Tu doubles click dessus et te laisses guider : il faut bien le désinstaler ( fait la manipe 2 fois si possible ). 

Puis repostes un Hijackthis pour contrôler ...

Tintino · Answer

L'outil a tourné 2 fois et voici le nouveau log HijackThis :-)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:54:52, on 2/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\MonJack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://myprivacy.dpgmedia.be/?siteKey=atXMVFeyFP1Ki09i&callbackUrl=https%3a%2f%2fwww.7sur7.be%2fprivacy-gate%2faccept%3fredirectUri%3d%252f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7
tiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://fwdservice.com
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: eLock Service (eLockService) -   - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcappcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

sKe69 · Answer

1-Fermes toutes tes applications et déconnectes toi .

Relances Hijackthis mais click sur " Do a scan only " 
Tu vois donc apparaitre le résultat du scan : une multitudes de lignes ,chacunes précédées d'un carré vide . 
Tu vas cliquer sur les carrés des lignes suivantes : 

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) 
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) 
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe 
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') 
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') 
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)  
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://fwdservice.com 
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) 
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

Tu cliques en bas sur le bouton FIX CHECKED et valides .

2- refais un coup de CCleaner ( registre compris )

3-Télécharge DiagHelp.zip sur ton bureau :

http://www.malekal.com/download/DiagHelp.zip

!! déconnectes toi et fermes toutes tes applications en cours !!  

Fais un clic droit sur le fichier et extraire tout .

--> Un nouveau dossier va être créé : "DiagHelp"  
Ouvres le et double-clic sur go.cmd et pas sur autre chose ! (le .cmd peut ne pas apparaître )
 
--> Une fenêtre va s'ouvrir, choisis l'option 1 
L'analyse va commencer, ce-ci peut durer quelques minutes, laisses faire et appuies sur une touche quand on te le demandera : 
une page IE va s'ouvrir , fermes la . 
Re-appuis sur une touche, le bloc-note s'ouvre : 
Sauvegardes ce rapport de façon à le retrouver et postes tout son contenu dans ta prochaine réponse ...

Tintino · Answer

Ccleaner a encore trouvé qq clés a problemes dans le registre. Elles ont été corrigées. Voici donc le prochain rapport que tu m'as demandé :) (PS : tu as une véritable passion pour les virus, non ? ;) ) DiagHelp version v1.4 - http://www.malekal.com excute le mer. 02/07/2008 à 23:37:37,31 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->2/07/2008 23:36:56 C:\WINDOWS\prefetch\WINRAR.EXE-0AA31BB9.pf -->2/07/2008 23:34:34 C:\WINDOWS\prefetch\RUNDLL32.EXE-5560CAC5.pf -->2/07/2008 23:31:28 C:\WINDOWS\prefetch\CCLEANER.EXE-09CFC2BC.pf -->2/07/2008 23:31:16 C:\WINDOWS\prefetch\CTFMON.EXE-05E57A5E.pf -->2/07/2008 23:29:00 C:\WINDOWS\prefetch\IEXPLORE.EXE-2D97EBE6.pf -->2/07/2008 23:28:52 C:\WINDOWS\prefetch\NOTEPAD.EXE-2F2D61E1.pf -->2/07/2008 23:28:08 C:\WINDOWS\prefetch\WGATRAY.EXE-350D4455.pf -->2/07/2008 23:28:02 C:\WINDOWS\prefetch\WUAUCLT.EXE-1360D60A.pf -->2/07/2008 23:27:58 C:\WINDOWS\prefetch\IMAPI.EXE-201490BB.pf -->2/07/2008 23:27:56 C:\WINDOWS\System32\drivers\MiniIcpt.sys -->27/06/2008 22:56:26 C:\WINDOWS\System32\drivers\HookCentre.sys -->27/06/2008 22:56:24 C:\WINDOWS\System32\drivers\bthport.sys -->14/06/2008 19:59:52 C:\WINDOWS\System32\drivers\RMCast.sys -->8/05/2008 14:28:50 C:\WINDOWS\System32\drivers\avipbb.sys -->4/03/2008 13:28:54 C:\WINDOWS\System32\drivers\avgntdd.sys -->21/01/2008 18:12:58 C:\WINDOWS\System32\drivers\avgntmgr.sys -->21/01/2008 18:11:30 C:\WINDOWS\System32\wpa.dbl -->2/07/2008 23:28:00 C:\WINDOWS\System32 vapps.xml -->2/07/2008 23:26:52 C:\WINDOWS\System32\FNTCACHE.DAT -->29/06/2008 23:48:28 C:\WINDOWS\System32\CONFIG.NT -->29/06/2008 15:54:02 C:\WINDOWS\System32\perfh009.dat -->25/06/2008 23:25:08 C:\WINDOWS\System32\perfc009.dat -->25/06/2008 23:25:08 C:\WINDOWS\System32\MRT.exe -->30/05/2008 1:35:12 C:\WINDOWS\System32\amcompat.tlb -->26/05/2008 22:26:54 C:\WINDOWS\System32 scompat.tlb -->26/05/2008 22:26:54 C:\WINDOWS\System32\w95inf32.dll -->26/05/2008 22:26:46 C:\WINDOWS\System32\w95inf16.dll -->26/05/2008 22:26:46 C:\WINDOWS\System32\quartz.dll -->7/05/2008 6:55:48 C:\WINDOWS\System32\TG_PVTR.LOG -->26/04/2008 12:55:18 C:\WINDOWS\System32\mshtml.dll -->23/04/2008 22:16:42 C:\WINDOWS\System32\extmgr.dll -->23/04/2008 6:16:40 C:\WINDOWS\System32\advpack.dll -->23/04/2008 6:16:40 C:\WINDOWS\System32\dxtmsft.dll -->23/04/2008 6:16:40 C:\WINDOWS\System32\dxtrans.dll -->23/04/2008 6:16:40 C:\WINDOWS\System32\ieakeng.dll -->23/04/2008 6:16:40 C:\WINDOWS\System32\ieaksie.dll -->23/04/2008 6:16:40 C:\WINDOWS\System32\ieapfltr.dll -->23/04/2008 6:16:40 C:\WINDOWS\System32\iedkcs32.dll -->23/04/2008 6:16:40 C:\WINDOWS\System32\ieframe.dll -->23/04/2008 6:16:40 C:\WINDOWS\System32\iernonce.dll -->23/04/2008 6:16:40 C:\WINDOWS\System32\inetcpl.cpl -->23/04/2008 6:16:40 C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt -->2/07/2008 23:27:42 C:\WINDOWS\wiadebug.log -->2/07/2008 23:27:02 C:\WINDOWS\ComponentList.xml -->2/07/2008 23:26:52 C:\WINDOWS\bootstat.dat -->2/07/2008 23:26:42 C:\WINDOWS\SchedLgU.Txt -->2/07/2008 23:26:00 C:\WINDOWS\wiaservc.log -->2/07/2008 23:26:00 C:\WINDOWS\WindowsUpdate.log -->2/07/2008 17:15:12 C:\WINDOWS\win.ini -->2/07/2008 0:49:48 C:\WINDOWS\system.ini -->30/06/2008 22:23:02 C:\WINDOWS\DUMP47d6.tmp -->27/06/2008 20:16:48 C:\WINDOWS\QTFont.qfn -->22/06/2008 14:11:42 C:\WINDOWS\QTFont.for -->4/06/2008 10:13:10 C:\WINDOWS\err.txt -->26/05/2008 22:26:58 C:\WINDOWS\FISHUI.INI -->26/04/2008 13:32:30 C:\WINDOWS\mozver.dat -->7/02/2008 21:14:36 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ EXPLORER.EXE pid: 580 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x44080000 0xd0000 7.00.6000.16674 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.16674 C:\WINDOWS\system32\iertutil.dll 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x44360000 0x5cd000 7.00.6000.16674 C:\WINDOWS\system32\ieframe.dll 0x44160000 0x127000 7.00.6000.16674 C:\WINDOWS\system32\urlmon.dll 0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL 0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL 0x442b0000 0x3c000 7.00.6000.16674 C:\WINDOWS\system32\webcheck.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x10000000 0x8000 0.09.0007.0003 C:\Acer\Empowering Technology\ePower\SysHook.dll 0x01aa0000 0x16000 9.04.0004.1082 C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll 0x01690000 0xa000 2.02.0000.0009 C:\WINDOWS\system32\MSNCHATHOOK.DLL 0x01b30000 0x2f000 2.02.0000.0044 C:\WINDOWS\system32\sysenv.dll 0x74bf0000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\OLEACC.dll 0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x01b60000 0x68000 2.02.0000.0011 C:\WINDOWS\system32\CryptoAPI.dll 0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll 0x020a0000 0x102000 7.10.3077.0000 C:\WINDOWS\system32\MFC71U.DLL 0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll 0x014e0000 0x33000 1.04.0000.0001 C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL 0x02320000 0x29000 C:\Program Files\WinRAR arext.dll 0x021b0000 0x13000 7.00.0000.0011 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll 0x02350000 0x7c000 1.00.0000.0026 C:\PROGRA~1\MEDIAT~1\MTShell.dll 0x02af0000 0x14000 2.02.0000.0011 C:\WINDOWS\system32\eDSshellExt.dll 0x7c120000 0x19000 7.10.3077.0000 C:\WINDOWS\system32\ATL71.DLL 0x6bd10000 0x10000 12.00.4518.1014 C:\Program Files\Microsoft Office\Office12\msohevi.dll 0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ WINLOGON.EXE pid: 772 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x01260000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est E1B7-6D53 Répertoire de C:\WINDOWS\system32 10/08/2004 05:00 6.144 csrss.exe 1 fichier(s) 6.144 octets 0 Rép(s) 40.833.974.272 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est E1B7-6D53 Répertoire de C:\WINDOWS\Downloaded Program Files 06/11/2006 08:24 . 06/11/2006 08:24 .. 15/04/2005 14:45 65 desktop.ini 09/11/2006 14:36 5.019 swflash.inf 04/12/2006 15:16 144 QTPlugin.inf 29/04/2003 16:41 32.768 clearadjust.dll 29/04/2003 16:58 241 clearadj.inf 09/07/2007 12:27 2.377.088 Rawflow.ocx 13/02/2008 17:55 130 live.ini 14/03/2005 14:58 7.073 scanoptions.tsi 16/03/2005 12:34 7.407 lang.ini 25/05/2006 01:21 53.248 ipsupd.dll 25/05/2006 01:21 118.784 bdupd.dll 07/12/2004 17:07 32 libfn.dll 07/12/2004 17:07 32 bdcore.dll 25/10/2007 16:54 471.040 oscan8.ocx 29/10/2007 16:45 1.244 oscan8.inf 11/02/2008 09:39 1.864 OnlineScanner.inf 16 fichier(s) 3.076.179 octets Total des fichiers listés : 16 fichier(s) 3.076.179 octets 2 Rép(s) 40.833.974.272 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HelpCtr.exe"="C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix" "C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer" "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\CounterPath\X-Lite\x-lite.exe"="C:\Program Files\CounterPath\X-Lite\x-lite.exe:*:Enabled:X-Lite" "C:\WINDOWS\System32\muzapp.exe"="C:\WINDOWS\System32\muzapp.exe:*:Enabled:MUZ AOD APP player" "C:\Documents and Settings\Tintino\Local Settings\Temp\WZSE0.TMP\symnrt.exe"="C:\Documents and Settings\Tintino\Local Settings\Temp\WZSE0.TMP\symnrt.exe:*:Enabled:Symantec Removal Utility" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Export de la clef SharedTaskScheduler [SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 "DisableRegistryTools"=dword:00000000 "HideLegacyLogonScripts"=dword:00000000 "HideLogoffScripts"=dword:00000000 "RunLogonScriptSync"=dword:00000001 "RunStartupScriptSync"=dword:00000000 "HideStartupScripts"=dword:00000000 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-02 23:38:15 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 164 - EHTRAY.EXE 264 - Acer.Empowering 580 - EXPLORER.EXE 672 - EHRECVR.EXE 736 - CSRSS.EXE 772 - WINLOGON.EXE 816 - SERVICES.EXE 828 - LSASS.EXE 980 - AGRSMMSG.EXE 996 - SVCHOST.EXE 1036 - EHSCHED.EXE 1072 - SVCHOST.EXE 1124 - DLLHOST.EXE 1168 - SVCHOST.EXE 1188 - RTHDCPL.EXE 1208 - SVCHOST.EXE 1244 - EVTENG.EXE 1280 - S24EVMON.EXE 1308 - NVSVC32.EXE 1340 - HOTKEYAPP.EXE 1376 - EDSLOADER.EXE 1420 - EPOWER_DMC.EXE 1516 - LVCOMSX.EXE 1568 - CAMERAASSISTANT 1644 - avgnt.exe 1664 - avguard.exe 1724 - SPOOLSV.EXE 1768 - LVPRCSRV.EXE 1788 - sched.exe 1948 - cmd.exe 2000 - MEMCHECK.EXE 2220 - ALG.EXE 2240 - SVCHOST.EXE 2296 - SVCHOST.EXE 2424 - WMIAPSRV.EXE 2520 - ELOCKSERV.EXE 2708 - MCRDSVC.EXE 3068 - WMIPRVSE.EXE 4020 - ctfmon.exe Total number of processes = 40 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32 tkrnlpa.exe 806E2000 - \WINDOWS\system32\hal.dll BADA8000 - \WINDOWS\system32\KDCOM.DLL BACB8000 - \WINDOWS\system32\BOOTVID.dll BA6BF000 - sptd.sys BADAA000 - \WINDOWS\System32\Drivers\WMILIB.SYS BA6A7000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS BA678000 - ACPI.sys BA667000 - pci.sys BA8A8000 - ohci1394.sys BA8B8000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS BA8C8000 - isapnp.sys BACBC000 - compbatt.sys BACC0000 - \WINDOWS\system32\DRIVERS\BATTC.SYS BAE70000 - pciide.sys BAB28000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS BADAC000 - aliide.sys BADAE000 - intelide.sys BADB0000 - toside.sys BADB2000 - viaide.sys BADB4000 - cmdide.sys BA8D8000 - MountMgr.sys BA62A000 - ftdisk.sys BADB6000 - dmload.sys BA604000 - dmio.sys BACC4000 - ACPIEC.sys BAE71000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS BAB30000 - PartMgr.sys BACC8000 - UBHelper.sys BA8E8000 - VolSnap.sys BACCC000 - cpqarray.sys BA5EC000 - atapi.sys BACD0000 - aha154x.sys BAB38000 - sparrow.sys BACD4000 - symc810.sys BA8F8000 - aic78xx.sys BACD8000 - dac960nt.sys BA908000 - ql10wnt.sys BACDC000 - amsint.sys BAB40000 - asc.sys BACE0000 - asc3550.sys BAB48000 - mraid35x.sys BAB50000 - i2omp.sys BACE4000 - ini910u.sys BA918000 - ql1240.sys BA928000 - aic78u2.sys BAB58000 - symc8xx.sys BAB60000 - sym_hi.sys BAB68000 - sym_u3.sys BAB70000 - ABP480N5.SYS BAB78000 - asc3350p.sys BADB8000 - cd20xrnt.sys BA938000 - ultra.sys BA5D3000 - adpu160m.sys BAB80000 - dpti2o.sys BA948000 - ql1080.sys BA958000 - ql1280.sys BA968000 - ql12160.sys BAB88000 - perc2.sys BADBA000 - perc2hib.sys BAB90000 - hpn.sys BACE8000 - cbidf2k.sys BA5A7000 - dac2w2k.sys BA978000 - disk.sys BA988000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS BA587000 - fltMgr.sys BA575000 - sr.sys BA998000 - PxHelp20.sys BA552000 - Fastfat.sys BA53B000 - KSecDD.sys BA528000 - WudfPf.sys BA4FB000 - NDIS.sys BA9A8000 - sisagp.sys BA9B8000 - viaagp.sys BA4E0000 - Mup.sys BA9C8000 - alim1541.sys BA9D8000 - amdagp.sys BA9E8000 - agp440.sys BA9F8000 - agpCPQ.sys BAA18000 - \SystemRoot\system32\DRIVERS\intelppm.sys BADA4000 - \SystemRoot\system32\DRIVERS\wmiacpi.sys B9FEB000 - \SystemRoot\system32\DRIVERS v4_mini.sys B9FD7000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS B9F8A000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys BAC00000 - \SystemRoot\system32\DRIVERS\usbuhci.sys B9E0A000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS BAC08000 - \SystemRoot\system32\DRIVERS\usbehci.sys B9DF9000 - \SystemRoot\system32\DRIVERS\sdbus.sys BA40C000 - \SystemRoot\system32\DRIVERS\CmBatt.sys BAA28000 - \SystemRoot\system32\DRIVERS\i8042prt.sys BAC10000 - \SystemRoot\system32\DRIVERS\kbdclass.sys B9DCA000 - \SystemRoot\system32\DRIVERS\SynTP.sys BADBC000 - \SystemRoot\system32\DRIVERS\USBD.SYS BAC18000 - \SystemRoot\system32\DRIVERS\mouclass.sys BAA38000 - \SystemRoot\system32\DRIVERS\imapi.sys BAA48000 - \SystemRoot\system32\DRIVERS\cdrom.sys BAA58000 - \SystemRoot\system32\DRIVERS edbook.sys B9DA7000 - \SystemRoot\system32\DRIVERS\ks.sys BADBE000 - \SystemRoot\system32\DRIVERS\NTIDrvr.sys BAFAF000 - \SystemRoot\system32\DRIVERS\audstub.sys BAAB8000 - \SystemRoot\system32\DRIVERS asl2tp.sys BA404000 - \SystemRoot\system32\DRIVERS distapi.sys B9D90000 - \SystemRoot\system32\DRIVERS diswan.sys BAAC8000 - \SystemRoot\system32\DRIVERS aspppoe.sys BAAD8000 - \SystemRoot\system32\DRIVERS aspptp.sys BAC20000 - \SystemRoot\system32\DRIVERS\TDI.SYS B9CDF000 - \SystemRoot\system32\DRIVERS\psched.sys BAAE8000 - \SystemRoot\system32\DRIVERS\msgpc.sys BAC28000 - \SystemRoot\system32\DRIVERS\ptilink.sys BAC30000 - \SystemRoot\system32\DRIVERS aspti.sys B9CAE000 - \SystemRoot\system32\DRIVERS dpdr.sys BAAF8000 - \SystemRoot\system32\DRIVERS ermdd.sys BADC0000 - \SystemRoot\system32\DRIVERS\swenum.sys B9C2D000 - \SystemRoot\system32\DRIVERS\update.sys BA3E8000 - \SystemRoot\system32\DRIVERS\mssmbios.sys BAB08000 - \SystemRoot\System32\Drivers\NDProxy.SYS B77DF000 - \SystemRoot\system32\drivers\RtkHDAud.sys B77BD000 - \SystemRoot\system32\drivers\portcls.sys BA4D0000 - \SystemRoot\system32\drivers\drmk.sys B76AA000 - \SystemRoot\system32\DRIVERS\AGRSM.sys BAC38000 - \SystemRoot\System32\Drivers\Modem.SYS BA4B0000 - \SystemRoot\system32\DRIVERS\usbhub.sys BADC6000 - \SystemRoot\System32\Drivers\i2omgmt.SYS BADC8000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS BA375000 - \SystemRoot\System32\Drivers\Null.SYS BADCA000 - \SystemRoot\System32\Drivers\Beep.SYS BAC58000 - \SystemRoot\System32\drivers\vga.sys BADCC000 - \SystemRoot\System32\Drivers\mnmdd.SYS BADCE000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys BAC60000 - \SystemRoot\System32\Drivers\Msfs.SYS BAC68000 - \SystemRoot\System32\Drivers\Npfs.SYS B9FB3000 - \SystemRoot\system32\DRIVERS asacd.sys B7627000 - \SystemRoot\system32\DRIVERS\ipsec.sys B75CF000 - \SystemRoot\system32\DRIVERS cpip.sys B757F000 - \SystemRoot\system32\DRIVERS etbt.sys B755E000 - \SystemRoot\system32\DRIVERS\ipnat.sys B753C000 - \SystemRoot\System32\drivers\afd.sys BA4A0000 - \SystemRoot\system32\DRIVERS\wanarp.sys BA490000 - \SystemRoot\system32\DRIVERS etbios.sys BAC70000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys B7511000 - \SystemRoot\system32\DRIVERS dbss.sys B74A2000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys B9C9A000 - \SystemRoot\System32\Drivers\Hotkey.SYS BA470000 - \SystemRoot\System32\Drivers\Fips.SYS B748F000 - \SystemRoot\system32\DRIVERS\avipbb.sys BADD2000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys BA450000 - \SystemRoot\system32\drivers\lvusbsta.sys B72BB000 - \SystemRoot\system32\DRIVERS\lv321av.sys BA440000 - \SystemRoot\system32\DRIVERS\STREAM.SYS BAA68000 - \SystemRoot\System32\Drivers\Cdfs.SYS B72A3000 - \SystemRoot\System32\Drivers\dump_atapi.sys BADD4000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys B7692000 - \SystemRoot\System32\drivers\Dxapi.sys BAC78000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys BAEF8000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32 v4_disp.dll BAC88000 - \SystemRoot\system32\DRIVERS\AegisP.sys B61D6000 - \SystemRoot\system32\DRIVERS\s24trans.sys B61B2000 - \SystemRoot\system32\DRIVERS disuio.sys B567E000 - \SystemRoot\system32\DRIVERS\mrxdav.sys B4E19000 - \SystemRoot\system32\drivers\wdmaud.sys B5FFA000 - \SystemRoot\system32\drivers\sysaudio.sys BAF0B000 - \??\C:\WINDOWS\system32\drivers\epm-psd.sys B4865000 - \??\C:\WINDOWS\system32\drivers\epm-shd.sys B4824000 - \SystemRoot\System32\Drivers\HTTP.sys B4813000 - \??\C:\WINDOWS\system32\drivers\int15.sys B46F9000 - \SystemRoot\system32\DRIVERS\srv.sys B46C1000 - \??\C:\WINDOWS\system32\drivers vicport.sys BAEAC000 - \??\C:\WINDOWS\system32\drivers\zntport.sys B42AD000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys BABC0000 - \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys B7293000 - \??\C:\WINDOWS\system32\Drivers\psdfilter.sys B3E62000 - \??\C:\WINDOWS\system32\Drivers\psdvdisk.sys B2112000 - \SystemRoot\system32\DRIVERS\w39n51.sys BAFD8000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 177 Liste des programmes installes Acer eDataSecurity Management Acer eDataSecurity Management 2.0.3076 Acer eLock Management Acer Empowering Technology Acer eNet Management Acer ePerformance Management Acer ePower Management Acer ePresentation Management Acer eSettings Management Acer GridVista Acer Screensaver Adobe Flash Player ActiveX Adobe Shockwave Player Agere Systems HDA Modem Ant Movie Catalog Archiveur WinRAR AutoUpdate Avira AntiVir Personal – Free Antivirus CCleaner (remove only) Correctif n° 2 pour Windows XP Édition Media Center 2005 Correctif pour Lecteur Windows Media 11 (KB939683) Correctif pour Windows Internet Explorer 7 (KB947864) Correctif pour Windows XP (KB888795) Correctif pour Windows XP (KB891593) Correctif pour Windows XP (KB896256) Correctif pour Windows XP (KB899337) Correctif pour Windows XP (KB899510) Correctif pour Windows XP (KB902841) Correctif pour Windows XP (KB914440) Correctif pour Windows XP (KB935448) Correctif Windows XP - KB873339 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB885855 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB888239 Correctif Windows XP - KB888302 Correctif Windows XP - KB890859 Correctif Windows XP - KB891781 Correctif Windows XP - KB895961 DivX Codec DivX Content Uploader DivX Player DivX Web Player Entraînez votre logique et votre raisonnement Foxit Reader Frozen-Bubble 1.0 High Definition Audio Driver Package - KB888111 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) IrfanView (remove only) iWizz IziSpot 4.10 Java(TM) 6 Update 5 Launch Manager V1.1.0.3 Lecteur Windows Media 11 Logiciel Acer OrbiCam Logiciel Intel(R) PROSet/Wireless mCore Media Tagger v1.3.5 Microsoft .NET Framework 1.0 Hotfix (KB887998) Microsoft .NET Framework 1.0 Hotfix (KB930494) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Access MUI (French) 2007 Microsoft Office Enterprise 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (French) 2007 Microsoft Office Groove MUI (French) 2007 Microsoft Office InfoPath MUI (French) 2007 Microsoft Office OneNote MUI (French) 2007 Microsoft Office Outlook MUI (French) 2007 Microsoft Office PowerPoint MUI (French) 2007 Microsoft Office PowerPoint Viewer 2007 (French) Microsoft Office Proof (Arabic) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (French) 2007 Microsoft Office Publisher MUI (French) 2007 Microsoft Office Shared MUI (French) 2007 Microsoft Office Word MUI (French) 2007 Microsoft Software Update for Web Folders (French) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901190) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911567) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918118) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB920214) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921398) Mise à jour de sécurité pour Windows XP (KB921503) Mise à jour de sécurité pour Windows XP (KB922616) Mise à jour de sécurité pour Windows XP (KB922760) Mise à jour de sécurité pour Windows XP (KB922819) Mise à jour de sécurité pour Windows XP (KB923191) Mise à jour de sécurité pour Windows XP (KB923414) Mise à jour de sécurité pour Windows XP (KB923689) Mise à jour de sécurité pour Windows XP (KB923694) Mise à jour de sécurité pour Windows XP (KB923980) Mise à jour de sécurité pour Windows XP (KB924191) Mise à jour de sécurité pour Windows XP (KB924270) Mise à jour de sécurité pour Windows XP (KB924496) Mise à jour de sécurité pour Windows XP (KB924667) Mise à jour de sécurité pour Windows XP (KB925454) Mise à jour de sécurité pour Windows XP (KB925486) Mise à jour de sécurité pour Windows XP (KB925902) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour de sécurité pour Windows XP (KB926436) Mise à jour de sécurité pour Windows XP (KB927779) Mise à jour de sécurité pour Windows XP (KB927802) Mise à jour de sécurité pour Windows XP (KB928255) Mise à jour de sécurité pour Windows XP (KB928843) Mise à jour de sécurité pour Windows XP (KB929123) Mise à jour de sécurité pour Windows XP (KB930178) Mise à jour de sécurité pour Windows XP (KB931261) Mise à jour de sécurité pour Windows XP (KB931784) Mise à jour de sécurité pour Windows XP (KB932168) Mise à jour de sécurité pour Windows XP (KB933729) Mise à jour de sécurité pour Windows XP (KB935839) Mise à jour de sécurité pour Windows XP (KB935840) Mise à jour de sécurité pour Windows XP (KB936021) Mise à jour de sécurité pour Windows XP (KB937894) Mise à jour de sécurité pour Windows XP (KB938829) Mise à jour de sécurité pour Windows XP (KB941202) Mise à jour de sécurité pour Windows XP (KB941568) Mise à jour de sécurité pour Windows XP (KB941569) Mise à jour de sécurité pour Windows XP (KB941644) Mise à jour de sécurité pour Windows XP (KB941693) Mise à jour de sécurité pour Windows XP (KB943055) Mise à jour de sécurité pour Windows XP (KB943460) Mise à jour de sécurité pour Windows XP (KB943485) Mise à jour de sécurité pour Windows XP (KB944653) Mise à jour de sécurité pour Windows XP (KB945553) Mise à jour de sécurité pour Windows XP (KB946026) Mise à jour de sécurité pour Windows XP (KB948590) Mise à jour de sécurité pour Windows XP (KB948881) Mise à jour de sécurité pour Windows XP (KB950749) Mise à jour de sécurité pour Windows XP (KB950760) Mise à jour de sécurité pour Windows XP (KB950762) Mise à jour de sécurité pour Windows XP (KB951376-v2) Mise à jour de sécurité pour Windows XP (KB951376) Mise à jour de sécurité pour Windows XP (KB951698) Mise à jour pour Lecteur Windows Media 10 (KB913800) Mise à jour pour Lecteur Windows Media 10 (KB926251) Mise à jour pour Windows XP (KB894391) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB904942) Mise à jour pour Windows XP (KB908531) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB911280) Mise à jour pour Windows XP (KB912945) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Mise à jour pour Windows XP (KB927891) Mise à jour pour Windows XP (KB929338) Mise à jour pour Windows XP (KB930916) Mise à jour pour Windows XP (KB931836) Mise à jour pour Windows XP (KB932823-v3) Mise à jour pour Windows XP (KB933360) Mise à jour pour Windows XP (KB936357) Mise à jour pour Windows XP (KB938828) Mise à jour pour Windows XP (KB942763) mMHouse Mozilla Firefox (3.0) Mozilla Thunderbird (2.0.0.14) mPfMgr mProSafe MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) mWlsSafe mXML NewsLeecher v3.8 Final NTI Backup NOW! 4.5 NTI CD & DVD-Maker NTI CD & DVD-Maker NVIDIA Drivers PDFCreator POP Peeper PowerDVD PowerProducer Programme de gestion Acer OrbiCam QuickTime Alternative 2.1.1 Realtek High Definition Audio Driver Samsung Media Studio Sonic Encoders Synaptics Pointing Device Driver TELL ME MORE Texas Instruments PCIxx21/x515 drivers. TIxx21 VideoLAN VLC media player 0.8.6 WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Messenger Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows XP Media Center Edition 2005 KB925766 X-Lite 3.0 X-Lite 3.0 Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est E1B7-6D53 Répertoire de C:\Program Files 06/11/2006 08:25 . 06/11/2006 08:25 .. 08/12/2006 22:36 Acer 09/06/2006 15:01 Acer Inc 17/12/2006 16:34 Ant Movie Catalog 26/05/2008 22:26 Auralog 30/06/2008 23:34 Avira 30/06/2008 23:04 CCleaner 15/04/2005 14:42 ComPlus Applications 18/03/2008 23:53 CounterPath 09/12/2006 04:28 CyberLink 29/01/2007 23:31 DivX 28/06/2008 11:29 DJ Mix Pro 15/04/2005 14:37 Fichiers communs 28/12/2006 22:30 Foxit Software 04/03/2008 22:31 Frozen-Bubble 06/10/2007 20:23 Happyneuron 09/06/2006 14:20 Intel 15/04/2005 14:44 Internet Explorer 12/03/2008 21:34 IrfanView 03/06/2008 22:59 iWizz 27/10/2007 18:38 JAlbumWin 13/12/2006 23:07 Java 08/12/2006 22:31 Launch Manager 27/10/2007 18:47 Maïdo Production 26/04/2008 12:54 MarkAny 10/02/2007 17:40 Media Tagger 15/04/2005 14:41 Messenger 15/04/2005 14:47 microsoft frontpage 10/12/2006 16:46 Microsoft Office 28/12/2006 21:55 Microsoft.NET 15/04/2005 14:41 Movie Maker 18/01/2008 22:48 Mozilla Firefox 20/04/2007 00:40 Mozilla Thunderbird 20/01/2007 17:19 MSECache 15/04/2005 14:41 MSN 15/04/2005 14:41 MSN Gaming Zone 10/12/2006 23:49 MSXML 4.0 15/04/2005 14:44 NetMeeting 29/05/2008 21:46 NewsLeecher 09/06/2006 15:01 NewTech Infosystems 15/04/2005 14:44 Outlook Express 21/06/2007 20:26 PDFCreator 24/01/2007 21:31 POP Peeper 04/06/2008 10:29 QuickTime Alternative 09/06/2006 14:23 Realtek 26/04/2008 12:54 Samsung 15/04/2005 14:45 Services en ligne 07/02/2008 23:52 SINTEC 09/06/2006 14:23 Synaptics 29/06/2008 18:34 Trend Micro 18/12/2006 23:36 VideoLAN 12/11/2007 23:53 Windows Live 17/12/2006 13:54 Windows Media Connect 2 15/04/2005 14:42 Windows Media Player 15/04/2005 14:41 Windows NT 15/04/2005 14:42 Windows Plus 08/12/2006 22:35 WinPCap 13/12/2006 23:29 WinRAR 15/04/2005 14:47 xerox 08/12/2006 22:40 Yahoo! 0 fichier(s) 0 octets 61 Rép(s) 40.677.015.552 octets libres Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est E1B7-6D53 Répertoire de C:\Program Files\fichiers communs 06/11/2006 08:25 . 06/11/2006 08:25 .. 15/04/2005 14:37 Microsoft Shared 15/04/2005 14:37 SpeechEngines 15/04/2005 14:37 ODBC 15/04/2005 14:44 System 15/04/2005 14:44 MSSoap 15/04/2005 14:44 Services 09/06/2006 14:23 InstallShield 09/06/2006 15:01 NewTech Infosystems 09/06/2006 15:02 muvee Technologies 09/06/2006 15:23 Symantec Shared 08/12/2006 22:37 Acer 08/12/2006 22:37 Logitech 13/12/2006 23:07 Java 28/12/2006 21:55 DESIGNER 18/03/2008 23:53 Intel 0 fichier(s) 0 octets 17 Rép(s) 40.678.031.360 octets libres Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est E1B7-6D53 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 06/11/2006 08:25 . 06/11/2006 08:25 .. 07/03/2001 07:00 127.033 MSOWS40c.DLL 03/06/1999 12:09 122.937 MSOWS409.DLL 17/12/2006 16:51 1033 11/07/2003 02:25 80.448 PKMWS.DLL 28/12/2006 21:52 1036 26/10/2006 19:49 970.528 MSONSEXT.DLL 4 fichier(s) 1.300.946 octets 4 Rép(s) 40.678.031.360 octets libres c:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\English\setup.exe c:\Documents and Settings\Tintino\Bureau\C-fix.exe c:\Documents and Settings\Tintino\Bureau\elibagla.exe c:\Documents and Settings\Tintino\Bureau\emoticones.exe c:\Documents and Settings\Tintino\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\Tintino\Bureau\DiagHelp\diff.exe c:\Documents and Settings\Tintino\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\Tintino\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Tintino\Bureau\DiagHelp\find2.exe c:\Documents and Settings\Tintino\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\Tintino\Bureau\DiagHelp\grep.exe c:\Documents and Settings\Tintino\Bureau\DiagHelp\gzip.exe c:\Documents and Settings\Tintino\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\Tintino\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\Tintino\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Tintino\Bureau\DiagHelp\md5sums.exe c:\Documents and Settings\Tintino\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\Tintino\Bureau\DiagHelp\sigcheck.exe c:\Documents and Settings\Tintino\Bureau\DiagHelp\streams.exe c:\Documents and Settings\Tintino\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\Tintino\Bureau\DiagHelp ar.exe c:\Documents and Settings\Tintino\Bureau\KillB\Proc\mdelk.exe c:\Documents and Settings\Tintino\Bureau\KillB ools\bOo.exe c:\Documents and Settings\Tintino\Bureau\KillB ools\swreg.exe c:\Documents and Settings\Tintino\Application Data\U3 emp\Launchpad Removal.exe c:\Documents and Settings\Tintino\Application Data\U3\000015793C61F74A\LaunchPad.exe c:\Documents and Settings\All Users\Application Data\Microsoft\USMT\iconlib.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aecore.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeemu.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aegen.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aehelp.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeheur.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeoffice.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aepack.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aerdl.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aescn.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aescript.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aevdf.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll c:\Documents and Settings\Tintino\Application Data\U3\000015793C61F74A\u3dapi10.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_TINTINOBILE.tar.gz a l'adresse http://upload.malekal.com

sKe69 · Answer

vu ...

1- Télécharges OTMoveIt (de Old_Timer) sur ton Bureau. 
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
ou http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

Déconnectes toi et fermes toute tes applications en cours .
 
clic double sur OTMoveIt.exe pour le lancer. 
copie la liste qui se trouve en citation ci-dessous, 

C:\WINDOWS\System32\advpack.dll 
C:\Documents and Settings\Tintino\Bureau\KillB

et colles-la dans le cadre de gauche de OTMoveIt2 : 
Paste standard List of Files/Folders to be moved.
 
cliques sur MoveIt! pour lancer la suppression. 
le résultat apparaîtra dans le cadre Results.
 
cliques sur Exit pour fermer. 
--->postes le rapport situé dans " C:\OTMoveIt\MovedFiles." 

il te sera peut-être demandé de redémarrer le pc pour achever la suppression. 
si c'est le cas acceptes par "Yes". 

2- Télécharges ToolsCleaner (de A.Rothstein) sur ton Bureau. 
http://pc-system.fr/

Lances le . 
*Cliques sur Recherche et laisses le scan se terminer (cela peut être long). 
*Cliques sur Suppression pour finaliser. 
*Tu peux, si tu le souhaites, te servir des Options facultatives 
*Click sur "quitter" pour générer un rapport :
---> Postes le (TCleaner.txt), il se trouve à la racine de ton disque dur (C:\). 

Note : Ce petit soft va te nettoyer tout les trucs dont on c'est servi pour la désinfection ( tu n'en as plus besion ! ) . 
Supprimes tout les outils , dossiers ou rapports consernant la désinfection que Toolsclaener2 n'a pas supprimé . 

Puis enfin supprimes Toolscleaner2 ... ( gardes CCleaner : très utile ! )

3-Restauration système 
*Désactives ta restauration :
Cliques droit sur poste de travail/propriétés/Restauration système/coche la case désactiver la restauration, appliquer, OK 
--->Redémarres ton PC 
*Réactives ta restauration :
Cliques droit sur poste de travail/propriétés/Restauration système/décoche la case désactiver la restauration, appliquer, OK 
--->Redémarres ton PC 

4- une dernière vérife avant de finaliser :
Fais un scan antivirus en ligne, avec Internet Explorer et accepter l'ActiveX :
https://www.bitdefender.fr/ 
(pour le rapport ,qui est un doc IE , clik sur l'onglet "plus de détailles" : et à la fin du scan tu demandes à le sauvegarder sur ton bureau) 

--->fais un copier/coller et postes le rapport dans ta prochaine réponse ... 

Aide : En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE 
Dans la nouvelle fenêtre, clique sur j’accepte .
La fenêtre change encore, clique sur scanner .
Les signatures se chargent, etc.
(aide en image : http://www.commentcamarche.net/faq/sujet 8872 scanner en ligne avec bitdefender)


Voilà , ... j'attends donc ces trois rapports et on termine ensuite ... ^^

PS : tu as une véritable passion pour les virus, non ? ;) 
---> pour les virus, non ... pour les supprimés , je ne dirais pas une passion , mais plutôt un hobby très prenant  =)

Tintino · Answer

ok
pas mal de boulot pour cette étape
je te donnerai des nouvelles demain soir au plus tot alors car pour aujourd'hui, ca sera trop juste :(

Encore un tout grand MERCI pour ton dévouement , en tout cas !!

C'est une bien belle passion que tu as la... D'autant plus qu'elle est positive pour la communauté :)

NB : je suppose que tu n'as pas d'idée pour mon bouton "4 directions" qui ne fonctionne tjs pa depuis ce satané virus ? :-s

Bonne soirée et a demain pr les résultats, Ske69

sKe69 · Answer

tu n'as pas d'idée pour mon bouton "4 directions" ---> pour l'instant non ... mais on verra cela à la fin ;)

A demain ...

Tintino · Answer

Salut Ske69 ,

la forme ? ? 

Alors, me voilà comme promis avec mes "devoirs" casi terminés :)
J'ai déjà 2 logs à te proposer (en attendant que je fasse le scan online)

==============
 Rapport OTMoveIt :
==============

DllUnregisterServer procedure not found in C:\WINDOWS\System32\advpack.dll
C:\WINDOWS\System32\advpack.dll NOT unregistered.
C:\WINDOWS\System32\advpack.dll moved successfully.
C:\Documents and Settings\Tintino\Bureau\KillB	ools moved successfully.
C:\Documents and Settings\Tintino\Bureau\KillB\Proc moved successfully.
C:\Documents and Settings\Tintino\Bureau\KillB moved successfully.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07032008_192641



===============
 Rapport ToolsCleaner :
===============

-->- Recherche: 

C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Tintino\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Tintino\Bureau\EliBaglA.exe: trouvé !
C:\Documents and Settings\Tintino\Bureau\OtMoveIt2.exe: trouvé !
C:\Documents and Settings\Tintino\Bureau\DiagHelp: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !

---------------------------------
-->- Suppression: 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Tintino\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Tintino\Bureau\EliBaglA.exe: supprimé !
C:\Documents and Settings\Tintino\Bureau\OtMoveIt2.exe: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\Tintino\Bureau\DiagHelp: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !



PS : Le dossier _OtMoveIt a pu être supprimé après restart du PC 



Je vais maintenant lancer le scan online  et te l'envoie dans le prochain post

PS 2 : Autre anomalie depuis 1 ou 2 jours : j'ai un message d'erreur quand je ferme Thunderbird.  Je vais peut etre essayer de le réinstaller ...

Tintino · Answer

Et .... tadaaaaaaaaaaaaaa . . .. . Voila le rapport BitDefender

ON dirait bien qu'il n'y a plus de virus, hein? :-)

BitDefender Online Scanner
  
  
 
Rapport d'analyse généré à: Thu, Jul 03, 2008 - 20:36:49
 
 
  
  
 
Voie d'analyse: C:\;D:\;E:\;
  
  
  
Statistiques
 
Temps
 00:27:01
 
Fichiers
 40819
 
Directoires
 4832
 
Secteurs de boot
 4
 
Archives
 700
 
Paquets programmes
 3230
 
  
  
 
Résultats
 
Virus identifiés
 0
 
Fichiers infectés
 0
 
Fichiers suspects
 0
 
Avertissements
 0
 
Désinfectés
 0
 
Fichiers effacés
 0
 
  
  
 
Info sur les moteurs
 
Définition virus
 1328593
 
Version des moteurs
 AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
 
Analyse des plugins
 16
 
Archive des plugins
 42
 
Unpack des plugins
 7
 
E-mail plugins
 6
 
Système plugins
 5
 
  
  
 
Paramètres d'analyse
 
Première action
 Désinfecté
 
Seconde Action
 Supprimé
 
Heuristique
 Oui
 
Acceptez les avertissements
 Oui
 
Extensions analysées
 exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
 
Excludez les extensions
  
 
Analyse d'emails
 Oui
 
Analyse des Archives
 Oui
 
Analyser paquets programmes
 Oui
 
Analyse des fichiers
 Oui
 
Analyse de boot
 Oui
 
  
  
 
  Fichier analysé
  Statut
 
Aucun virus trouvé

sKe69 · Answer

Plutôt encourageant, non ? ^^

Fait ce petit check up vu l'infection , c'est plus que conseillé ( ensuite on verra si il demeure encore des prb ) :

-Nettoyage et Défragmentation de tes Disques 
*Nettoyage : 
Clic droit sur "poste de travail" ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Général" 
Cliques sur le bouton "nettoyage de disque", OK 
tu le fais pour chacun de tes disques 

*Vérifications des erreurs : 
Clic droit sur "poste de travail" ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Outil" 
"Vérifier maintenant", une boîte s'ouvre, cocher les cases : 
-réparer automatiquement les erreurs... 
-rechercher et tenter une récupération... 
--->Démarrer, ok 
Note : s'il te dis de redémarrer ton Pc pour le faire , tu redémarres et tu laisses faire, cela prend un peu de temps c'est normal 
tu le fais pour chacun de tes disques 

ensuite toujours dans le même onglet tu choisis : 
*Défragmentation : 
"défragmenter maintenant", OK 
une boîte s'ouvre, tu sélectionnes le disque à défragmenter, et tu cliques sur "analyser", puis après l'analyse, "défragmenter" . OK 
tu le fais pour chacun de tes disques 

une fois cela terminé , re-testes ton PC et dis moi ce que cela à donné ...

Tintino · Answer

Helllooo Ske69,

après quelques jours de silence, me revoilààà !!
Alors, j'ai fait tout e que tu m'as dit : nettoyage, vérifs des erreurs et Enfin la defrag !
tout s'est bien passé (la defrag des 2 partitions a pris beauuuuucoup de temps,  mais a finalement été jusqu'au bout ! Yesss)

Et pour mon prob de touchpat, j'ai trouvé la solution : j'ai tout simplement recherché  le driver synaptics et l'ai réinstallé
en fait, je CROIS que c'est un des fichiers qui avait été infecté et viré (synTH)  et que c'est pour cela qu'il l'annait plus complètement
Donc, maintenant, même cela, ca fonctionne !!

J'ai encore juste de temps a autre mon thunderbird qui se ferme avec un message d'erreur, mais pour cela, je vais essayer de le réinstaller, je pense.  

Bref, tout tes conseils ont été d'une précieuse aide et sans toi, je ne serai pas arrivé au bout de ce virus (pourtant, je bosse dans l'IT et au boulo, j'ai parfois en face de moi des PC utilisateurs qui sont infecté et je suis tjs parvenu a virer les virus, mais jamais ca n'avait été Baggle)  

Donc, un TOUT grand merci !!!

A moins que tu aies quelque chose de supplémentaire à me conseiller, je crois que nosu sommes arrivé au bout  :)

sKe69 · Answer

Salut,
content de t'avoir rendu service ^^ tout le plaisir fut pour moi ...

C'est sur qu'avec un bagle, les choses ne sont pas simples  ;)

Pour ton jeu , je pense qu'une réinstalle est à tenter ....

Je te donne pour finir quelques infos intéressantes pour toi et ton PC :
( à potasser tranquillement mais à prendre en compte tout de même ... )
========================================================================= 

=> Comportement à adopter avec son PC : http://assiste.com.free.fr/p/abc/a/safe_cex.html 

=> Surveillance : 
Effectue des scan réguliers de surveillance (une fois tous les 15 jours, par exemple) avec ton antivirus puis avec ton anti-spyware (après les avoir mis à jour bien sur !) et supprime ce qu'ils peuvent trouver (où mets en quarantaine, en pensant à la vider ultérieurement). 

========================================================================= 

=> Il faut mettre a jour la console Java régulièrement aussi : 

Rends toi sur https://www.java.com/fr/download/manual.jsp et télécharge la dernière version (si ta version actuelle n'est pas à jour) ou ici https://filehippo.com/download_jre_32/?ex=CORE-116.0 
Après avoir installé la dernière version, désinstalle les anciennes versions (de Java) afin d’éliminer les failles de sécurité présentes dans ces anciennes versions. 
via Démarrer / Paramètres / Panneau de config / et dans Ajout/Suppression de programmes navigue jusqu'aux anciennes versions de la console Java qui s'y trouvent, puis clique sur « Supprimer », suis les invites de commandes dans la boite de dialogue qui va s'ouvrir afin d'amener la désinstallation à son terme. 
Fais cela pour chacune d'elles, une à une, fais redémarrer ton PC quand cela te sera demandé . 
Retourne ensuite chez Java ci-dessus et clique sur le bouton "Vérifier l'installation" pour t'assurer que tout est en ordre. 

========================================================================= 

=> Rappel sur les principales causes d'infection : 

* L'utilisation de cracks ou keygens est à proscrire, de même que le surf sur les sites de téléchargement de ceux-ci : 

Les dangers des cracks : http://forum.malekal.com/ftopic893.php 

Le crack dans toute sa splendeur, journal d'une infection attendue : 
https://forum.zebulon.fr/topic/93281-pr%C3%A9vention-le-crack-dans-toute-sa-splendeur/ 

* Le P2P ( l'utilisation de logiciels comme eMule, Sharazaa, LimeWire, Bit torrent): 

Les conséquences du P2P : https://forum.zebulon.fr/topic/85544-pr%C3%A9vention-le-p2p-et-ses-cons%C3%A9quences/ 

Pourquoi éviter le P2P : http://www.speedweb1.org/forum-tesgaz/viewtopic.php?t=1793 
https://lexpansion.lexpress.fr/actualite-economique/ 

* Prévention sur deux autres types d'infection d'actualité : 

MSN prévention : https://forum.zebulon.fr/topic/130590-infection-par-msn-ou-wlm/ 

Infection par supports amovibles (clefs usb, flash, DD externes ..) https://forum.zebulon.fr/topic/131959-infections-par-supports-amovibles/ 
https://forum.malekal.com/viewtopic.php?f=45&t=5544 

========================================================================= 
( merci le sioux )


Voilà ....

Bonne continuation à toi  =)

A+

Tintino · Answer

Merci pour ces derniers conseils  (j'en connaissais déjà une bonne partie, mais un rappel ne fait jamais de tort)

Et encore un grand merci pour tout le travail que toi et tes amis, faites 

On peut donc considérer ce problème comme résolu

J'espère ne plus devoir  discuter avec toi  (à propos de Baggle en tout cas car ca voudrait dire que j'suis de nouveau infecté, lol)   Mais n'y vois là aucune remarque négative , hein ! !  Car de ton travail et de tes conseils, je suis ON NE PEUT PLUS satisfait !!


Bonne continuation et bon travail auprès des autres contaminés :)

JE cloture ici 
bonne fin de week-end 

et . .. encore une fois, M E R C I  !!

Tintino · Answer

je n'ai pas trouver comment changer le statut de ce topic 
Peut-être es-ce toi qui peut le faire ?  ?

Lyonnais92 · Answer

Bonsoir,

résolu le résolu lol.

Antivirus n est pas 1Application Win32 valide

42 réponses

Discussions similaires