Sujet Précédent Sujet Suivant

Antivirus n est pas 1Application Win32 valide

Résolu/Fermé
Tintino - 29 juin 2008 à 23:13
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 - 6 juil. 2008 à 23:07
Bonjour à tous,

Et bien voilà, je viens également d'etre contaminé par un virus (Baggle?) et , (HONTE A MOI!!), je n'avais pas d'anti virus au moment de l'infection.
J'ai donc evidemment immédiatement tenté d'installer un anti virus mais sans succès.
Soit l'installation n'allait pas jusqu'au bout (erreur de démarrage de service) , soit l'installation d'un autre antivirus allait jusqu'au bout mais il ne se lançait pas au démarrage du PC et envoulant le lancer manuellement, j'ai le message d'erreur " . .. N'est pas une application Win32 valide"
Ne voulant pas rester sur cet échec, j'ai tenté d'autres anti virus gratuits (AVG, Avast) comme payant (Kapersky, Nod32) mais avec toujours ce même message à la clé. ( pas une application Win 32 valide) :-(

En parcourant les conseils prodigués par vos précieux experts (notamment ce post qui semblait avoir le même problème que moi : http://www.commentcamarche.net/forum/affich 6660016 exe n est pas une application win32 valide#0) , combofix avait été conseillé afin de fournir un rapport

J'ai donc fait tourner combofix une fois, et le log indiquait que plusieurs fichiers infectés avaient été supprimés et je pensais donc que le virus était éradiqué (à tort)
J'ai alors retenté l'installation d'antivirus, mais .. . en vain !

J'ai alors relancé une deuxième exécution de combofix et, à mon grand désespoir, de nouveaux fichiers infectés etaient apparus ..

D'habitude, je parviens tjs à me débrouiller seul pour résoudre ce genre de problème mais cette fois-ci, je préfère faire appel a des gens experts en la matière :)
J'espère que vous pourrez m'aider

PS : Je vous joins le dernier log de Combofix (j'ai toujours le 1er log à votre disposition, si vous le voulez)
J'ai essayé de vous fournir un log de Hijackthis, mais pas de bol, là aussi , j'ai le message comme quoi ce n'est pas une application Win32 valide) :-(



ComboFix 08-06-20.4 - Tintino 2008-06-29 21:38:29.2 - [color=red][b]FAT32/b/colorx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1611 [GMT 2:00]
Endroit: C:\Documents and Settings\Tintino\Bureau\Domi.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Tintino\Application Data\m\data.oct
C:\Documents and Settings\Tintino\Application Data\m\list.oct
C:\Documents and Settings\Tintino\Application Data\m\shared
C:\Documents and Settings\Tintino\Application Data\m\shared\Digi].zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Digitalizer for Photoshop 1.24.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Digitalk Easy Recorder 1.4.1.2363.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Digitally Imported Radio 1.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DigitalMedia IPN Lightweight Label Printer 3.1.1.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DigitalVideo Converter 1.7.0.24.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DigitalWeb NetPatrol 2.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DigitalX Local Keylogger 1.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DigitByte MPEG Joiner 2.0.0381.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DigitByte Video Converter 3.0.3.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DigitByte WMA to WAV Converter 1.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DigitByte WMV To Wav Converter 1.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DigitClock 1.02.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Digiters DVD Cloner 3.6.6.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Digiters DVD to iPhone ConverterDigiters DVD to iPhone Converter 3.6.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Digiters DVD to iPod Converter + Video 3.6.6.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Digiters DVD to iPod Converter 3.6.6.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Digiters DVD to PSP Converter + Video to PSP Converter Suite 3.6.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Digiters DVD to PSP Converter 3.6.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Digiters DVD to Zune Converter 3.6.6.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Digiters Sound Recorder 3.6.6.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Digiters Video to iPhone Converter 3.6.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Digiters Video to iPod Converter 3.6.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Digiters Video to PSP Converter 3.6.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Digiters Video to Zune Converter 3.6.6.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DigitizeIt 1.5.8.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Digitizer 1.1.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Digitope Picture Converter 1.0.16.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DigiTv Full 1.0.6.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DigitWiz 1.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Digitzone PDF Text Converter 1.3.0.6.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Digitzone PDF to PNG Converter.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Digiview 1.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DigiWaiter DesktopClient 1.0.100.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DigiWaiter Server 1.31.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DigiWatch 1.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DigiWeather 1.2.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\digiXMAS Article Submiter 1.0.1.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\digiXMAS Submitter 3.2.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\digsby Build 13706 Beta.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Diino 4.1.1.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Diji Album Editor 7.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Diji Album Viewer 7.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dijkstra Algorithm 1.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DIKO Free 2.35.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Diko Matrix Creator 1.2.0.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Diktuon 2.0.1.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DILauncher 1.1.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dilbert 1.01.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dilbert Daily 1.0.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DILEMMA 1.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dilution Wizard 1.0 Beta.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DIManagerX 7.0.0.123 Final.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dimenes 1.5 RF.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dimension 4 5.0.35.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dimension Browser 5.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dimensional Analysis 4.2.2.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dimensions of Culture Software, Hofstede 2.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DimichSoft Advanced File Tracer 1.5.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DimichSoft Mail List Receiver 5.3.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DimichSoft SecurityDog 2.1.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DIMIN HotKeys for Winamp 0.5.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DIMIN HTML Directory Structure Creator 2.4.5.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DIMIN Image Viewer n5 5.2.1.111.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DIMIN irCommander 0.3.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DIMIN OSD 0.3.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DIMIN ShutCountDown 0.0.2.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DIMIN Smart Capturer 0.1.6.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DIMIN Viewer 5.2.5 Build 140.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dimlog 1.3.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dimon - Tinted Glasses 1.0.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DimSaver 2.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dimwit's Dictionary 1.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DIN Settings Calculator 1.1.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dina Programming Font 2.89.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DinamoMania Analog Clock 1.00.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Ding 1.05.005.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DiningPlus 1.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dinky AutoComplete Tool 1.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dinner Timer Lite 1.0.6.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dino Glade 1.3.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dino Glade Advanced 1.39.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dino Icons.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dino Island 1.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dino ScreenMate 1.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dinosaur Dystopia 1.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dinosaur Screensaver 1.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dinosaur Valley - Animated Screensaver 5.07.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dinosaur Valley - Animated Wallpaper 5.07.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dinosaurs 3D Screensaver 1.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dinosaurs Art SlideShow 1.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dinosaurs Toys Icons 1.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DINT 0.82.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Diogenes 3.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DionOnlineBackup 2.3.3..zip
C:\Documents and Settings\Tintino\Application Data\m\shared\diPacker 1.4.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DiProtector 1.2.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dipstick 3.1.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DipTrace 1.50.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DipTrace Free 1.50.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dir-To-List 1.51.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dir 2 File 1.2.2.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dir Info 2.2.40.73.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dir QuickView 1.61.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dir Utils 1.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dir2Clpbrd 1.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\dir2html 1.0.6.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DIR2HTML 1.1.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\dir2html 2.7.41.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dir2HTML 3.32.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Dir2XML 0.1.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\dIRC 2.2.0.1.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DirCase 1.0.0.1.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DirCmp 1.0 Build 4.4.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DirCollector 1.0.1.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DirComp 2.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DirCompare 2.1.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DirDate 4.1.2.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\DirDup 1.0g.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Direcscape 1.1.0.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Direct Access 1.6.6.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Direct Audio CD 3.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Direct Audio Converter and CD Ripper 2.0.7.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Direct Audio Recorder 3.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Direct Click 1.0.0.114.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Direct Connect Hub 2.2.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Direct dial XP 4.0.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Direct Draw 1.zip
C:\Documents and Settings\Tintino\Application Data\m\shared\Direct e-mail 1.0.zip
C:\Documents and Settings\Tintino\Application Data\m\srvlist.oct
C:\WINDOWS\system32\drivers\downld
C:\Documents and Settings\Tintino\Application Data\m . . . . Echec de suppression
C:\WINDOWS\system32\drivers\hldrrr.exe . . . . Echec de suppression
C:\WINDOWS\system32\drivers\mdelk.exe . . . . Echec de suppression
C:\WINDOWS\system32\drivers\srosa.sys . . . . Echec de suppression

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-28 to 2008-06-29 ))))))))))))))))))))))))))))))))))))
.

2008-06-29 18:34 . 2008-06-29 18:34 <REP> d-------- C:\Program Files\Trend Micro
2008-06-29 16:19 . 2008-06-29 16:19 <REP> d-------- C:\Program Files\CCleaner
2008-06-29 15:59 . 2008-06-29 15:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-29 15:47 . 2008-06-29 15:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-28 23:22 . 2008-06-28 23:22 <REP> d-------- C:\Documents and Settings\Tintino\Application Data\CyberLink
2008-06-28 23:22 . 2008-06-28 23:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-28 11:29 . 2008-06-28 11:29 <REP> d-------- C:\Program Files\DJ Mix Pro
2008-06-28 00:51 . 2008-06-28 00:51 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-06-28 00:26 . 2008-06-28 00:26 <REP> d--h----- C:\Documents and Settings\Tintino\Application Data\m
2008-06-28 00:15 . 2008-06-28 00:15 <REP> d-------- C:\Documents and Settings\Tintino\Application Data\MSNInstaller
2008-06-28 00:00 . 2008-06-28 00:00 <REP> d-------- C:\Documents and Settings\Tintino\Application Data\AVGTOOLBAR
2008-06-28 00:00 . 2008-06-28 00:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-27 22:56 . 2008-06-27 22:56 34,143 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-06-27 22:56 . 2008-06-27 22:56 29,730 --a------ C:\WINDOWS\system32\drivers\HookCentre.sys
2008-06-11 20:52 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 20:52 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 10:30 . 2008-06-04 10:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-04 10:30 . 2007-10-19 20:16 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-06-04 10:30 . 2007-10-19 20:16 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-06-04 10:29 . 2008-06-04 10:29 <REP> d-------- C:\Program Files\QuickTime Alternative
2008-06-04 10:13 . 2008-06-22 14:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-04 10:13 . 2008-06-04 10:13 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-03 23:01 . 2008-06-03 23:01 <REP> d-------- C:\Documents and Settings\Tintino\iWizz
2008-06-03 22:59 . 2008-06-03 22:59 <REP> d-------- C:\Program Files\iWizz
2008-06-02 22:58 . 2008-06-02 22:58 <REP> d-------- C:\Documents and Settings\Tintino\Application Data\.trackballs
2008-05-29 21:46 . 2008-05-29 21:46 <REP> d-------- C:\Program Files\NewsLeecher
2008-05-29 20:37 . 2008-05-29 20:37 <REP> d-------- C:\Documents and Settings\Tintino\Downloads
2008-05-29 20:37 . 2008-05-29 20:37 <REP> d-------- C:\Documents and Settings\Tintino\Application Data\NewsLeecher

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 15:03 70,656 ----a-w C:\WINDOWS\system32\dllcache\sysinfo.exe
2008-06-29 15:03 15,360 ----a-w C:\WINDOWS\system32\dllcache\register.exe
2008-06-27 18:16 98,304 ----a-w C:\WINDOWS\DUMP47d6.tmp
2008-05-26 20:26 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2008-05-26 20:26 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll
2008-05-26 20:26 --------- d-----w C:\Program Files\Auralog
2008-05-25 19:58 --------- d-----w C:\Documents and Settings\Flo\Application Data\U3
2008-05-25 17:13 --------- d-----w C:\Documents and Settings\Flo\Application Data\IEPro
2008-05-17 09:30 --------- d-----w C:\Documents and Settings\Flo\Application Data\Thunderbird
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,294,336 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:41 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-29_18.14.27.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-29 16:10:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-29 19:49:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-29 19:49:56 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_13c.dat
+ 2008-06-29 19:50:38 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_a20.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360]
"POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [2008-03-12 00:09 1429504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]
"preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 17:09 32768]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 02:10 700416]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 20:51 53248]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 14:50 88204 C:\WINDOWS\AGRSMMSG.exe]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 05:00 455168]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 20:58 7581696]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 20:58 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 17:56 16261632 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2006-04-19 15:08 69632]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2006-04-20 09:23 86016]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00 345088]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-03-30 18:47 421888]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-06-23 10:39 225280]
"LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 15:47 331776]
"LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 15:55 73728]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 05:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"=
"C:\\WINDOWS\\System32\\muzapp.exe"=
"C:\\Documents and Settings\\Tintino\\Application Data\\m\\flec006.exe"=

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-19 12:20]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
S3 GDMnIcpt;GDMnIcpt;C:\WINDOWS\system32\drivers\MiniIcpt.sys [2008-06-27 22:56]
S3 HookCentre;HookCentre;C:\WINDOWS\system32\drivers\HookCentre.sys [2008-06-27 22:56]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S4 AVKService;AVK Service;C:\Program Files\G DATA InternetSecurity\AVK\AVKService.exe []
S4 AVKWCtl;Gardien d'AVK;C:\Program Files\G DATA InternetSecurity\AVK\AVKWCtl.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8399962-559d-11dc-92d8-0018de78e39a}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - SROSA
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 21:50:43
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cach‚s ...

C:\Documents and Settings\Tintino\Application Data\m\flec006.exe [2980] 0x8969E6B8

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"drvsyskit"="C:\\WINDOWS\\system32\\drivers\\hldrrr.exe"
"mule_st_key"="C:\\Documents and Settings\\Tintino\\Application Data\\m\\flec006.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\srosa]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\srosa.sys"
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\LOGITECH\LVMVFM\LVPRCSRV.EXE
C:\ACER\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE
C:\WINDOWS\EHOME\EHRECVR.EXE
C:\WINDOWS\EHOME\EHSCHED.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE
C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
C:\ACER\EMPOWERING TECHNOLOGY\ELOCK\SERVICE\ELOCKSERV.EXE
C:\WINDOWS\EHOME\MCRDSVC.EXE
C:\WINDOWS\SYSTEM32\DLLHOST.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\EHOME\EHMSAS.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\SYSTEM32\IMAPI.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-29 21:54:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-29 19:54:38

Pre-Run: 43,296,522,240 octets libres
Post-Run: 42,111,664,128 octets libres

329 --- E O F --- 2008-06-21 11:01:09

42 réponses

Précédent
Réponse 21 / 42
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
30 juin 2008 à 23:37
En attendant, je constate que le pad intégré à mon clavier (celui qui me permet de faire défiler les pages sans passer par l'ascenseur présent sur les pages) ne fonctionne toujours pas depuis que j'ai eu ce virus :(
Tu as une idée ? :-/
---> pas pour l'instant ...
0
Réponse 22 / 42
Tintino
2 juil. 2008 à 21:18
Bonsoir

Me voilà de retour et je constate que les derniers messages de Ske69 ont été supprimes ?
que s'est il passé ?
Normalement, il y avait déjà une 2ème page ou Ske69 me conseillait de mettre Antivir

heuuuuu, c'est moi qui ai un problème ?
0
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
2 juil. 2008 à 21:22
Salut,
non pas de message supprimer ^^
regarde juste en bas à droite de ma réponse , tu peut basculer sur la page précédante ....

Fais la manipe du poste 23 :
http://www.commentcamarche.net/forum/affich 7145344 antivirus n est pas 1application win32 valide#23
0
Réponse 23 / 42
Tintino
2 juil. 2008 à 21:25
Oups, c'etait l'affichage incorrect, le reresh de la page a tout fait rentrer dans l'ordre
Alors, Ske69, voici les rapports en question

(Désolé pour le retard mais je n'ai pas eu le temps de venir poster le log hier soi)
J'ai fait le scan du PC en 2 fois car il a pris beaucoup de temps . Je te joins donc les 2 logs



Avira AntiVir Personal
Report file date: lundi 30 juin 2008 23:48

Scanning for 1369578 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Tintino
Computer name: TINTINOBILE

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:58
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:38
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:24
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:42
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 21:36:52
ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 21:36:54
ANTIVIR3.VDF : 7.0.5.25 18432 Bytes 30/06/2008 21:36:54
Engineversion : 8.1.0.59
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:22
AESCRIPT.DLL : 8.1.0.44 278907 Bytes 30/06/2008 21:37:10
AESCN.DLL : 8.1.0.22 119157 Bytes 30/06/2008 21:37:08
AERDL.DLL : 8.1.0.20 418165 Bytes 30/06/2008 21:37:06
AEPACK.DLL : 8.1.1.6 364918 Bytes 30/06/2008 21:37:04
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 30/06/2008 21:37:02
AEHEUR.DLL : 8.1.0.32 1274231 Bytes 30/06/2008 21:37:02
AEHELP.DLL : 8.1.0.15 115063 Bytes 30/06/2008 21:36:58
AEGEN.DLL : 8.1.0.29 307573 Bytes 30/06/2008 21:36:58
AEEMU.DLL : 8.1.0.6 430451 Bytes 30/06/2008 21:36:56
AECORE.DLL : 8.1.0.31 168310 Bytes 30/06/2008 21:36:56
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:54
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:52
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:48
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:50
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:32
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:26
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:12

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: lundi 30 juin 2008 23:48

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '47' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP174\A0039982.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '48996256.qua'!
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP174\A0039985.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '4899625d.qua'!
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP175\A0041641.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '489962a1.qua'!
C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP175\A0041643.EXE
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '489962a6.qua'!
C:\QooBox\Quarantine\catchme2008-06-29_180359,07.zip
[0] Archive type: ZIP
--> hldrrr.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TA
--> mdelk.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.TA
[NOTE] The file was moved to '48dd62fc.qua'!
C:\QooBox\Quarantine\catchme2008-06-29_214558,26.zip
[0] Archive type: ZIP
--> hldrrr.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> mdelk.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48dd6301.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\146171.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '489f62db.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\3794218.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '48a262e1.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\data.oct.vir
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dd6310.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\NOD32.v.2.51.20.+.Crack.NOD.Fix.v.2.zip.vir
[0] Archive type: ZIP
--> NOD32.v.2.51.20.+.Crack.NOD.Fix.v.2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48ad6304.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dynaxa Anti-Spam 4.2.0.zip.vir
[0] Archive type: ZIP
--> Dynaxa Anti-Spam 4.2.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d76332.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\AT Electronics 4.1.14.zip.vir
[0] Archive type: ZIP
--> AT Electronics 4.1.14.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48896311.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\The Sims 2 Albino skin.zip.vir
[0] Archive type: ZIP
--> The Sims 2 Albino skin.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48ce6328.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\AdTextBox - OCX 1.0.zip.vir
[0] Archive type: ZIP
--> AdTextBox - OCX 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48bd6329.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\EventReporter 6.1.zip.vir
[0] Archive type: ZIP
--> EventReporter 6.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48ce633e.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\nod32.2.7.zip.vir
[0] Archive type: ZIP
--> nod32.2.7.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48cd633c.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\YASA 3GP Video Converter 3.7.55.1682 Cracked.zip.vir
[0] Archive type: ZIP
--> YASA 3GP Video Converter 3.7.55.1682 Cracked.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48bc6315.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\EngCalc (Pneumatic Engineering) 1.2.zip.vir
[0] Archive type: ZIP
--> EngCalc (Pneumatic Engineering) 1.2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d06347.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\EZOutlookSync Pro 1.6 (Key).zip.vir
[0] Archive type: ZIP
--> EZOutlookSync Pro 1.6 (Key).exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48b86338.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Deadlock Avoidance Simulation 1.00.zip.vir
[0] Archive type: ZIP
--> Deadlock Avoidance Simulation 1.00.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48ca6348.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Microsoft Image Resizer 1.0.zip.vir
[0] Archive type: ZIP
--> Microsoft Image Resizer 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48cc6352.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Java Script Mutator 2.5 RC3 (KeyGen).zip.vir
[0] Archive type: ZIP
--> Java Script Mutator 2.5 RC3 (KeyGen).exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48df634e.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\WiPeer 0.572.zip.vir
[0] Archive type: ZIP
--> WiPeer 0.572.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48b9635b.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Free Option Calculator 1.42.zip.vir
[0] Archive type: ZIP
--> Free Option Calculator 1.42.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48ce6369.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\StopPop 2.0.7.zip.vir
[0] Archive type: ZIP
--> StopPop 2.0.7.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d8636f.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Date Calculator 2.68.zip.vir
[0] Archive type: ZIP
--> Date Calculator 2.68.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dd6360.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\ShortcutsMan 1.01.zip.vir
[0] Archive type: ZIP
--> ShortcutsMan 1.01.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d8636b.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Accio Italian-English Dictionary (Win) 1.0.3.zip.vir
[0] Archive type: ZIP
--> Accio Italian-English Dictionary (Win) 1.0.3.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48cc636a.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Commodity Prices 1.1.zip.vir
[0] Archive type: ZIP
--> Commodity Prices 1.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d6637b.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Call Accounting Mate 2.6.1.98b.zip.vir
[0] Archive type: ZIP
--> Call Accounting Mate 2.6.1.98b.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d56375.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\TubeHD 1.1.0.0 (With Crack).zip.vir
[0] Archive type: ZIP
--> TubeHD 1.1.0.0 (With Crack).exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48cb638c.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\PortMarshaller 1.2.49.zip.vir
[0] Archive type: ZIP
--> PortMarshaller 1.2.49.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48db6389.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dupy Scan 1.0.0.zip.vir
[0] Archive type: ZIP
--> Dupy Scan 1.0.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d96391.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Game of Lives 1.3.zip.vir
[0] Archive type: ZIP
--> Game of Lives 1.3.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d6637f.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Web Control for Parents 4.0.zip.vir
[0] Archive type: ZIP
--> Web Control for Parents 4.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48cb6387.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\NRITB Indian Radio Toolbar 0507.zip.vir
[0] Archive type: ZIP
--> NRITB Indian Radio Toolbar 0507.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48b26376.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\PChord 1.zip.vir
[0] Archive type: ZIP
--> PChord 1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d16369.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Altdo Mp3 Record&Edit Audio Master 2.0 [Key+Serial].zip.vir
[0] Archive type: ZIP
--> Altdo Mp3 Record&Edit Audio Master 2.0 [Key+Serial].exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dd6394.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\My Collections 1.0 Beta [With Crack].zip.vir
[0] Archive type: ZIP
--> My Collections 1.0 Beta [With Crack].exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '488963a5.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Scrabble Complete 1.0.zip.vir
[0] Archive type: ZIP
--> Scrabble Complete 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48db6391.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Microsoft Office XP Update SP-2.zip.vir
[0] Archive type: ZIP
--> Microsoft Office XP Update SP-2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48cc6399.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DreamCalc Professional 3.5.1.zip.vir
[0] Archive type: ZIP
--> DreamCalc Professional 3.5.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48ce63a6.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Shellbook 1.1.3.zip.vir
[0] Archive type: ZIP
--> Shellbook 1.1.3.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48ce639e.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Mobile CricketCast for Windows Smartphone 2005 1.zip.vir
[0] Archive type: ZIP
--> Mobile CricketCast for Windows Smartphone 2005 1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48cb63a6.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Unreal Tournament 2003 - Angelina Jolie skin.zip.vir
[0] Archive type: ZIP
--> Unreal Tournament 2003 - Angelina Jolie skin.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48db63aa.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Stylist Style Generator 3.0.0.4.zip.vir
[0] Archive type: ZIP
--> Stylist Style Generator 3.0.0.4.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48e263b4.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\LinkStash 1.7.2.zip.vir
[0] Archive type: ZIP
--> LinkStash 1.7.2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d763aa.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DS Snow 1.0.zip.vir
[0] Archive type: ZIP
--> DS Snow 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48896397.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\AutoKeys Automatic Typing Macros 2.1 (Key+Serial).zip.vir
[0] Archive type: ZIP
--> AutoKeys Automatic Typing Macros 2.1 (Key+Serial).exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dd63bd.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Table Animator 1.1.zip.vir
[0] Archive type: ZIP
--> Table Animator 1.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48cb63ab.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Convert My Records 1.02.zip.vir
[0] Archive type: ZIP
--> Convert My Records 1.02.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d763bb.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Online Privacy Pro 3.zip.vir
[0] Archive type: ZIP
--> Online Privacy Pro 3.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d563bb.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\KernelDriver 6.1.zip.vir
[0] Archive type: ZIP
--> KernelDriver 6.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48db63b4.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Kristanna Loken sex-IE- Screensaver - BabeSavers 1.zip.vir
[0] Archive type: ZIP
--> Kristanna Loken sex-IE- Screensaver - BabeSavers 1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d263c3.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Atomic AIM Password Recovery 1.10 (KeyGen).zip.vir
[0] Archive type: ZIP
--> Atomic AIM Password Recovery 1.10 (KeyGen).exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d863c9.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\StrataSearch 3.01a.zip.vir
[0] Archive type: ZIP
--> StrataSearch 3.01a.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48db63cb.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Legends of Might and Magic demo patch.zip.vir
[0] Archive type: ZIP
--> Legends of Might and Magic demo patch.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d063bf.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DC Form Flipper 1.zip.vir
[0] Archive type: ZIP
--> DC Form Flipper 1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '4889639e.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Group Mail Manager Professional 2.2.33.zip.vir
[0] Archive type: ZIP
--> Group Mail Manager Professional 2.2.33.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d863cf.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Avex DVD Ripper Platinum 4 build 05.zip.vir
[0] Archive type: ZIP
--> Avex DVD Ripper Platinum 4 build 05.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48ce63d5.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Absolute Blue 1.5.2.zip.vir
[0] Archive type: ZIP
--> Absolute Blue 1.5.2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dc63c3.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Sun Certified Programmer for JAVA 2 Platform [310-025] 6.10.05.zip.vir
[0] Archive type: ZIP
--> Sun Certified Programmer for JAVA 2 Platform [310-025] 6.10.05.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d763db.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Windows XP RDP Protocol Security Vulnerability Patch MS02-051.zip.vir
[0] Archive type: ZIP
--> Windows XP RDP Protocol Security Vulnerability Patch MS02-051.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d763d1.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Sort it Later 0.2.zip.vir
[0] Archive type: ZIP
--> Sort it Later 0.2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48db63d9.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Maintaining Weight Loss 1.0.zip.vir
[0] Archive type: ZIP
--> Maintaining Weight Loss 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d263cd.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Advanced Data Export 3.4.7.0.zip.vir
[0] Archive type: ZIP
--> Advanced Data Export 3.4.7.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48df63d3.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\AW WordNet English Dictionary 2.1.zip.vir
[0] Archive type: ZIP
--> AW WordNet English Dictionary 2.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '488963c9.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Tornado Flash Player 1.7 Crack.zip.vir
[0] Archive type: ZIP
--> Tornado Flash Player 1.7 Crack.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48db63e4.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\AReporter 1.06.zip.vir
[0] Archive type: ZIP
--> AReporter 1.06.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48ce63ca.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\StaffTracker 1.1.35.zip.vir
[0] Archive type: ZIP
--> StaffTracker 1.1.35.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48ca63f1.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\SpeedFiler 1.1.2 (Patch).zip.vir
[0] Archive type: ZIP
--> SpeedFiler 1.1.2 (Patch).exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48ce63ef.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\eRez Imaging Server 4.1.1 (Key).zip.vir
[0] Archive type: ZIP
--> eRez Imaging Server 4.1.1 (Key).exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '496dc96e.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Aquatica 3D 2.0 Crack.zip.vir
[0] Archive type: ZIP
--> Aquatica 3D 2.0 Crack.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48de63f8.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\The Software Safe 2.0.zip.vir
[0] Archive type: ZIP
--> The Software Safe 2.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48ce63f0.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\3D Grapher 1.21 Crack.zip.vir
[0] Archive type: ZIP
--> 3D Grapher 1.21 Crack.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '488963cf.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Unreal Tournament 2003 - Hurt Conveyor skin.zip.vir
[0] Archive type: ZIP
--> Unreal Tournament 2003 - Hurt Conveyor skin.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48db63fd.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Xlpd 2.1 Build 0304.zip.vir
[0] Archive type: ZIP
--> Xlpd 2.1 Build 0304.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d963ff.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Circle-U 1.zip.vir
[0] Archive type: ZIP
--> Circle-U 1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48db63ff.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\honestech VHS to DVD 3.0.zip.vir
[0] Archive type: ZIP
--> honestech VHS to DVD 3.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d76407.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Showcalc 5.1.zip.vir
[0] Archive type: ZIP
--> Showcalc 5.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d86403.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\SQLClean 2.3.76 (Serial).zip.vir
[0] Archive type: ZIP
--> SQLClean 2.3.76 (Serial).exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48b563f0.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\BeaTunes 1.2.1.zip.vir
[0] Archive type: ZIP
--> BeaTunes 1.2.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48ca6405.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Daisy Reversi 3.1.zip.vir
[0] Archive type: ZIP
--> Daisy Reversi 3.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d26405.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\IBM WebSphere IIS DataStage Enterprise Edition Practice Test Questions 1.0.zip.vir
[0] Archive type: ZIP
--> IBM WebSphere IIS DataStage Enterprise Edition Practice Test Questions 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48b663e9.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\E20-540 Practice Exam Testing Engine Software 1.0.zip.vir
[0] Archive type: ZIP
--> E20-540 Practice Exam Testing Engine Software 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '489963db.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Holidays Manager 1.0 Patch.zip.vir
[0] Archive type: ZIP
--> Holidays Manager 1.0 Patch.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d56419.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Symantec.Norton.Antivirus.2007.Full.version.+.Keygen.updated-fixed.Release.01-2007.zip.vir
[0] Archive type: ZIP
--> Symantec.Norton.Antivirus.2007.Full.version.+.Keygen.updated-fixed.Release.01-2007.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d66425.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Mobile Jigsaw (Treo 700w) 1.01.zip.vir
[0] Archive type: ZIP
--> Mobile Jigsaw (Treo 700w) 1.01.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48cb641e.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\CenturionPlayer 2.5.5 [Serial].zip.vir
[0] Archive type: ZIP
--> CenturionPlayer 2.5.5 [Serial].exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d76416.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Click'n View 4.2.0.8 Serial.zip.vir
[0] Archive type: ZIP
--> Click'n View 4.2.0.8 Serial.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d2641f.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\File Access Scheduler 4.56.zip.vir
[0] Archive type: ZIP
--> File Access Scheduler 4.56.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d5641d.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Unreal Tournament 2003 - First deathmatch map.zip.vir
[0] Archive type: ZIP
--> Unreal Tournament 2003 - First deathmatch map.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48db6424.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Launcher 1.5.7.zip.vir
[0] Archive type: ZIP
--> Launcher 1.5.7.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48de641b.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\GSGlossary 1.0.zip.vir
[0] Archive type: ZIP
--> GSGlossary 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48b06411.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Super MP3 Converter 4.2.11.zip.vir
[0] Archive type: ZIP
--> Super MP3 Converter 4.2.11.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d96434.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Halo Combat Evolved Super Stunt Track map.zip.vir
[0] Archive type: ZIP
--> Halo Combat Evolved Super Stunt Track map.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d56422.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\BlatBatch - Buisness Edition 0.9.2.zip.vir
[0] Archive type: ZIP
--> BlatBatch - Buisness Edition 0.9.2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48ca6430.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Code Amber Amber Alert Desktop Ticker 1.1 (Patch).zip.vir
[0] Archive type: ZIP
--> Code Amber Amber Alert Desktop Ticker 1.1 (Patch).exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48cd6436.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Wild Horses 3D 1.zip.vir
[0] Archive type: ZIP
--> Wild Horses 3D 1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d56432.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\LandscapeHelper 1.0 [Cracked].zip.vir
[0] Archive type: ZIP
--> LandscapeHelper 1.0 [Cracked].exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d76430.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\LingvoSoft Talking Picture Dictionary 2007 Russian - Czech 1.1.18 [With Crack].zip.vir
[0] Archive type: ZIP
--> LingvoSoft Talking Picture Dictionary 2007 Russian - Czech 1.1.18 [With Crack].exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d7643a.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Multiple Text Files to MS Word Document Convert Software 7.0 [Serial].zip.vir
[0] Archive type: ZIP
--> Multiple Text Files to MS Word Document Convert Software 7.0 [Serial].exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d5644a.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Earthquake 3D 2.42.zip.vir
[0] Archive type: ZIP
--> Earthquake 3D 2.42.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48db6439.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Visual Mortgage Loan Calculator 1.31.zip.vir
[0] Archive type: ZIP
--> Visual Mortgage Loan Calculator 1.31.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dc6442.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Active GIF Creator 3.0.zip.vir
[0] Archive type: ZIP
--> Active GIF Creator 3.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dd643d.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\TrlD File Identifier for .NET 1.8.zip.vir
[0] Archive type: ZIP
--> TrlD File Identifier for .NET 1.8.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d5644d.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\The Library of Cooking 1.0.zip.vir
[0] Archive type: ZIP
--> The Library of Cooking 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48ce6448.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\FotoFinish 3.01.zip.vir
[0] Archive type: ZIP
--> FotoFinish 3.01.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dd6451.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\PCMaid 1.0.1626.zip.vir
[0] Archive type: ZIP
--> PCMaid 1.0.1626.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48b66428.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Mailing List Deluxe 6.21.zip.vir
[0] Archive type: ZIP
--> Mailing List Deluxe 6.21.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d26448.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Brief text editor 4.00 [Key].zip.vir
[0] Archive type: ZIP
--> Brief text editor 4.00 [Key].exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d2645a.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Fox DVD Ripper 8.0.1.1 [Serial].zip.vir
[0] Archive type: ZIP
--> Fox DVD Ripper 8.0.1.1 [Serial].exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48e1645c.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\4D AudioPlayer SGLX 1.5.zip.vir
[0] Archive type: ZIP
--> 4D AudioPlayer SGLX 1.5.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48896434.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Pretty Printer for Visual Basic 6.0.134.zip.vir
[0] Archive type: ZIP
--> Pretty Printer for Visual Basic 6.0.134.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48ce6465.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\naisQuest 1.0.2 build 4966.zip.vir
[0] Archive type: ZIP
--> naisQuest 1.0.2 build 4966.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d26458.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\FINDMIDI 1.0.zip.vir
[0] Archive type: ZIP
--> FINDMIDI 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48b76442.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\SMS Forwarder 1.2.zip.vir
[0] Archive type: ZIP
--> SMS Forwarder 1.2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48bc6447.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DotMouse 1.2.zip.vir
[0] Archive type: ZIP
--> DotMouse 1.2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dd646b.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\FlexiGallery 1.0.zip.vir
[0] Archive type: ZIP
--> FlexiGallery 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48ce646b.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\EBook Maestro PRO 1.80 KeyGen.zip.vir
[0] Archive type: ZIP
--> EBook Maestro PRO 1.80 KeyGen.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d86443.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\AssociativeLogview 2.1.zip.vir
[0] Archive type: ZIP
--> AssociativeLogview 2.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dc6476.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Acez MP3 WAV Converter 3.0.6.zip.vir
[0] Archive type: ZIP
--> Acez MP3 WAV Converter 3.0.6.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48ce6468.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Paquete.Avg.7.5.--.Antivirus.Y.Antispyware.Número.De.Licencia.--.(By.Fasu).zip.vir
[0] Archive type: ZIP
--> Paquete.Avg.7.5.--.Antivirus.Y.Antispyware.Nᅢᄎmero.De.Licencia.--.(By.Fasu).exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48da6468.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\1-ACT Personal Firewall 2006 1.0.zip.vir
[0] Archive type: ZIP
--> 1-ACT Personal Firewall 2006 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48aa6438.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\WebSlower 2.0.2.zip.vir
[0] Archive type: ZIP
--> WebSlower 2.0.2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48cb6473.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\dToolz 1.02.zip.vir
[0] Archive type: ZIP
--> dToolz 1.02.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d86465.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Software Update Service StandAlone 1.004 Key+Serial.zip.vir
[0] Archive type: ZIP
--> Software Update Service StandAlone 1.004 Key+Serial.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48cf6483.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\QuickWrite Professional (Spanish) 2.3.zip.vir
[0] Archive type: ZIP
--> QuickWrite Professional (Spanish) 2.3.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d2648c.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Bricksoft MSN Messenger VCL Component 1.10 [Serial].zip.vir
[0] Archive type: ZIP
--> Bricksoft MSN Messenger VCL Component 1.10 [Serial].exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d2648b.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Video to FLV and SWF Converter 2.0.zip.vir
[0] Archive type: ZIP
--> Video to FLV and SWF Converter 2.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48cd6484.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\iAppoint 0.5.1.zip.vir
[0] Archive type: ZIP
--> iAppoint 0.5.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d96463.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Unreal Tournament 2003 - Sophia skin.zip.vir
[0] Archive type: ZIP
--> Unreal Tournament 2003 - Sophia skin.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48db6492.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Absolute DVD Copy 1.3.5.zip.vir
[0] Archive type: ZIP
--> Absolute DVD Copy 1.3.5.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dc6489.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Datacatch Librarian Standard 1.0.1.9.zip.vir
[0] Archive type: ZIP
--> Datacatch Librarian Standard 1.0.1.9.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dd648c.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Multi-Task Schedulers 7.8 (Patch).zip.vir
[0] Archive type: ZIP
--> Multi-Task Schedulers 7.8 (Patch).exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d564a2.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\McAfee VirusScan Enterprise 8.0i.zip.vir
[0] Archive type: ZIP
--> McAfee VirusScan Enterprise 8.0i.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48aa6495.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Mallik's MoneyWise 2.0.zip.vir
[0] Archive type: ZIP
--> Mallik's MoneyWise 2.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d56497.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Peer Impact 3.0.0.167.zip.vir
[0] Archive type: ZIP
--> Peer Impact 3.0.0.167.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48ce649d.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digiters Video to PSP Converter 3.6.zip.vir
[0] Archive type: ZIP
--> Digiters Video to PSP Converter 3.6.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d064a3.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigitByte WMV To Wav Converter 1.0.zip.vir
[0] Archive type: ZIP
--> DigitByte WMV To Wav Converter 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d064a6.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigitClock 1.02.zip.vir
[0] Archive type: ZIP
--> DigitClock 1.02.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d064a8.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digiters DVD Cloner 3.6.6.zip.vir
[0] Archive type: ZIP
--> Digiters DVD Cloner 3.6.6.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d064ac.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digiters DVD to PSP Converter 3.6.zip.vir
[0] Archive type: ZIP
--> Digiters DVD to PSP Converter 3.6.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d064ae.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigiWaiter Server 1.31.zip.vir
[0] Archive type: ZIP
--> DigiWaiter Server 1.31.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d064b0.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digiters DVD to iPhone ConverterDigiters DVD to iPhone Converter 3.6.zip.vir
[0] Archive type: ZIP
--> Digiters DVD to iPhone ConverterDigiters DVD to iPhone Converter 3.6.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d064b3.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digiters DVD to iPod Converter + Video 3.6.6.zip.vir
[0] Archive type: ZIP
--> Digiters DVD to iPod Converter + Video 3.6.6.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d064b5.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digiters DVD to iPod Converter 3.6.6.zip.vir
[0] Archive type: ZIP
--> Digiters DVD to iPod Converter 3.6.6.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d064b7.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digiters DVD to PSP Converter + Video to PSP Converter Suite 3.6.zip.vir
[0] Archive type: ZIP
--> Digiters DVD to PSP Converter + Video to PSP Converter Suite 3.6.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d064bd.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digiters Sound Recorder 3.6.6.zip.vir
[0] Archive type: ZIP
--> Digiters Sound Recorder 3.6.6.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d064be.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digiters DVD to Zune Converter 3.6.6.zip.vir
[0] Archive type: ZIP
--> Digiters DVD to Zune Converter 3.6.6.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d064c0.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigitizeIt 1.5.8.zip.vir
[0] Archive type: ZIP
--> DigitizeIt 1.5.8.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d064c4.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DINT 0.82.zip.vir
[0] Archive type: ZIP
--> DINT 0.82.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48b764a8.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digiters Video to iPhone Converter 3.6.zip.vir
[0] Archive type: ZIP
--> Digiters Video to iPhone Converter 3.6.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d064ca.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digiters Video to iPod Converter 3.6.zip.vir
[0] Archive type: ZIP
--> Digiters Video to iPod Converter 3.6.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d064cd.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digiters Video to Zune Converter 3.6.6.zip.vir
[0] Archive type: ZIP
--> Digiters Video to Zune Converter 3.6.6.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d064d2.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digitizer 1.1.zip.vir
[0] Archive type: ZIP
--> Digitizer 1.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d064d4.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigiTv Full 1.0.6.zip.vir
[0] Archive type: ZIP
--> DigiTv Full 1.0.6.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d064d6.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digitope Picture Converter 1.0.16.zip.vir
[0] Archive type: ZIP
--> Digitope Picture Converter 1.0.16.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d064d7.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigitWiz 1.0.zip.vir
[0] Archive type: ZIP
--> DigitWiz 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d064da.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digiview 1.0.zip.vir
[0] Archive type: ZIP
--> Digiview 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d064dc.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digitzone PDF Text Converter 1.3.0.6.zip.vir
[0] Archive type: ZIP
--> Digitzone PDF Text Converter 1.3.0.6.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d064de.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digitzone PDF to PNG Converter.zip.vir
[0] Archive type: ZIP
--> Digitzone PDF to PNG Converter.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d064e2.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DimichSoft Advanced File Tracer 1.5.zip.vir
[0] Archive type: ZIP
--> DimichSoft Advanced File Tracer 1.5.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d664e5.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigiWaiter DesktopClient 1.0.100.zip.vir
[0] Archive type: ZIP
--> DigiWaiter DesktopClient 1.0.100.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d064e7.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigiWatch 1.0.zip.vir
[0] Archive type: ZIP
--> DigiWatch 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d064ea.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigiWeather 1.2.zip.vir
[0] Archive type: ZIP
--> DigiWeather 1.2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d064ec.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\digiXMAS Article Submiter 1.0.1.zip.vir
[0] Archive type: ZIP
--> digiXMAS Article Submiter 1.0.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d064ef.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\digiXMAS Submitter 3.2.0.zip.vir
[0] Archive type: ZIP
--> digiXMAS Submitter 3.2.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d064f1.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\digsby Build 13706 Beta.zip.vir
[0] Archive type: ZIP
--> digsby Build 13706 Beta.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d064f5.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Diino 4.1.1.zip.vir
[0] Archive type: ZIP
--> Diino 4.1.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d264f8.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Diji Album Editor 7.0.zip.vir
[0] Archive type: ZIP
--> Diji Album Editor 7.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d364fb.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Diji Album Viewer 7.0.zip.vir
[0] Archive type: ZIP
--> Diji Album Viewer 7.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d364ff.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dijkstra Algorithm 1.0.zip.vir
[0] Archive type: ZIP
--> Dijkstra Algorithm 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d36501.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DIKO Free 2.35.zip.vir
[0] Archive type: ZIP
--> DIKO Free 2.35.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48b464e4.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Diko Matrix Creator 1.2.0.0.zip.vir
[0] Archive type: ZIP
--> Diko Matrix Creator 1.2.0.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d46506.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Diktuon 2.0.1.zip.vir
[0] Archive type: ZIP
--> Diktuon 2.0.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d46508.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DILauncher 1.1.zip.vir
[0] Archive type: ZIP
--> DILauncher 1.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48b564ea.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dilbert 1.01.zip.vir
[0] Archive type: ZIP
--> Dilbert 1.01.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d5650c.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dilbert Daily 1.0.0.zip.vir
[0] Archive type: ZIP
--> Dilbert Daily 1.0.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d56511.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DILEMMA 1.0.zip.vir
[0] Archive type: ZIP
--> DILEMMA 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48b564f3.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dilution Wizard 1.0 Beta.zip.vir
[0] Archive type: ZIP
--> Dilution Wizard 1.0 Beta.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d56515.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DIManagerX 7.0.0.123 Final.zip.vir
[0] Archive type: ZIP
--> DIManagerX 7.0.0.123 Final.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48b664f7.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dimenes 1.5 RF.zip.vir
[0] Archive type: ZIP
--> Dime
0
Réponse 24 / 42
Tintino
2 juil. 2008 à 21:27
Et voici le 2ème log



Avira AntiVir Personal
Report file date: mardi 1 juillet 2008 22:09

Scanning for 1369578 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Tintino
Computer name: TINTINOBILE

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:58
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:38
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:24
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:42
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 21:36:52
ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 21:36:54
ANTIVIR3.VDF : 7.0.5.25 18432 Bytes 30/06/2008 21:36:54
Engineversion : 8.1.0.59
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:22
AESCRIPT.DLL : 8.1.0.44 278907 Bytes 30/06/2008 21:37:10
AESCN.DLL : 8.1.0.22 119157 Bytes 30/06/2008 21:37:08
AERDL.DLL : 8.1.0.20 418165 Bytes 30/06/2008 21:37:06
AEPACK.DLL : 8.1.1.6 364918 Bytes 30/06/2008 21:37:04
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 30/06/2008 21:37:02
AEHEUR.DLL : 8.1.0.32 1274231 Bytes 30/06/2008 21:37:02
AEHELP.DLL : 8.1.0.15 115063 Bytes 30/06/2008 21:36:58
AEGEN.DLL : 8.1.0.29 307573 Bytes 30/06/2008 21:36:58
AEEMU.DLL : 8.1.0.6 430451 Bytes 30/06/2008 21:36:56
AECORE.DLL : 8.1.0.31 168310 Bytes 30/06/2008 21:36:56
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:54
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:52
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:48
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:50
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:32
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:26
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:12

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: mardi 1 juillet 2008 22:09

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '47' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Diogenes 3.0.zip.vir
[0] Archive type: ZIP
--> Diogenes 3.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d9a882.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DionOnlineBackup 2.3.3..zip.vir
[0] Archive type: ZIP
--> DionOnlineBackup 2.3.3..exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d9a884.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\diPacker 1.4.zip.vir
[0] Archive type: ZIP
--> diPacker 1.4.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48baa886.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DiProtector 1.2.zip.vir
[0] Archive type: ZIP
--> DiProtector 1.2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48baa888.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dipstick 3.1.zip.vir
[0] Archive type: ZIP
--> Dipstick 3.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48daa88b.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DipTrace 1.50.zip.vir
[0] Archive type: ZIP
--> DipTrace 1.50.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48daa88c.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DipTrace Free 1.50.zip.vir
[0] Archive type: ZIP
--> DipTrace Free 1.50.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48daa88f.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dir 2 File 1.2.2.zip.vir
[0] Archive type: ZIP
--> Dir 2 File 1.2.2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dca894.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dir Info 2.2.40.73.zip.vir
[0] Archive type: ZIP
--> Dir Info 2.2.40.73.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dca896.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dir QuickView 1.61.zip.vir
[0] Archive type: ZIP
--> Dir QuickView 1.61.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dca89a.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dir Utils 1.0.zip.vir
[0] Archive type: ZIP
--> Dir Utils 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dca89d.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dir-To-List 1.51.zip.vir
[0] Archive type: ZIP
--> Dir-To-List 1.51.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dca89f.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dir2Clpbrd 1.0.zip.vir
[0] Archive type: ZIP
--> Dir2Clpbrd 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dca8a3.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\dir2html 1.0.6.zip.vir
[0] Archive type: ZIP
--> dir2html 1.0.6.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dca8a8.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DIR2HTML 1.1.0.zip.vir
[0] Archive type: ZIP
--> DIR2HTML 1.1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48bca88b.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\dir2html 2.7.41.zip.vir
[0] Archive type: ZIP
--> dir2html 2.7.41.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dca8ac.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dir2HTML 3.32.zip.vir
[0] Archive type: ZIP
--> Dir2HTML 3.32.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dca8ae.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dir2XML 0.1.zip.vir
[0] Archive type: ZIP
--> Dir2XML 0.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dca8b2.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\dIRC 2.2.0.1.zip.vir
[0] Archive type: ZIP
--> dIRC 2.2.0.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48bca896.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DirCase 1.0.0.1.zip.vir
[0] Archive type: ZIP
--> DirCase 1.0.0.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dca8b8.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DirCmp 1.0 Build 4.4.zip.vir
[0] Archive type: ZIP
--> DirCmp 1.0 Build 4.4.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dca8bc.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DirCollector 1.0.1.zip.vir
[0] Archive type: ZIP
--> DirCollector 1.0.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dca8bd.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DirComp 2.0.zip.vir
[0] Archive type: ZIP
--> DirComp 2.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dca8c1.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DirCompare 2.1.zip.vir
[0] Archive type: ZIP
--> DirCompare 2.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dca8c2.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DirDate 4.1.2.zip.vir
[0] Archive type: ZIP
--> DirDate 4.1.2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dca8c6.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DirDup 1.0g.zip.vir
[0] Archive type: ZIP
--> DirDup 1.0g.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dca8c9.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Direcscape 1.1.0.0.zip.vir
[0] Archive type: ZIP
--> Direcscape 1.1.0.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dca8cb.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Direct Access 1.6.6.zip.vir
[0] Archive type: ZIP
--> Direct Access 1.6.6.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dca8cc.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Direct Audio CD 3.0.zip.vir
[0] Archive type: ZIP
--> Direct Audio CD 3.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dca8d0.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Direct Audio Converter and CD Ripper 2.0.7.zip.vir
[0] Archive type: ZIP
--> Direct Audio Converter and CD Ripper 2.0.7.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dca8d3.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Direct Audio Recorder 3.0.zip.vir
[0] Archive type: ZIP
--> Direct Audio Recorder 3.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dca8d6.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Direct Click 1.0.0.114.zip.vir
[0] Archive type: ZIP
--> Direct Click 1.0.0.114.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dca8da.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Direct Connect Hub 2.2.zip.vir
[0] Archive type: ZIP
--> Direct Connect Hub 2.2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dca8dc.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Direct dial XP 4.0.zip.vir
[0] Archive type: ZIP
--> Direct dial XP 4.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dca8e1.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Direct Draw 1.zip.vir
[0] Archive type: ZIP
--> Direct Draw 1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dca8e4.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Direct e-mail 1.0.zip.vir
[0] Archive type: ZIP
--> Direct e-mail 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48dca8e5.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digitalizer for Photoshop 1.24.zip.vir
[0] Archive type: ZIP
--> Digitalizer for Photoshop 1.24.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d1a8e8.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digitalk Easy Recorder 1.4.1.2363.zip.vir
[0] Archive type: ZIP
--> Digitalk Easy Recorder 1.4.1.2363.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d1a8eb.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Digitally Imported Radio 1.0.zip.vir
[0] Archive type: ZIP
--> Digitally Imported Radio 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d1a8ef.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigitalMedia IPN Lightweight Label Printer 3.1.1.zip.vir
[0] Archive type: ZIP
--> DigitalMedia IPN Lightweight Label Printer 3.1.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d1a8f2.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigitalVideo Converter 1.7.0.24.zip.vir
[0] Archive type: ZIP
--> DigitalVideo Converter 1.7.0.24.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d1a8f4.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigitalWeb NetPatrol 2.0.zip.vir
[0] Archive type: ZIP
--> DigitalWeb NetPatrol 2.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d1a8f8.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigitalX Local Keylogger 1.0.zip.vir
[0] Archive type: ZIP
--> DigitalX Local Keylogger 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d1a8fb.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigitByte MPEG Joiner 2.0.0381.zip.vir
[0] Archive type: ZIP
--> DigitByte MPEG Joiner 2.0.0381.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d1a8ff.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigitByte Video Converter 3.0.3.zip.vir
[0] Archive type: ZIP
--> DigitByte Video Converter 3.0.3.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d1a901.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DigitByte WMA to WAV Converter 1.0.zip.vir
[0] Archive type: ZIP
--> DigitByte WMA to WAV Converter 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d1a902.qua'!
Begin scan in 'D:\' <ACERDATA>


End of the scan: mercredi 2 juillet 2008 00:30
Used time: 2:20:46 min

The scan has been done completely.

4821 Scanning directories
194364 Files were scanned
46 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
46 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
194318 Files not concerned
7546 Archives were scanned
2 Warnings
46 Notes
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 42
Tintino
2 juil. 2008 à 21:29
Et toujours le problème avec le "bouton 4 directions" en dessous du touchpad, bouton qui permet de faire défiler les pages . . . :/
0
Réponse 26 / 42
Tintino
2 juil. 2008 à 21:35
oups, le 1er log n'a pu être posté en une seule fois, on dirait bien :(
tu as besoin de la suite, je suppose ...
alors voici la suite et fin du log 1:

C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DIManagerX 7.0.0.123 Final.zip.vir
[0] Archive type: ZIP
--> DIManagerX 7.0.0.123 Final.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48b664f7.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dimenes 1.5 RF.zip.vir
[0] Archive type: ZIP
--> Dimenes 1.5 RF.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d6651a.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dimension 4 5.0.35.zip.vir
[0] Archive type: ZIP
--> Dimension 4 5.0.35.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d6651c.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dimension Browser 5.0.zip.vir
[0] Archive type: ZIP
--> Dimension Browser 5.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d66520.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dimensional Analysis 4.2.2.zip.vir
[0] Archive type: ZIP
--> Dimensional Analysis 4.2.2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d66522.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dimensions of Culture Software, Hofstede 2.0.zip.vir
[0] Archive type: ZIP
--> Dimensions of Culture Software, Hofstede 2.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d66524.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DimichSoft Mail List Receiver 5.3.zip.vir
[0] Archive type: ZIP
--> DimichSoft Mail List Receiver 5.3.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d66527.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DimichSoft SecurityDog 2.1.zip.vir
[0] Archive type: ZIP
--> DimichSoft SecurityDog 2.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d66529.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DIMIN HotKeys for Winamp 0.5.zip.vir
[0] Archive type: ZIP
--> DIMIN HotKeys for Winamp 0.5.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48b6650c.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DIMIN HTML Directory Structure Creator 2.4.5.zip.vir
[0] Archive type: ZIP
--> DIMIN HTML Directory Structure Creator 2.4.5.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48b66510.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DIMIN Image Viewer n5 5.2.1.111.zip.vir
[0] Archive type: ZIP
--> DIMIN Image Viewer n5 5.2.1.111.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48b66514.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DIMIN irCommander 0.3.zip.vir
[0] Archive type: ZIP
--> DIMIN irCommander 0.3.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48b66516.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DIMIN OSD 0.3.zip.vir
[0] Archive type: ZIP
--> DIMIN OSD 0.3.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48b66519.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DIMIN ShutCountDown 0.0.2.zip.vir
[0] Archive type: ZIP
--> DIMIN ShutCountDown 0.0.2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48b6651d.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DIMIN Smart Capturer 0.1.6.zip.vir
[0] Archive type: ZIP
--> DIMIN Smart Capturer 0.1.6.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48b66521.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DIMIN Viewer 5.2.5 Build 140.zip.vir
[0] Archive type: ZIP
--> DIMIN Viewer 5.2.5 Build 140.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48b66523.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dimlog 1.3.zip.vir
[0] Archive type: ZIP
--> Dimlog 1.3.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d66544.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dimon - Tinted Glasses 1.0.0.zip.vir
[0] Archive type: ZIP
--> Dimon - Tinted Glasses 1.0.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d66546.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DimSaver 2.0.zip.vir
[0] Archive type: ZIP
--> DimSaver 2.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d6654b.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dimwit's Dictionary 1.0.zip.vir
[0] Archive type: ZIP
--> Dimwit's Dictionary 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d6654c.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DIN Settings Calculator 1.1.zip.vir
[0] Archive type: ZIP
--> DIN Settings Calculator 1.1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48b7652e.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dina Programming Font 2.89.zip.vir
[0] Archive type: ZIP
--> Dina Programming Font 2.89.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d76551.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DinamoMania Analog Clock 1.00.zip.vir
[0] Archive type: ZIP
--> DinamoMania Analog Clock 1.00.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d76555.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Ding 1.05.005.zip.vir
[0] Archive type: ZIP
--> Ding 1.05.005.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d76557.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\DiningPlus 1.0.zip.vir
[0] Archive type: ZIP
--> DiningPlus 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d7655c.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dinky AutoComplete Tool 1.0.zip.vir
[0] Archive type: ZIP
--> Dinky AutoComplete Tool 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d7655d.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dinner Timer Lite 1.0.6.0.zip.vir
[0] Archive type: ZIP
--> Dinner Timer Lite 1.0.6.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d76560.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dino Glade 1.3.zip.vir
[0] Archive type: ZIP
--> Dino Glade 1.3.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d76562.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dino Glade Advanced 1.39.zip.vir
[0] Archive type: ZIP
--> Dino Glade Advanced 1.39.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d76566.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dino Icons.zip.vir
[0] Archive type: ZIP
--> Dino Icons.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d76568.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dino Island 1.0.zip.vir
[0] Archive type: ZIP
--> Dino Island 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d7656b.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dino ScreenMate 1.0.zip.vir
[0] Archive type: ZIP
--> Dino ScreenMate 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d7656d.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dinosaur Dystopia 1.0.zip.vir
[0] Archive type: ZIP
--> Dinosaur Dystopia 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d7656f.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dinosaur Screensaver 1.0.zip.vir
[0] Archive type: ZIP
--> Dinosaur Screensaver 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d76573.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dinosaur Valley - Animated Screensaver 5.07.zip.vir
[0] Archive type: ZIP
--> Dinosaur Valley - Animated Screensaver 5.07.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d76576.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dinosaur Valley - Animated Wallpaper 5.07.zip.vir
[0] Archive type: ZIP
--> Dinosaur Valley - Animated Wallpaper 5.07.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d76577.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dinosaurs 3D Screensaver 1.0.zip.vir
[0] Archive type: ZIP
--> Dinosaurs 3D Screensaver 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d7657a.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Tintino\Application Data\m\shared\Dinosaurs Art SlideShow 1.0.zip.vir
[0] Archive type: ZIP
--> Dinosaurs Art SlideShow 1.0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.IW.1
[NOTE] The file was moved to '48d7657e.qua'!


End of the scan: mardi 1 juillet 2008 00:59
Used time: 1:11:16 min

The scan has been canceled!

4366 Scanning directories
154757 Files were scanned
221 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
219 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
154536 Files not concerned
7227 Archives were scanned
2 Warnings
219 Notes
0
Réponse 27 / 42
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
2 juil. 2008 à 21:57
bien ...

Supprime tout ce que AntiVir à en quarantaine ( via celle-ci biensûr )

Puis refais un scan hijackthis et postes moi le nouveau rapport obtenu ...
0
Réponse 28 / 42
Tintino
2 juil. 2008 à 22:14
Parfait! Revoici un log de HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:13:19, on 2/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Trend Micro\HijackThis\MonJack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://myprivacy.dpgmedia.be/?siteKey=atXMVFeyFP1Ki09i&callbackUrl=https%3a%2f%2fwww.7sur7.be%2fprivacy-gate%2faccept%3fredirectUri%3d%252f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://fwdservice.com
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
0
Réponse 29 / 42
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
2 juil. 2008 à 22:18
Bon ... AntiVir ok mais Norton est de trop .... Il va falloir le nettoyer :

Télécharges Norton removal tool sur ton bureau :
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe

Déconnectes toi .
Ensuite désinstales Norton avec Norton removal tool :Tu doubles click dessus et te laisses guider : il faut bien le désinstaler ( fait la manipe 2 fois si possible ).

Puis repostes un Hijackthis pour contrôler ...
0
Réponse 30 / 42
Tintino
2 juil. 2008 à 22:57
L'outil a tourné 2 fois et voici le nouveau log HijackThis :-)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:54:52, on 2/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\MonJack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://myprivacy.dpgmedia.be/?siteKey=atXMVFeyFP1Ki09i&callbackUrl=https%3a%2f%2fwww.7sur7.be%2fprivacy-gate%2faccept%3fredirectUri%3d%252f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://fwdservice.com
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
0
Réponse 31 / 42
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
2 juil. 2008 à 23:14
1-Fermes toutes tes applications et déconnectes toi .

Relances Hijackthis mais click sur " Do a scan only "
Tu vois donc apparaitre le résultat du scan : une multitudes de lignes ,chacunes précédées d'un carré vide .
Tu vas cliquer sur les carrés des lignes suivantes :

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://fwdservice.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

Tu cliques en bas sur le bouton FIX CHECKED et valides .

2- refais un coup de CCleaner ( registre compris )

3-Télécharge DiagHelp.zip sur ton bureau :

http://www.malekal.com/download/DiagHelp.zip

!! déconnectes toi et fermes toutes tes applications en cours !!

Fais un clic droit sur le fichier et extraire tout .

--> Un nouveau dossier va être créé : "DiagHelp"
Ouvres le et double-clic sur go.cmd et pas sur autre chose ! (le .cmd peut ne pas apparaître )

--> Une fenêtre va s'ouvrir, choisis l'option 1
L'analyse va commencer, ce-ci peut durer quelques minutes, laisses faire et appuies sur une touche quand on te le demandera :
une page IE va s'ouvrir , fermes la .
Re-appuis sur une touche, le bloc-note s'ouvre :
Sauvegardes ce rapport de façon à le retrouver et postes tout son contenu dans ta prochaine réponse ...
0
Réponse 32 / 42
Tintino
2 juil. 2008 à 23:50
Ccleaner a encore trouvé qq clés a problemes dans le registre. Elles ont été corrigées.

Voici donc le prochain rapport que tu m'as demandé :)
(PS : tu as une véritable passion pour les virus, non ? ;) )


DiagHelp version v1.4 - http://www.malekal.com
excute le mer. 02/07/2008 à 23:37:37,31


Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->2/07/2008 23:36:56
C:\WINDOWS\prefetch\WINRAR.EXE-0AA31BB9.pf -->2/07/2008 23:34:34
C:\WINDOWS\prefetch\RUNDLL32.EXE-5560CAC5.pf -->2/07/2008 23:31:28
C:\WINDOWS\prefetch\CCLEANER.EXE-09CFC2BC.pf -->2/07/2008 23:31:16
C:\WINDOWS\prefetch\CTFMON.EXE-05E57A5E.pf -->2/07/2008 23:29:00
C:\WINDOWS\prefetch\IEXPLORE.EXE-2D97EBE6.pf -->2/07/2008 23:28:52
C:\WINDOWS\prefetch\NOTEPAD.EXE-2F2D61E1.pf -->2/07/2008 23:28:08
C:\WINDOWS\prefetch\WGATRAY.EXE-350D4455.pf -->2/07/2008 23:28:02
C:\WINDOWS\prefetch\WUAUCLT.EXE-1360D60A.pf -->2/07/2008 23:27:58
C:\WINDOWS\prefetch\IMAPI.EXE-201490BB.pf -->2/07/2008 23:27:56

C:\WINDOWS\System32\drivers\MiniIcpt.sys -->27/06/2008 22:56:26
C:\WINDOWS\System32\drivers\HookCentre.sys -->27/06/2008 22:56:24
C:\WINDOWS\System32\drivers\bthport.sys -->14/06/2008 19:59:52
C:\WINDOWS\System32\drivers\RMCast.sys -->8/05/2008 14:28:50
C:\WINDOWS\System32\drivers\avipbb.sys -->4/03/2008 13:28:54
C:\WINDOWS\System32\drivers\avgntdd.sys -->21/01/2008 18:12:58
C:\WINDOWS\System32\drivers\avgntmgr.sys -->21/01/2008 18:11:30

C:\WINDOWS\System32\wpa.dbl -->2/07/2008 23:28:00
C:\WINDOWS\System32\nvapps.xml -->2/07/2008 23:26:52
C:\WINDOWS\System32\FNTCACHE.DAT -->29/06/2008 23:48:28
C:\WINDOWS\System32\CONFIG.NT -->29/06/2008 15:54:02
C:\WINDOWS\System32\perfh009.dat -->25/06/2008 23:25:08
C:\WINDOWS\System32\perfc009.dat -->25/06/2008 23:25:08
C:\WINDOWS\System32\MRT.exe -->30/05/2008 1:35:12
C:\WINDOWS\System32\amcompat.tlb -->26/05/2008 22:26:54
C:\WINDOWS\System32\nscompat.tlb -->26/05/2008 22:26:54
C:\WINDOWS\System32\w95inf32.dll -->26/05/2008 22:26:46
C:\WINDOWS\System32\w95inf16.dll -->26/05/2008 22:26:46
C:\WINDOWS\System32\quartz.dll -->7/05/2008 6:55:48
C:\WINDOWS\System32\TG_PVTR.LOG -->26/04/2008 12:55:18
C:\WINDOWS\System32\mshtml.dll -->23/04/2008 22:16:42
C:\WINDOWS\System32\extmgr.dll -->23/04/2008 6:16:40
C:\WINDOWS\System32\advpack.dll -->23/04/2008 6:16:40
C:\WINDOWS\System32\dxtmsft.dll -->23/04/2008 6:16:40
C:\WINDOWS\System32\dxtrans.dll -->23/04/2008 6:16:40
C:\WINDOWS\System32\ieakeng.dll -->23/04/2008 6:16:40
C:\WINDOWS\System32\ieaksie.dll -->23/04/2008 6:16:40
C:\WINDOWS\System32\ieapfltr.dll -->23/04/2008 6:16:40
C:\WINDOWS\System32\iedkcs32.dll -->23/04/2008 6:16:40
C:\WINDOWS\System32\ieframe.dll -->23/04/2008 6:16:40
C:\WINDOWS\System32\iernonce.dll -->23/04/2008 6:16:40
C:\WINDOWS\System32\inetcpl.cpl -->23/04/2008 6:16:40

C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt -->2/07/2008 23:27:42
C:\WINDOWS\wiadebug.log -->2/07/2008 23:27:02
C:\WINDOWS\ComponentList.xml -->2/07/2008 23:26:52
C:\WINDOWS\bootstat.dat -->2/07/2008 23:26:42
C:\WINDOWS\SchedLgU.Txt -->2/07/2008 23:26:00
C:\WINDOWS\wiaservc.log -->2/07/2008 23:26:00
C:\WINDOWS\WindowsUpdate.log -->2/07/2008 17:15:12
C:\WINDOWS\win.ini -->2/07/2008 0:49:48
C:\WINDOWS\system.ini -->30/06/2008 22:23:02
C:\WINDOWS\DUMP47d6.tmp -->27/06/2008 20:16:48
C:\WINDOWS\QTFont.qfn -->22/06/2008 14:11:42
C:\WINDOWS\QTFont.for -->4/06/2008 10:13:10
C:\WINDOWS\err.txt -->26/05/2008 22:26:58
C:\WINDOWS\FISHUI.INI -->26/04/2008 13:32:30
C:\WINDOWS\mozver.dat -->7/02/2008 21:14:36

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed


ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
EXPLORER.EXE pid: 580
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x44080000 0xd0000 7.00.6000.16674 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16674 C:\WINDOWS\system32\iertutil.dll
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x44360000 0x5cd000 7.00.6000.16674 C:\WINDOWS\system32\ieframe.dll
0x44160000 0x127000 7.00.6000.16674 C:\WINDOWS\system32\urlmon.dll
0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL
0x442b0000 0x3c000 7.00.6000.16674 C:\WINDOWS\system32\webcheck.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x10000000 0x8000 0.09.0007.0003 C:\Acer\Empowering Technology\ePower\SysHook.dll
0x01aa0000 0x16000 9.04.0004.1082 C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll
0x01690000 0xa000 2.02.0000.0009 C:\WINDOWS\system32\MSNCHATHOOK.DLL
0x01b30000 0x2f000 2.02.0000.0044 C:\WINDOWS\system32\sysenv.dll
0x74bf0000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\OLEACC.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x01b60000 0x68000 2.02.0000.0011 C:\WINDOWS\system32\CryptoAPI.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x020a0000 0x102000 7.10.3077.0000 C:\WINDOWS\system32\MFC71U.DLL
0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll
0x014e0000 0x33000 1.04.0000.0001 C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL
0x02320000 0x29000 C:\Program Files\WinRAR\rarext.dll
0x021b0000 0x13000 7.00.0000.0011 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
0x02350000 0x7c000 1.00.0000.0026 C:\PROGRA~1\MEDIAT~1\MTShell.dll
0x02af0000 0x14000 2.02.0000.0011 C:\WINDOWS\system32\eDSshellExt.dll
0x7c120000 0x19000 7.10.3077.0000 C:\WINDOWS\system32\ATL71.DLL
0x6bd10000 0x10000 12.00.4518.1014 C:\Program Files\Microsoft Office\Office12\msohevi.dll
0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
WINLOGON.EXE pid: 772
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x01260000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll


Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E1B7-6D53

Répertoire de C:\WINDOWS\system32

10/08/2004 05:00 6.144 csrss.exe
1 fichier(s) 6.144 octets
0 Rép(s) 40.833.974.272 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E1B7-6D53

Répertoire de C:\WINDOWS\Downloaded Program Files

06/11/2006 08:24 <REP> .
06/11/2006 08:24 <REP> ..
15/04/2005 14:45 65 desktop.ini
09/11/2006 14:36 5.019 swflash.inf
04/12/2006 15:16 144 QTPlugin.inf
29/04/2003 16:41 32.768 clearadjust.dll
29/04/2003 16:58 241 clearadj.inf
09/07/2007 12:27 2.377.088 Rawflow.ocx
13/02/2008 17:55 130 live.ini
14/03/2005 14:58 7.073 scanoptions.tsi
16/03/2005 12:34 7.407 lang.ini
25/05/2006 01:21 53.248 ipsupd.dll
25/05/2006 01:21 118.784 bdupd.dll
07/12/2004 17:07 32 libfn.dll
07/12/2004 17:07 32 bdcore.dll
25/10/2007 16:54 471.040 oscan8.ocx
29/10/2007 16:45 1.244 oscan8.inf
11/02/2008 09:39 1.864 OnlineScanner.inf
16 fichier(s) 3.076.179 octets

Total des fichiers listés :
16 fichier(s) 3.076.179 octets
2 Rép(s) 40.833.974.272 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..


Liste des fichiers en exception sur le pare-feu XP SP2

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"="C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"="C:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe:*:Enabled:X-Lite"
"C:\\WINDOWS\\System32\\muzapp.exe"="C:\\WINDOWS\\System32\\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\\Documents and Settings\\Tintino\\Local Settings\\Temp\\WZSE0.TMP\\symnrt.exe"="C:\\Documents and Settings\\Tintino\\Local Settings\\Temp\\WZSE0.TMP\\symnrt.exe:*:Enabled:Symantec Removal Utility"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"



exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
"DisableRegistryTools"=dword:00000000
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000000
"HideStartupScripts"=dword:00000000



Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 23:38:15
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
164 - EHTRAY.EXE
264 - Acer.Empowering
580 - EXPLORER.EXE
672 - EHRECVR.EXE
736 - CSRSS.EXE
772 - WINLOGON.EXE
816 - SERVICES.EXE
828 - LSASS.EXE
980 - AGRSMMSG.EXE
996 - SVCHOST.EXE
1036 - EHSCHED.EXE
1072 - SVCHOST.EXE
1124 - DLLHOST.EXE
1168 - SVCHOST.EXE
1188 - RTHDCPL.EXE
1208 - SVCHOST.EXE
1244 - EVTENG.EXE
1280 - S24EVMON.EXE
1308 - NVSVC32.EXE
1340 - HOTKEYAPP.EXE
1376 - EDSLOADER.EXE
1420 - EPOWER_DMC.EXE
1516 - LVCOMSX.EXE
1568 - CAMERAASSISTANT
1644 - avgnt.exe
1664 - avguard.exe
1724 - SPOOLSV.EXE
1768 - LVPRCSRV.EXE
1788 - sched.exe
1948 - cmd.exe
2000 - MEMCHECK.EXE
2220 - ALG.EXE
2240 - SVCHOST.EXE
2296 - SVCHOST.EXE
2424 - WMIAPSRV.EXE
2520 - ELOCKSERV.EXE
2708 - MCRDSVC.EXE
3068 - WMIPRVSE.EXE
4020 - ctfmon.exe

Total number of processes = 40
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntkrnlpa.exe
806E2000 - \WINDOWS\system32\hal.dll
BADA8000 - \WINDOWS\system32\KDCOM.DLL
BACB8000 - \WINDOWS\system32\BOOTVID.dll
BA6BF000 - sptd.sys
BADAA000 - \WINDOWS\System32\Drivers\WMILIB.SYS
BA6A7000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
BA678000 - ACPI.sys
BA667000 - pci.sys
BA8A8000 - ohci1394.sys
BA8B8000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS
BA8C8000 - isapnp.sys
BACBC000 - compbatt.sys
BACC0000 - \WINDOWS\system32\DRIVERS\BATTC.SYS
BAE70000 - pciide.sys
BAB28000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
BADAC000 - aliide.sys
BADAE000 - intelide.sys
BADB0000 - toside.sys
BADB2000 - viaide.sys
BADB4000 - cmdide.sys
BA8D8000 - MountMgr.sys
BA62A000 - ftdisk.sys
BADB6000 - dmload.sys
BA604000 - dmio.sys
BACC4000 - ACPIEC.sys
BAE71000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
BAB30000 - PartMgr.sys
BACC8000 - UBHelper.sys
BA8E8000 - VolSnap.sys
BACCC000 - cpqarray.sys
BA5EC000 - atapi.sys
BACD0000 - aha154x.sys
BAB38000 - sparrow.sys
BACD4000 - symc810.sys
BA8F8000 - aic78xx.sys
BACD8000 - dac960nt.sys
BA908000 - ql10wnt.sys
BACDC000 - amsint.sys
BAB40000 - asc.sys
BACE0000 - asc3550.sys
BAB48000 - mraid35x.sys
BAB50000 - i2omp.sys
BACE4000 - ini910u.sys
BA918000 - ql1240.sys
BA928000 - aic78u2.sys
BAB58000 - symc8xx.sys
BAB60000 - sym_hi.sys
BAB68000 - sym_u3.sys
BAB70000 - ABP480N5.SYS
BAB78000 - asc3350p.sys
BADB8000 - cd20xrnt.sys
BA938000 - ultra.sys
BA5D3000 - adpu160m.sys
BAB80000 - dpti2o.sys
BA948000 - ql1080.sys
BA958000 - ql1280.sys
BA968000 - ql12160.sys
BAB88000 - perc2.sys
BADBA000 - perc2hib.sys
BAB90000 - hpn.sys
BACE8000 - cbidf2k.sys
BA5A7000 - dac2w2k.sys
BA978000 - disk.sys
BA988000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
BA587000 - fltMgr.sys
BA575000 - sr.sys
BA998000 - PxHelp20.sys
BA552000 - Fastfat.sys
BA53B000 - KSecDD.sys
BA528000 - WudfPf.sys
BA4FB000 - NDIS.sys
BA9A8000 - sisagp.sys
BA9B8000 - viaagp.sys
BA4E0000 - Mup.sys
BA9C8000 - alim1541.sys
BA9D8000 - amdagp.sys
BA9E8000 - agp440.sys
BA9F8000 - agpCPQ.sys
BAA18000 - \SystemRoot\system32\DRIVERS\intelppm.sys
BADA4000 - \SystemRoot\system32\DRIVERS\wmiacpi.sys
B9FEB000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys
B9FD7000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
B9F8A000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys
BAC00000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
B9E0A000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
BAC08000 - \SystemRoot\system32\DRIVERS\usbehci.sys
B9DF9000 - \SystemRoot\system32\DRIVERS\sdbus.sys
BA40C000 - \SystemRoot\system32\DRIVERS\CmBatt.sys
BAA28000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
BAC10000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
B9DCA000 - \SystemRoot\system32\DRIVERS\SynTP.sys
BADBC000 - \SystemRoot\system32\DRIVERS\USBD.SYS
BAC18000 - \SystemRoot\system32\DRIVERS\mouclass.sys
BAA38000 - \SystemRoot\system32\DRIVERS\imapi.sys
BAA48000 - \SystemRoot\system32\DRIVERS\cdrom.sys
BAA58000 - \SystemRoot\system32\DRIVERS\redbook.sys
B9DA7000 - \SystemRoot\system32\DRIVERS\ks.sys
BADBE000 - \SystemRoot\system32\DRIVERS\NTIDrvr.sys
BAFAF000 - \SystemRoot\system32\DRIVERS\audstub.sys
BAAB8000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
BA404000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
B9D90000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
BAAC8000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
BAAD8000 - \SystemRoot\system32\DRIVERS\raspptp.sys
BAC20000 - \SystemRoot\system32\DRIVERS\TDI.SYS
B9CDF000 - \SystemRoot\system32\DRIVERS\psched.sys
BAAE8000 - \SystemRoot\system32\DRIVERS\msgpc.sys
BAC28000 - \SystemRoot\system32\DRIVERS\ptilink.sys
BAC30000 - \SystemRoot\system32\DRIVERS\raspti.sys
B9CAE000 - \SystemRoot\system32\DRIVERS\rdpdr.sys
BAAF8000 - \SystemRoot\system32\DRIVERS\termdd.sys
BADC0000 - \SystemRoot\system32\DRIVERS\swenum.sys
B9C2D000 - \SystemRoot\system32\DRIVERS\update.sys
BA3E8000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
BAB08000 - \SystemRoot\System32\Drivers\NDProxy.SYS
B77DF000 - \SystemRoot\system32\drivers\RtkHDAud.sys
B77BD000 - \SystemRoot\system32\drivers\portcls.sys
BA4D0000 - \SystemRoot\system32\drivers\drmk.sys
B76AA000 - \SystemRoot\system32\DRIVERS\AGRSM.sys
BAC38000 - \SystemRoot\System32\Drivers\Modem.SYS
BA4B0000 - \SystemRoot\system32\DRIVERS\usbhub.sys
BADC6000 - \SystemRoot\System32\Drivers\i2omgmt.SYS
BADC8000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
BA375000 - \SystemRoot\System32\Drivers\Null.SYS
BADCA000 - \SystemRoot\System32\Drivers\Beep.SYS
BAC58000 - \SystemRoot\System32\drivers\vga.sys
BADCC000 - \SystemRoot\System32\Drivers\mnmdd.SYS
BADCE000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
BAC60000 - \SystemRoot\System32\Drivers\Msfs.SYS
BAC68000 - \SystemRoot\System32\Drivers\Npfs.SYS
B9FB3000 - \SystemRoot\system32\DRIVERS\rasacd.sys
B7627000 - \SystemRoot\system32\DRIVERS\ipsec.sys
B75CF000 - \SystemRoot\system32\DRIVERS\tcpip.sys
B757F000 - \SystemRoot\system32\DRIVERS\netbt.sys
B755E000 - \SystemRoot\system32\DRIVERS\ipnat.sys
B753C000 - \SystemRoot\System32\drivers\afd.sys
BA4A0000 - \SystemRoot\system32\DRIVERS\wanarp.sys
BA490000 - \SystemRoot\system32\DRIVERS\netbios.sys
BAC70000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys
B7511000 - \SystemRoot\system32\DRIVERS\rdbss.sys
B74A2000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
B9C9A000 - \SystemRoot\System32\Drivers\Hotkey.SYS
BA470000 - \SystemRoot\System32\Drivers\Fips.SYS
B748F000 - \SystemRoot\system32\DRIVERS\avipbb.sys
BADD2000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
BA450000 - \SystemRoot\system32\drivers\lvusbsta.sys
B72BB000 - \SystemRoot\system32\DRIVERS\lv321av.sys
BA440000 - \SystemRoot\system32\DRIVERS\STREAM.SYS
BAA68000 - \SystemRoot\System32\Drivers\Cdfs.SYS
B72A3000 - \SystemRoot\System32\Drivers\dump_atapi.sys
BADD4000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
B7692000 - \SystemRoot\System32\drivers\Dxapi.sys
BAC78000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
BAEF8000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\nv4_disp.dll
BAC88000 - \SystemRoot\system32\DRIVERS\AegisP.sys
B61D6000 - \SystemRoot\system32\DRIVERS\s24trans.sys
B61B2000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
B567E000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
B4E19000 - \SystemRoot\system32\drivers\wdmaud.sys
B5FFA000 - \SystemRoot\system32\drivers\sysaudio.sys
BAF0B000 - \??\C:\WINDOWS\system32\drivers\epm-psd.sys
B4865000 - \??\C:\WINDOWS\system32\drivers\epm-shd.sys
B4824000 - \SystemRoot\System32\Drivers\HTTP.sys
B4813000 - \??\C:\WINDOWS\system32\drivers\int15.sys
B46F9000 - \SystemRoot\system32\DRIVERS\srv.sys
B46C1000 - \??\C:\WINDOWS\system32\drivers\tvicport.sys
BAEAC000 - \??\C:\WINDOWS\system32\drivers\zntport.sys
B42AD000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
BABC0000 - \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
B7293000 - \??\C:\WINDOWS\system32\Drivers\psdfilter.sys
B3E62000 - \??\C:\WINDOWS\system32\Drivers\psdvdisk.sys
B2112000 - \SystemRoot\system32\DRIVERS\w39n51.sys
BAFD8000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 177

Liste des programmes installes

Acer eDataSecurity Management
Acer eDataSecurity Management 2.0.3076
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePerformance Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Screensaver
Adobe Flash Player ActiveX
Adobe Shockwave Player
Agere Systems HDA Modem
Ant Movie Catalog
Archiveur WinRAR
AutoUpdate
Avira AntiVir Personal – Free Antivirus
CCleaner (remove only)
Correctif n° 2 pour Windows XP Édition Media Center 2005
Correctif pour Lecteur Windows Media 11 (KB939683)
Correctif pour Windows Internet Explorer 7 (KB947864)
Correctif pour Windows XP (KB888795)
Correctif pour Windows XP (KB891593)
Correctif pour Windows XP (KB896256)
Correctif pour Windows XP (KB899337)
Correctif pour Windows XP (KB899510)
Correctif pour Windows XP (KB902841)
Correctif pour Windows XP (KB914440)
Correctif pour Windows XP (KB935448)
Correctif Windows XP - KB873339
Correctif Windows XP - KB885835
Correctif Windows XP - KB885836
Correctif Windows XP - KB885855
Correctif Windows XP - KB886185
Correctif Windows XP - KB887472
Correctif Windows XP - KB888239
Correctif Windows XP - KB888302
Correctif Windows XP - KB890859
Correctif Windows XP - KB891781
Correctif Windows XP - KB895961
DivX Codec
DivX Content Uploader
DivX Player
DivX Web Player
Entraînez votre logique et votre raisonnement
Foxit Reader
Frozen-Bubble 1.0
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
IrfanView (remove only)
iWizz
IziSpot 4.10
Java(TM) 6 Update 5
Launch Manager V1.1.0.3
Lecteur Windows Media 11
Logiciel Acer OrbiCam
Logiciel Intel(R) PROSet/Wireless
mCore
Media Tagger v1.3.5
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (French) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Groove MUI (French) 2007
Microsoft Office InfoPath MUI (French) 2007
Microsoft Office OneNote MUI (French) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office PowerPoint Viewer 2007 (French)
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Software Update for Web Folders (French) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
Mise à jour de sécurité pour Windows XP (KB893756)
Mise à jour de sécurité pour Windows XP (KB896358)
Mise à jour de sécurité pour Windows XP (KB896423)
Mise à jour de sécurité pour Windows XP (KB896424)
Mise à jour de sécurité pour Windows XP (KB896428)
Mise à jour de sécurité pour Windows XP (KB899587)
Mise à jour de sécurité pour Windows XP (KB899591)
Mise à jour de sécurité pour Windows XP (KB900725)
Mise à jour de sécurité pour Windows XP (KB901017)
Mise à jour de sécurité pour Windows XP (KB901190)
Mise à jour de sécurité pour Windows XP (KB901214)
Mise à jour de sécurité pour Windows XP (KB902400)
Mise à jour de sécurité pour Windows XP (KB904706)
Mise à jour de sécurité pour Windows XP (KB905414)
Mise à jour de sécurité pour Windows XP (KB905749)
Mise à jour de sécurité pour Windows XP (KB908519)
Mise à jour de sécurité pour Windows XP (KB911562)
Mise à jour de sécurité pour Windows XP (KB911567)
Mise à jour de sécurité pour Windows XP (KB911927)
Mise à jour de sécurité pour Windows XP (KB912919)
Mise à jour de sécurité pour Windows XP (KB913580)
Mise à jour de sécurité pour Windows XP (KB914388)
Mise à jour de sécurité pour Windows XP (KB914389)
Mise à jour de sécurité pour Windows XP (KB917344)
Mise à jour de sécurité pour Windows XP (KB917422)
Mise à jour de sécurité pour Windows XP (KB917953)
Mise à jour de sécurité pour Windows XP (KB918118)
Mise à jour de sécurité pour Windows XP (KB918439)
Mise à jour de sécurité pour Windows XP (KB919007)
Mise à jour de sécurité pour Windows XP (KB920213)
Mise à jour de sécurité pour Windows XP (KB920214)
Mise à jour de sécurité pour Windows XP (KB920670)
Mise à jour de sécurité pour Windows XP (KB920683)
Mise à jour de sécurité pour Windows XP (KB920685)
Mise à jour de sécurité pour Windows XP (KB921398)
Mise à jour de sécurité pour Windows XP (KB921503)
Mise à jour de sécurité pour Windows XP (KB922616)
Mise à jour de sécurité pour Windows XP (KB922760)
Mise à jour de sécurité pour Windows XP (KB922819)
Mise à jour de sécurité pour Windows XP (KB923191)
Mise à jour de sécurité pour Windows XP (KB923414)
Mise à jour de sécurité pour Windows XP (KB923689)
Mise à jour de sécurité pour Windows XP (KB923694)
Mise à jour de sécurité pour Windows XP (KB923980)
Mise à jour de sécurité pour Windows XP (KB924191)
Mise à jour de sécurité pour Windows XP (KB924270)
Mise à jour de sécurité pour Windows XP (KB924496)
Mise à jour de sécurité pour Windows XP (KB924667)
Mise à jour de sécurité pour Windows XP (KB925454)
Mise à jour de sécurité pour Windows XP (KB925486)
Mise à jour de sécurité pour Windows XP (KB925902)
Mise à jour de sécurité pour Windows XP (KB926255)
Mise à jour de sécurité pour Windows XP (KB926436)
Mise à jour de sécurité pour Windows XP (KB927779)
Mise à jour de sécurité pour Windows XP (KB927802)
Mise à jour de sécurité pour Windows XP (KB928255)
Mise à jour de sécurité pour Windows XP (KB928843)
Mise à jour de sécurité pour Windows XP (KB929123)
Mise à jour de sécurité pour Windows XP (KB930178)
Mise à jour de sécurité pour Windows XP (KB931261)
Mise à jour de sécurité pour Windows XP (KB931784)
Mise à jour de sécurité pour Windows XP (KB932168)
Mise à jour de sécurité pour Windows XP (KB933729)
Mise à jour de sécurité pour Windows XP (KB935839)
Mise à jour de sécurité pour Windows XP (KB935840)
Mise à jour de sécurité pour Windows XP (KB936021)
Mise à jour de sécurité pour Windows XP (KB937894)
Mise à jour de sécurité pour Windows XP (KB938829)
Mise à jour de sécurité pour Windows XP (KB941202)
Mise à jour de sécurité pour Windows XP (KB941568)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB941644)
Mise à jour de sécurité pour Windows XP (KB941693)
Mise à jour de sécurité pour Windows XP (KB943055)
Mise à jour de sécurité pour Windows XP (KB943460)
Mise à jour de sécurité pour Windows XP (KB943485)
Mise à jour de sécurité pour Windows XP (KB944653)
Mise à jour de sécurité pour Windows XP (KB945553)
Mise à jour de sécurité pour Windows XP (KB946026)
Mise à jour de sécurité pour Windows XP (KB948590)
Mise à jour de sécurité pour Windows XP (KB948881)
Mise à jour de sécurité pour Windows XP (KB950749)
Mise à jour de sécurité pour Windows XP (KB950760)
Mise à jour de sécurité pour Windows XP (KB950762)
Mise à jour de sécurité pour Windows XP (KB951376-v2)
Mise à jour de sécurité pour Windows XP (KB951376)
Mise à jour de sécurité pour Windows XP (KB951698)
Mise à jour pour Lecteur Windows Media 10 (KB913800)
Mise à jour pour Lecteur Windows Media 10 (KB926251)
Mise à jour pour Windows XP (KB894391)
Mise à jour pour Windows XP (KB898461)
Mise à jour pour Windows XP (KB900485)
Mise à jour pour Windows XP (KB904942)
Mise à jour pour Windows XP (KB908531)
Mise à jour pour Windows XP (KB910437)
Mise à jour pour Windows XP (KB911280)
Mise à jour pour Windows XP (KB912945)
Mise à jour pour Windows XP (KB916595)
Mise à jour pour Windows XP (KB920872)
Mise à jour pour Windows XP (KB922582)
Mise à jour pour Windows XP (KB927891)
Mise à jour pour Windows XP (KB929338)
Mise à jour pour Windows XP (KB930916)
Mise à jour pour Windows XP (KB931836)
Mise à jour pour Windows XP (KB932823-v3)
Mise à jour pour Windows XP (KB933360)
Mise à jour pour Windows XP (KB936357)
Mise à jour pour Windows XP (KB938828)
Mise à jour pour Windows XP (KB942763)
mMHouse
Mozilla Firefox (3.0)
Mozilla Thunderbird (2.0.0.14)
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
mWlsSafe
mXML
NewsLeecher v3.8 Final
NTI Backup NOW! 4.5
NTI CD & DVD-Maker
NTI CD & DVD-Maker
NVIDIA Drivers
PDFCreator
POP Peeper
PowerDVD
PowerProducer
Programme de gestion Acer OrbiCam
QuickTime Alternative 2.1.1
Realtek High Definition Audio Driver
Samsung Media Studio
Sonic Encoders
Synaptics Pointing Device Driver
TELL ME MORE
Texas Instruments PCIxx21/x515 drivers.
TIxx21
VideoLAN VLC media player 0.8.6
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
X-Lite 3.0
X-Lite 3.0



Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E1B7-6D53

Répertoire de C:\Program Files

06/11/2006 08:25 <REP> .
06/11/2006 08:25 <REP> ..
08/12/2006 22:36 <REP> Acer
09/06/2006 15:01 <REP> Acer Inc
17/12/2006 16:34 <REP> Ant Movie Catalog
26/05/2008 22:26 <REP> Auralog
30/06/2008 23:34 <REP> Avira
30/06/2008 23:04 <REP> CCleaner
15/04/2005 14:42 <REP> ComPlus Applications
18/03/2008 23:53 <REP> CounterPath
09/12/2006 04:28 <REP> CyberLink
29/01/2007 23:31 <REP> DivX
28/06/2008 11:29 <REP> DJ Mix Pro
15/04/2005 14:37 <REP> Fichiers communs
28/12/2006 22:30 <REP> Foxit Software
04/03/2008 22:31 <REP> Frozen-Bubble
06/10/2007 20:23 <REP> Happyneuron
09/06/2006 14:20 <REP> Intel
15/04/2005 14:44 <REP> Internet Explorer
12/03/2008 21:34 <REP> IrfanView
03/06/2008 22:59 <REP> iWizz
27/10/2007 18:38 <REP> JAlbumWin
13/12/2006 23:07 <REP> Java
08/12/2006 22:31 <REP> Launch Manager
27/10/2007 18:47 <REP> Maïdo Production
26/04/2008 12:54 <REP> MarkAny
10/02/2007 17:40 <REP> Media Tagger
15/04/2005 14:41 <REP> Messenger
15/04/2005 14:47 <REP> microsoft frontpage
10/12/2006 16:46 <REP> Microsoft Office
28/12/2006 21:55 <REP> Microsoft.NET
15/04/2005 14:41 <REP> Movie Maker
18/01/2008 22:48 <REP> Mozilla Firefox
20/04/2007 00:40 <REP> Mozilla Thunderbird
20/01/2007 17:19 <REP> MSECache
15/04/2005 14:41 <REP> MSN
15/04/2005 14:41 <REP> MSN Gaming Zone
10/12/2006 23:49 <REP> MSXML 4.0
15/04/2005 14:44 <REP> NetMeeting
29/05/2008 21:46 <REP> NewsLeecher
09/06/2006 15:01 <REP> NewTech Infosystems
15/04/2005 14:44 <REP> Outlook Express
21/06/2007 20:26 <REP> PDFCreator
24/01/2007 21:31 <REP> POP Peeper
04/06/2008 10:29 <REP> QuickTime Alternative
09/06/2006 14:23 <REP> Realtek
26/04/2008 12:54 <REP> Samsung
15/04/2005 14:45 <REP> Services en ligne
07/02/2008 23:52 <REP> SINTEC
09/06/2006 14:23 <REP> Synaptics
29/06/2008 18:34 <REP> Trend Micro
18/12/2006 23:36 <REP> VideoLAN
12/11/2007 23:53 <REP> Windows Live
17/12/2006 13:54 <REP> Windows Media Connect 2
15/04/2005 14:42 <REP> Windows Media Player
15/04/2005 14:41 <REP> Windows NT
15/04/2005 14:42 <REP> Windows Plus
08/12/2006 22:35 <REP> WinPCap
13/12/2006 23:29 <REP> WinRAR
15/04/2005 14:47 <REP> xerox
08/12/2006 22:40 <REP> Yahoo!
0 fichier(s) 0 octets
61 Rép(s) 40.677.015.552 octets libres
Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E1B7-6D53

Répertoire de C:\Program Files\fichiers communs

06/11/2006 08:25 <REP> .
06/11/2006 08:25 <REP> ..
15/04/2005 14:37 <REP> Microsoft Shared
15/04/2005 14:37 <REP> SpeechEngines
15/04/2005 14:37 <REP> ODBC
15/04/2005 14:44 <REP> System
15/04/2005 14:44 <REP> MSSoap
15/04/2005 14:44 <REP> Services
09/06/2006 14:23 <REP> InstallShield
09/06/2006 15:01 <REP> NewTech Infosystems
09/06/2006 15:02 <REP> muvee Technologies
09/06/2006 15:23 <REP> Symantec Shared
08/12/2006 22:37 <REP> Acer
08/12/2006 22:37 <REP> Logitech
13/12/2006 23:07 <REP> Java
28/12/2006 21:55 <REP> DESIGNER
18/03/2008 23:53 <REP> Intel
0 fichier(s) 0 octets
17 Rép(s) 40.678.031.360 octets libres
Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E1B7-6D53

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

06/11/2006 08:25 <REP> .
06/11/2006 08:25 <REP> ..
07/03/2001 07:00 127.033 MSOWS40c.DLL
03/06/1999 12:09 122.937 MSOWS409.DLL
17/12/2006 16:51 <REP> 1033
11/07/2003 02:25 80.448 PKMWS.DLL
28/12/2006 21:52 <REP> 1036
26/10/2006 19:49 970.528 MSONSEXT.DLL
4 fichier(s) 1.300.946 octets
4 Rép(s) 40.678.031.360 octets libres




c:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\English\setup.exe
c:\Documents and Settings\Tintino\Bureau\C-fix.exe
c:\Documents and Settings\Tintino\Bureau\elibagla.exe
c:\Documents and Settings\Tintino\Bureau\emoticones.exe
c:\Documents and Settings\Tintino\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\Tintino\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\Tintino\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\Tintino\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Tintino\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\Tintino\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\Tintino\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\Tintino\Bureau\DiagHelp\gzip.exe
c:\Documents and Settings\Tintino\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Tintino\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\Tintino\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Tintino\Bureau\DiagHelp\md5sums.exe
c:\Documents and Settings\Tintino\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\Tintino\Bureau\DiagHelp\sigcheck.exe
c:\Documents and Settings\Tintino\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\Tintino\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\Tintino\Bureau\DiagHelp\tar.exe
c:\Documents and Settings\Tintino\Bureau\KillB\Proc\mdelk.exe
c:\Documents and Settings\Tintino\Bureau\KillB\tools\bOo.exe
c:\Documents and Settings\Tintino\Bureau\KillB\tools\swreg.exe
c:\Documents and Settings\Tintino\Application Data\U3\temp\Launchpad Removal.exe
c:\Documents and Settings\Tintino\Application Data\U3\000015793C61F74A\LaunchPad.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aecore.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeemu.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aegen.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aehelp.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeheur.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeoffice.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aepack.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aerdl.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aescn.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aescript.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aevdf.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
c:\Documents and Settings\Tintino\Application Data\U3\000015793C61F74A\u3dapi10.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_TINTINOBILE.tar.gz a l'adresse http://upload.malekal.com
0
Réponse 33 / 42
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
3 juil. 2008 à 00:20
vu ...

1- Télécharges OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
ou http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

Déconnectes toi et fermes toute tes applications en cours .

clic double sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,

C:\WINDOWS\System32\advpack.dll
C:\Documents and Settings\Tintino\Bureau\KillB

et colles-la dans le cadre de gauche de OTMoveIt2 :
Paste standard List of Files/Folders to be moved.

cliques sur MoveIt! pour lancer la suppression.
le résultat apparaîtra dans le cadre Results.

cliques sur Exit pour fermer.
--->postes le rapport situé dans " C:\OTMoveIt\MovedFiles."

il te sera peut-être demandé de redémarrer le pc pour achever la suppression.
si c'est le cas acceptes par "Yes".

2- Télécharges ToolsCleaner (de A.Rothstein) sur ton Bureau.
http://pc-system.fr/

Lances le .
*Cliques sur Recherche et laisses le scan se terminer (cela peut être long).
*Cliques sur Suppression pour finaliser.
*Tu peux, si tu le souhaites, te servir des Options facultatives
*Click sur "quitter" pour générer un rapport :
---> Postes le (TCleaner.txt), il se trouve à la racine de ton disque dur (C:\).

Note : Ce petit soft va te nettoyer tout les trucs dont on c'est servi pour la désinfection ( tu n'en as plus besion ! ) .
Supprimes tout les outils , dossiers ou rapports consernant la désinfection que Toolsclaener2 n'a pas supprimé .

Puis enfin supprimes Toolscleaner2 ... ( gardes CCleaner : très utile ! )

3-Restauration système
*Désactives ta restauration :
Cliques droit sur poste de travail/propriétés/Restauration système/coche la case désactiver la restauration, appliquer, OK
--->Redémarres ton PC
*Réactives ta restauration :
Cliques droit sur poste de travail/propriétés/Restauration système/décoche la case désactiver la restauration, appliquer, OK
--->Redémarres ton PC

4- une dernière vérife avant de finaliser :
Fais un scan antivirus en ligne, avec Internet Explorer et accepter l'ActiveX :
https://www.bitdefender.fr/
(pour le rapport ,qui est un doc IE , clik sur l'onglet "plus de détailles" : et à la fin du scan tu demandes à le sauvegarder sur ton bureau)

--->fais un copier/coller et postes le rapport dans ta prochaine réponse ...

Aide : En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
Dans la nouvelle fenêtre, clique sur j’accepte .
La fenêtre change encore, clique sur scanner .
Les signatures se chargent, etc.
(aide en image : http://www.commentcamarche.net/faq/sujet 8872 scanner en ligne avec bitdefender)


Voilà , ... j'attends donc ces trois rapports et on termine ensuite ... ^^

PS : tu as une véritable passion pour les virus, non ? ;)
---> pour les virus, non ... pour les supprimés , je ne dirais pas une passion , mais plutôt un hobby très prenant =)
0
Réponse 34 / 42
Tintino
3 juil. 2008 à 00:31
ok
pas mal de boulot pour cette étape
je te donnerai des nouvelles demain soir au plus tot alors car pour aujourd'hui, ca sera trop juste :(

Encore un tout grand MERCI pour ton dévouement , en tout cas !!

C'est une bien belle passion que tu as la... D'autant plus qu'elle est positive pour la communauté :)

NB : je suppose que tu n'as pas d'idée pour mon bouton "4 directions" qui ne fonctionne tjs pa depuis ce satané virus ? :-s

Bonne soirée et a demain pr les résultats, Ske69
0
Réponse 35 / 42
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
3 juil. 2008 à 01:03
tu n'as pas d'idée pour mon bouton "4 directions" ---> pour l'instant non ... mais on verra cela à la fin ;)

A demain ...
0
Réponse 36 / 42
Tintino
3 juil. 2008 à 20:08
Salut Ske69 ,

la forme ? ?

Alors, me voilà comme promis avec mes "devoirs" casi terminés :)
J'ai déjà 2 logs à te proposer (en attendant que je fasse le scan online)

==============
Rapport OTMoveIt :
==============

DllUnregisterServer procedure not found in C:\WINDOWS\System32\advpack.dll
C:\WINDOWS\System32\advpack.dll NOT unregistered.
C:\WINDOWS\System32\advpack.dll moved successfully.
C:\Documents and Settings\Tintino\Bureau\KillB\tools moved successfully.
C:\Documents and Settings\Tintino\Bureau\KillB\Proc moved successfully.
C:\Documents and Settings\Tintino\Bureau\KillB moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07032008_192641



===============
Rapport ToolsCleaner :
===============

-->- Recherche:

C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Tintino\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Tintino\Bureau\EliBaglA.exe: trouvé !
C:\Documents and Settings\Tintino\Bureau\OtMoveIt2.exe: trouvé !
C:\Documents and Settings\Tintino\Bureau\DiagHelp: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Tintino\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Tintino\Bureau\EliBaglA.exe: supprimé !
C:\Documents and Settings\Tintino\Bureau\OtMoveIt2.exe: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\Tintino\Bureau\DiagHelp: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !



PS : Le dossier _OtMoveIt a pu être supprimé après restart du PC



Je vais maintenant lancer le scan online et te l'envoie dans le prochain post

PS 2 : Autre anomalie depuis 1 ou 2 jours : j'ai un message d'erreur quand je ferme Thunderbird. Je vais peut etre essayer de le réinstaller ...
0
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
3 juil. 2008 à 20:12
vu ;-)
0
Réponse 37 / 42
Tintino
3 juil. 2008 à 21:09
Et .... tadaaaaaaaaaaaaaa . . .. . Voila le rapport BitDefender

ON dirait bien qu'il n'y a plus de virus, hein? :-)

BitDefender Online Scanner



Rapport d'analyse généré à: Thu, Jul 03, 2008 - 20:36:49





Voie d'analyse: C:\;D:\;E:\;



Statistiques

Temps
00:27:01

Fichiers
40819

Directoires
4832

Secteurs de boot
4

Archives
700

Paquets programmes
3230




Résultats

Virus identifiés
0

Fichiers infectés
0

Fichiers suspects
0

Avertissements
0

Désinfectés
0

Fichiers effacés
0




Info sur les moteurs

Définition virus
1328593

Version des moteurs
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Analyse des plugins
16

Archive des plugins
42

Unpack des plugins
7

E-mail plugins
6

Système plugins
5




Paramètres d'analyse

Première action
Désinfecté

Seconde Action
Supprimé

Heuristique
Oui

Acceptez les avertissements
Oui

Extensions analysées
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Excludez les extensions


Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui




Fichier analysé
Statut

Aucun virus trouvé
0
Réponse 38 / 42
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
3 juil. 2008 à 21:14
Plutôt encourageant, non ? ^^

Fait ce petit check up vu l'infection , c'est plus que conseillé ( ensuite on verra si il demeure encore des prb ) :

-Nettoyage et Défragmentation de tes Disques
*Nettoyage :
Clic droit sur "poste de travail" ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Général"
Cliques sur le bouton "nettoyage de disque", OK
tu le fais pour chacun de tes disques

*Vérifications des erreurs :
Clic droit sur "poste de travail" ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Outil"
"Vérifier maintenant", une boîte s'ouvre, cocher les cases :
-réparer automatiquement les erreurs...
-rechercher et tenter une récupération...
--->Démarrer, ok
Note : s'il te dis de redémarrer ton Pc pour le faire , tu redémarres et tu laisses faire, cela prend un peu de temps c'est normal
tu le fais pour chacun de tes disques

ensuite toujours dans le même onglet tu choisis :
*Défragmentation :
"défragmenter maintenant", OK
une boîte s'ouvre, tu sélectionnes le disque à défragmenter, et tu cliques sur "analyser", puis après l'analyse, "défragmenter" . OK
tu le fais pour chacun de tes disques

une fois cela terminé , re-testes ton PC et dis moi ce que cela à donné ...
0
Réponse 39 / 42
Tintino
6 juil. 2008 à 22:38
Helllooo Ske69,

après quelques jours de silence, me revoilààà !!
Alors, j'ai fait tout e que tu m'as dit : nettoyage, vérifs des erreurs et Enfin la defrag !
tout s'est bien passé (la defrag des 2 partitions a pris beauuuuucoup de temps, mais a finalement été jusqu'au bout ! Yesss)

Et pour mon prob de touchpat, j'ai trouvé la solution : j'ai tout simplement recherché le driver synaptics et l'ai réinstallé
en fait, je CROIS que c'est un des fichiers qui avait été infecté et viré (synTH) et que c'est pour cela qu'il l'annait plus complètement
Donc, maintenant, même cela, ca fonctionne !!

J'ai encore juste de temps a autre mon thunderbird qui se ferme avec un message d'erreur, mais pour cela, je vais essayer de le réinstaller, je pense.

Bref, tout tes conseils ont été d'une précieuse aide et sans toi, je ne serai pas arrivé au bout de ce virus (pourtant, je bosse dans l'IT et au boulo, j'ai parfois en face de moi des PC utilisateurs qui sont infecté et je suis tjs parvenu a virer les virus, mais jamais ca n'avait été Baggle)

Donc, un TOUT grand merci !!!

A moins que tu aies quelque chose de supplémentaire à me conseiller, je crois que nosu sommes arrivé au bout :)
0
Réponse 40 / 42
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
6 juil. 2008 à 22:51
Salut,
content de t'avoir rendu service ^^ tout le plaisir fut pour moi ...

C'est sur qu'avec un bagle, les choses ne sont pas simples ;)

Pour ton jeu , je pense qu'une réinstalle est à tenter ....

Je te donne pour finir quelques infos intéressantes pour toi et ton PC :
( à potasser tranquillement mais à prendre en compte tout de même ... )
=========================================================================

=> Comportement à adopter avec son PC : http://assiste.com.free.fr/p/abc/a/safe_cex.html

=> Surveillance :
Effectue des scan réguliers de surveillance (une fois tous les 15 jours, par exemple) avec ton antivirus puis avec ton anti-spyware (après les avoir mis à jour bien sur !) et supprime ce qu'ils peuvent trouver (où mets en quarantaine, en pensant à la vider ultérieurement).

=========================================================================

=> Il faut mettre a jour la console Java régulièrement aussi :

Rends toi sur https://www.java.com/fr/download/manual.jsp et télécharge la dernière version (si ta version actuelle n'est pas à jour) ou ici https://filehippo.com/download_jre_32/?ex=CORE-116.0
Après avoir installé la dernière version, désinstalle les anciennes versions (de Java) afin d’éliminer les failles de sécurité présentes dans ces anciennes versions.
via Démarrer / Paramètres / Panneau de config / et dans Ajout/Suppression de programmes navigue jusqu'aux anciennes versions de la console Java qui s'y trouvent, puis clique sur « Supprimer », suis les invites de commandes dans la boite de dialogue qui va s'ouvrir afin d'amener la désinstallation à son terme.
Fais cela pour chacune d'elles, une à une, fais redémarrer ton PC quand cela te sera demandé .
Retourne ensuite chez Java ci-dessus et clique sur le bouton "Vérifier l'installation" pour t'assurer que tout est en ordre.

=========================================================================

=> Rappel sur les principales causes d'infection :

* L'utilisation de cracks ou keygens est à proscrire, de même que le surf sur les sites de téléchargement de ceux-ci :

Les dangers des cracks : http://forum.malekal.com/ftopic893.php

Le crack dans toute sa splendeur, journal d'une infection attendue :
https://forum.zebulon.fr/topic/93281-pr%C3%A9vention-le-crack-dans-toute-sa-splendeur/

* Le P2P ( l'utilisation de logiciels comme eMule, Sharazaa, LimeWire, Bit torrent):

Les conséquences du P2P : https://forum.zebulon.fr/topic/85544-pr%C3%A9vention-le-p2p-et-ses-cons%C3%A9quences/

Pourquoi éviter le P2P : http://www.speedweb1.org/forum-tesgaz/viewtopic.php?t=1793
https://lexpansion.lexpress.fr/actualite-economique/

* Prévention sur deux autres types d'infection d'actualité :

MSN prévention : https://forum.zebulon.fr/topic/130590-infection-par-msn-ou-wlm/

Infection par supports amovibles (clefs usb, flash, DD externes ..) https://forum.zebulon.fr/topic/131959-infections-par-supports-amovibles/
https://forum.malekal.com/viewtopic.php?f=45&t=5544

=========================================================================
( merci le sioux )


Voilà ....

Bonne continuation à toi =)

A+
0

Discussions similaires

Google Chrome "  Échec de l'analyse antivirus "
jmpower -
RBmoon -

18 réponses
Nom de champs du tableau croisé dynamique non valide
Kazooie123 -
SajDri -

6 réponses
Blocage sur tableau Excel par la mention "La référence n'est pas valide
OBP-P75 -
DjiDji59430 -

1 réponse
Pb Windows 7, .EXE n'est pas app win32 valide
Witeric -
Lio -

15 réponses
Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses