Se connecter / S'enregistrer
Votre question

VIRUS BAGLE

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
29 Novembre 2008 17:38:24

Bonjour à tous,

Je me suis aperçu hier que mon antivirus avast ne tournait plus.
Mon pc rame comme pas possible.
J'ai essayé de lancer mon antivirus mais il me met un message d'erreur : "C:\Program Files\Alwil Software\Avast4\ashavast.exe n'est pas une application win32 valide"
J'ai lancé ELIBAGLA ComboFix ainsi que ComboFix
et voici les rapports :

Rapport HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:55:01, on 29/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\drivers\inf\svchost.exe
C:\WINDOWS\system32\drivers\inf\svchost.exe
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\oracle\ora92\bin\agntsrvc.exe
C:\oracle\ora92\Apache\Apache\apache.exe
C:\oracle\ora92\BIN\TNSLSNR.exe
C:\WINDOWS\system32\cmd.exe
C:\oracle\ora92\bin\dbsnmp.exe
c:\oracle\ora92\bin\ORACLE.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\oracle\ora92\Apache\Apache\apache.exe
C:\oracle\ora92\jdk\bin\java.exe
C:\oracle\ora92\jdk\bin\java.exe
c:\oracle\ora92\bin\isqlplus
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/229?2237dd14d4c04700b56d3597d73310a8
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/230?2237dd14d4c04700b56d3597d73310a8
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Windows Support (KAV) - ClassicsExperience - C:\WINDOWS\system32\drivers\inf\svchost.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92Agent - Oracle Corporation - C:\oracle\ora92\bin\agntsrvc.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: OracleOraHome92HTTPServer - Unknown owner - C:\oracle\ora92\Apache\Apache\apache.exe
O23 - Service: OracleOraHome92PagingServer - Unknown owner - C:\oracle\ora92/bin/pagntsrv.exe
O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - C:\oracle\ora92\BIN\ENCSVC.EXE
O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - C:\oracle\ora92\BIN\AGNTSVC.EXE
O23 - Service: OracleOraHome92TNSListener - Unknown owner - C:\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: OracleServiceBDAGH - Oracle Corporation - c:\oracle\ora92\bin\ORACLE.EXE
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/AGH/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 10632 bytes


Rapport ComboFix :

ComboFix 08-11-28.03 - AGH 2008-11-29 16:12:30.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.500 [GMT 1:00]
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\documents and settings\AGH\Application Data\m
c:\documents and settings\AGH\Application Data\m\data.oct
c:\documents and settings\AGH\Application Data\m\flec006.exe
c:\documents and settings\AGH\Application Data\m\list.oct
c:\documents and settings\AGH\Application Data\m\shared\3D Ghost Manor Screensaver Mac OS 8 and 9 1.3.zip
c:\documents and settings\AGH\Application Data\m\shared\3D Summer Butterflies 3.5.zip
c:\documents and settings\AGH\Application Data\m\shared\A_Smaller_Image_3.1.zip
c:\documents and settings\AGH\Application Data\m\shared\Active_Media_Eclipse_4.1_Key+Serial.zip
c:\documents and settings\AGH\Application Data\m\shared\AidProject M+E 06.09.01.zip
c:\documents and settings\AGH\Application Data\m\shared\AIM_6.2.32.1_Beta.zip
c:\documents and settings\AGH\Application Data\m\shared\AKS_Dup_Finder_1.0.zip
c:\documents and settings\AGH\Application Data\m\shared\Alchameze GrabPic 1.0.zip
c:\documents and settings\AGH\Application Data\m\shared\All_To_MP3_Converter_2.0.zip
c:\documents and settings\AGH\Application Data\m\shared\ALO_Audio_Editor_2007_3.1.27.zip
c:\documents and settings\AGH\Application Data\m\shared\ANASIL_Network_Analyzer_2.2_(Key).zip
c:\documents and settings\AGH\Application Data\m\shared\Anonymous_Surfing_2.0.4_Crack.zip
c:\documents and settings\AGH\Application Data\m\shared\Astrology.com_LoveScope_1.0.zip
c:\documents and settings\AGH\Application Data\m\shared\Austria Traffic Cameras 1.0.zip
c:\documents and settings\AGH\Application Data\m\shared\Auto_Reboot_Remover_1.0.zip
c:\documents and settings\AGH\Application Data\m\shared\AutoSiteGallery 1.6.zip
c:\documents and settings\AGH\Application Data\m\shared\AVG.Anti-Virus.v7.1.371.Incl.Keygen-SSG.zip
c:\documents and settings\AGH\Application Data\m\shared\Awady_EasyTrial_1.zip
c:\documents and settings\AGH\Application Data\m\shared\Aye Text to MP3 3.0.zip
c:\documents and settings\AGH\Application Data\m\shared\BabyaCAD_1.0.zip
c:\documents and settings\AGH\Application Data\m\shared\BodyTrans_2.1.4.zip
c:\documents and settings\AGH\Application Data\m\shared\BootMaster_Partition_Recovery_PLUS_4.01.zip
c:\documents and settings\AGH\Application Data\m\shared\Brushes_Pack_1_-_WavyLines_for_Illustrator_1.0_[Crack].zip
c:\documents and settings\AGH\Application Data\m\shared\Buy Estate toolbar for IE 4.5.134.0.zip
c:\documents and settings\AGH\Application Data\m\shared\CeExplorer_(CE_Palmtop)_1.2.zip
c:\documents and settings\AGH\Application Data\m\shared\Cinematheca 1.0.zip
c:\documents and settings\AGH\Application Data\m\shared\CMB_Audio_Player_2.0.0_(Patch).zip
c:\documents and settings\AGH\Application Data\m\shared\CodeThatScroller 1.2.6.zip
c:\documents and settings\AGH\Application Data\m\shared\Connection Manager 3.2.zip
c:\documents and settings\AGH\Application Data\m\shared\ContactSafe 1.0.zip
c:\documents and settings\AGH\Application Data\m\shared\Cool_Video_Converter_5.3.zip
c:\documents and settings\AGH\Application Data\m\shared\Coupon Craze - Coupon Notifier 1.6.zip
c:\documents and settings\AGH\Application Data\m\shared\Cyber Cafe Administrator 1.1.zip
c:\documents and settings\AGH\Application Data\m\shared\Date Reminder 3.0 [Key+Serial].zip
c:\documents and settings\AGH\Application Data\m\shared\DeepAnalysis_1.10.14.zip
c:\documents and settings\AGH\Application Data\m\shared\DEKSI SmartCheck 2.0 [Serial].zip
c:\documents and settings\AGH\Application Data\m\shared\DIN Settings Calculator 1.1.zip
c:\documents and settings\AGH\Application Data\m\shared\DS_Applets_2.28_(Patch).zip
c:\documents and settings\AGH\Application Data\m\shared\DVD_and_CD_Designer_5.0.3.zip
c:\documents and settings\AGH\Application Data\m\shared\DVDXStudio 1.0.zip
c:\documents and settings\AGH\Application Data\m\shared\DWG_DXF_Convert_Command_Line_1.3.1.zip
c:\documents and settings\AGH\Application Data\m\shared\dwpMaster_2.5.zip
c:\documents and settings\AGH\Application Data\m\shared\Easiestutils DVD to iPhone converter 4.9.0.65.zip
c:\documents and settings\AGH\Application Data\m\shared\EmailUnlimited 7.5.20.zip
c:\documents and settings\AGH\Application Data\m\shared\EMCO Acrobat Reader Deploy 6.x.zip
c:\documents and settings\AGH\Application Data\m\shared\ePlum_OfficeCapture_2.1.0_[Cracked].zip
c:\documents and settings\AGH\Application Data\m\shared\eSTOP_3.30_(Cracked).zip
c:\documents and settings\AGH\Application Data\m\shared\EZ_Backup_Excel_Basic_4.7_[Serial].zip
c:\documents and settings\AGH\Application Data\m\shared\EZ_Outlook_Backup_Premium_3.zip
c:\documents and settings\AGH\Application Data\m\shared\febooti_ieZoom_toolbar_1.4_[Cracked].zip
c:\documents and settings\AGH\Application Data\m\shared\File Spliter 1.0.0.8.zip
c:\documents and settings\AGH\Application Data\m\shared\FileTouch.zip
c:\documents and settings\AGH\Application Data\m\shared\Fileusage_2.zip
c:\documents and settings\AGH\Application Data\m\shared\Flamenco 1.0.zip
c:\documents and settings\AGH\Application Data\m\shared\Flickr Watchr 1.3.zip
c:\documents and settings\AGH\Application Data\m\shared\Form 1099-S Proceeds from Real Estate Transactions 1.01.zip
c:\documents and settings\AGH\Application Data\m\shared\Fuzzy System Component 1.0.zip
c:\documents and settings\AGH\Application Data\m\shared\Garden_Flash_Template_1.0_build_2006.07.27_[Serial].zip
c:\documents and settings\AGH\Application Data\m\shared\Geo_Data_International_Admin_(English)_2.01.zip
c:\documents and settings\AGH\Application Data\m\shared\Ghost_Navigator_2.6.2.zip
c:\documents and settings\AGH\Application Data\m\shared\Go_Game_Skill_of_Endgame_for_Symbian_UIQ_1.1.zip
c:\documents and settings\AGH\Application Data\m\shared\Great Artist - Nudes 1.1.zip
c:\documents and settings\AGH\Application Data\m\shared\GSA Image Analyser 3.1.0.zip
c:\documents and settings\AGH\Application Data\m\shared\Handy_Submit_1.1.zip
c:\documents and settings\AGH\Application Data\m\shared\HelpScribble 7.7.2.zip
c:\documents and settings\AGH\Application Data\m\shared\HKSafeForm_1.5.zip
c:\documents and settings\AGH\Application Data\m\shared\Hotbabe Chess 1.2.zip
c:\documents and settings\AGH\Application Data\m\shared\HPGL_Import_for_SolidWorks_1.0.zip
c:\documents and settings\AGH\Application Data\m\shared\Incoming_demo.zip
c:\documents and settings\AGH\Application Data\m\shared\IsItUp Network Monitor 6.24.zip
c:\documents and settings\AGH\Application Data\m\shared\JexePack_5.6a.zip
c:\documents and settings\AGH\Application Data\m\shared\JiniBong_2.7.zip
c:\documents and settings\AGH\Application Data\m\shared\Kensington_MouseWorks_5.5.zip
c:\documents and settings\AGH\Application Data\m\shared\KnowledgeMiner_5.1.1.zip
c:\documents and settings\AGH\Application Data\m\shared\Las_Vegas_Hotel_Interiors_Screensaver_1.0_With_Crack.zip
c:\documents and settings\AGH\Application Data\m\shared\LingvoSoft_Suite_2007_English_-_Hungarian_2.0.23.zip
c:\documents and settings\AGH\Application Data\m\shared\LingvoSoft_Talking_Picture_Dictionary_2007_French_-_Polish_1.1.18.zip
c:\documents and settings\AGH\Application Data\m\shared\LuckyZoom_1.0_Key+Serial.zip
c:\documents and settings\AGH\Application Data\m\shared\Mark Twain's Quotes 2.1.zip
c:\documents and settings\AGH\Application Data\m\shared\MB Free Learn Tarot Software 1.85.zip
c:\documents and settings\AGH\Application Data\m\shared\Media_Universe_R3.23.zip
c:\documents and settings\AGH\Application Data\m\shared\MindTouch_Deki_1.7.zip
c:\documents and settings\AGH\Application Data\m\shared\Mobile AMR converter 1.5.0.zip
c:\documents and settings\AGH\Application Data\m\shared\MovieTrack_3.4.1.zip
c:\documents and settings\AGH\Application Data\m\shared\nBinder 5.5.1.0.zip
c:\documents and settings\AGH\Application Data\m\shared\netcrafttoolbar 1.1.1.8.zip
c:\documents and settings\AGH\Application Data\m\shared\NetTools_2.6.3.zip
c:\documents and settings\AGH\Application Data\m\shared\Network_Security_Protector_1.6.zip
c:\documents and settings\AGH\Application Data\m\shared\Nimbuzz 0.13.14.zip
c:\documents and settings\AGH\Application Data\m\shared\Normit_1.0.0.47.zip
c:\documents and settings\AGH\Application Data\m\shared\novaPDF_Std_4.2_build_187.zip
c:\documents and settings\AGH\Application Data\m\shared\OX IE Cache 1.10.zip
c:\documents and settings\AGH\Application Data\m\shared\Ozon_1.0_[Cracked].zip
c:\documents and settings\AGH\Application Data\m\shared\Painless Schedule 2.0.29.103.zip
c:\documents and settings\AGH\Application Data\m\shared\Parental_Advisor_1.0.zip
c:\documents and settings\AGH\Application Data\m\shared\PCMesh_Anonymous_Web_Surfing_5.3.0.0_(Patch).zip
c:\documents and settings\AGH\Application Data\m\shared\pdf-Office 6.0.2 Crack.zip
c:\documents and settings\AGH\Application Data\m\shared\Pivot Stickfigure Animator 2.2.5.zip
c:\documents and settings\AGH\Application Data\m\shared\PlumSaver 1.0.zip
c:\documents and settings\AGH\Application Data\m\shared\Port_Monitor_ActiveX_Component_1.5.zip
c:\documents and settings\AGH\Application Data\m\shared\PostgreSQL Sybase ASE Import, Export & Convert Software 7.0.zip
c:\documents and settings\AGH\Application Data\m\shared\Pwd-Gen 1.3.zip
c:\documents and settings\AGH\Application Data\m\shared\Quake_III_Arena_Rocket_Arena_3_v1.76_Patch.zip
c:\documents and settings\AGH\Application Data\m\shared\RC_Localize_5.5_[KeyGen].zip
c:\documents and settings\AGH\Application Data\m\shared\Realtime Landscaping Pro 2.03.zip
c:\documents and settings\AGH\Application Data\m\shared\RegFind 1.0.20.zip
c:\documents and settings\AGH\Application Data\m\shared\Rent Calculator Plus! 04 (KeyGen).zip
c:\documents and settings\AGH\Application Data\m\shared\RTG Conflicts 1.02.zip
c:\documents and settings\AGH\Application Data\m\shared\Rubik's Cube 2.2.zip
c:\documents and settings\AGH\Application Data\m\shared\Screen_Shot_Engine_1.0.zip
c:\documents and settings\AGH\Application Data\m\shared\ShellBrowser_.Net_Edition_1.0_(With_Crack).zip
c:\documents and settings\AGH\Application Data\m\shared\Shopping_fun_toolbar_for_IE_4.5.129.0.zip
c:\documents and settings\AGH\Application Data\m\shared\SIMAGIS_2.0.zip
c:\documents and settings\AGH\Application Data\m\shared\SmarterStats 3.1.2357.zip
c:\documents and settings\AGH\Application Data\m\shared\Source_Replicator_1.0.zip
c:\documents and settings\AGH\Application Data\m\shared\Space_Combat_1.zip
c:\documents and settings\AGH\Application Data\m\shared\Stored_Procedure_Generator_pro_1.0_Serial.zip
c:\documents and settings\AGH\Application Data\m\shared\Strike Drive 1.0.zip
c:\documents and settings\AGH\Application Data\m\shared\Superman Returns Screensaver.zip
c:\documents and settings\AGH\Application Data\m\shared\Table2CSS Converter 2.4.1.zip
c:\documents and settings\AGH\Application Data\m\shared\Text_Handler_2.2_(KeyGen).zip
c:\documents and settings\AGH\Application Data\m\shared\The Hat 2.3.zip
c:\documents and settings\AGH\Application Data\m\shared\TimeTool_3.3.3.zip
c:\documents and settings\AGH\Application Data\m\shared\TitleFix_1.1.zip
c:\documents and settings\AGH\Application Data\m\shared\UltraPlayer_Media_Player_2.112.zip
c:\documents and settings\AGH\Application Data\m\shared\Urban_Celebration_1.0.zip
c:\documents and settings\AGH\Application Data\m\shared\VolTimer_1.zip
c:\documents and settings\AGH\Application Data\m\shared\Wifi-Owl (Bundle) 2.2.0.14593.zip
c:\documents and settings\AGH\Application Data\m\shared\Word_Viewer_ActiveX_Control_3.2_[Key].zip
c:\documents and settings\AGH\Application Data\m\srvlist.oct
c:\documents and settings\AGH\Local Settings\Application Data\uipoysvotv.dat
c:\documents and settings\AGH\Local Settings\Application Data\uipoysvotv_nav.dat
c:\documents and settings\AGH\Local Settings\Application Data\uipoysvotv_navps.dat
c:\documents and settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer
c:\documents and settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Conditions générales.url
c:\documents and settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Confidentialité.url
c:\documents and settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Désinstaller.lnk
c:\documents and settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
c:\documents and settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Website.url
C:\InfoSat.txt
c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe
c:\program files\webmediaplayer
c:\program files\webmediaplayer\resources\languages_v2.xml
c:\program files\webmediaplayer\resources\webmedias
c:\program files\webmediaplayer\skins\classic.skn
c:\program files\webmediaplayer\sqlite3.dll
c:\program files\webmediaplayer\uninst.exe
c:\program files\webmediaplayer\WebMediaPlayer.exe
c:\windows\svchost.ini
c:\windows\system32\ban_list.txt
c:\windows\system32\drivers\downld
c:\windows\system32\drivers\downld\15599078.exe
c:\windows\system32\drivers\downld\15603718.exe
c:\windows\system32\drivers\downld\15604296.exe
c:\windows\system32\drivers\downld\15614828.exe
c:\windows\system32\drivers\downld\15621531.exe
c:\windows\system32\drivers\downld\15650734.exe
c:\windows\system32\drivers\downld\15686500.exe
c:\windows\system32\drivers\downld\15687671.exe
c:\windows\system32\drivers\downld\15690062.exe
c:\windows\system32\drivers\downld\15734578.exe
c:\windows\system32\drivers\downld\15752671.exe
c:\windows\system32\drivers\downld\201125.exe
c:\windows\system32\drivers\downld\203656.exe
c:\windows\system32\drivers\downld\208250.exe
c:\windows\system32\drivers\downld\209250.exe
c:\windows\system32\drivers\downld\209359.exe
c:\windows\system32\drivers\downld\209671.exe
c:\windows\system32\drivers\downld\210421.exe
c:\windows\system32\drivers\downld\216718.exe
c:\windows\system32\drivers\downld\216828.exe
c:\windows\system32\drivers\downld\218156.exe
c:\windows\system32\drivers\downld\220390.exe
c:\windows\system32\drivers\downld\224375.exe
c:\windows\system32\drivers\downld\224593.exe
c:\windows\system32\drivers\downld\225187.exe
c:\windows\system32\drivers\downld\231906.exe
c:\windows\system32\drivers\downld\235203.exe
c:\windows\system32\drivers\downld\236187.exe
c:\windows\system32\drivers\downld\238359.exe
c:\windows\system32\drivers\downld\239140.exe
c:\windows\system32\drivers\downld\239812.exe
c:\windows\system32\drivers\downld\240390.exe
c:\windows\system32\drivers\downld\243875.exe
c:\windows\system32\drivers\downld\243906.exe
c:\windows\system32\drivers\downld\244859.exe
c:\windows\system32\drivers\downld\246843.exe
c:\windows\system32\drivers\downld\249765.exe
c:\windows\system32\drivers\downld\251656.exe
c:\windows\system32\drivers\downld\253312.exe
c:\windows\system32\drivers\downld\254093.exe
c:\windows\system32\drivers\downld\254406.exe
c:\windows\system32\drivers\downld\255359.exe
c:\windows\system32\drivers\downld\256468.exe
c:\windows\system32\drivers\downld\259343.exe
c:\windows\system32\drivers\downld\260437.exe
c:\windows\system32\drivers\downld\263968.exe
c:\windows\system32\drivers\downld\264109.exe
c:\windows\system32\drivers\downld\264515.exe
c:\windows\system32\drivers\downld\266062.exe
c:\windows\system32\drivers\downld\266968.exe
c:\windows\system32\drivers\downld\268703.exe
c:\windows\system32\drivers\downld\268859.exe
c:\windows\system32\drivers\downld\274796.exe
c:\windows\system32\drivers\downld\275140.exe
c:\windows\system32\drivers\downld\279906.exe
c:\windows\system32\drivers\downld\280937.exe
c:\windows\system32\drivers\downld\283437.exe
c:\windows\system32\drivers\downld\287578.exe
c:\windows\system32\drivers\downld\290343.exe
c:\windows\system32\drivers\downld\294531.exe
c:\windows\system32\drivers\downld\295562.exe
c:\windows\system32\drivers\downld\298875.exe
c:\windows\system32\drivers\downld\299046.exe
c:\windows\system32\drivers\downld\301484.exe
c:\windows\system32\drivers\downld\303140.exe
c:\windows\system32\drivers\downld\304000.exe
c:\windows\system32\drivers\downld\304218.exe
c:\windows\system32\drivers\downld\304421.exe
c:\windows\system32\drivers\downld\304562.exe
c:\windows\system32\drivers\downld\305890.exe
c:\windows\system32\drivers\downld\307671.exe
c:\windows\system32\drivers\downld\308062.exe
c:\windows\system32\drivers\downld\308437.exe
c:\windows\system32\drivers\downld\311062.exe
c:\windows\system32\drivers\downld\315734.exe
c:\windows\system32\drivers\downld\317421.exe
c:\windows\system32\drivers\downld\317593.exe
c:\windows\system32\drivers\downld\321968.exe
c:\windows\system32\drivers\downld\326828.exe
c:\windows\system32\drivers\downld\327390.exe
c:\windows\system32\drivers\downld\328500.exe
c:\windows\system32\drivers\downld\328781.exe
c:\windows\system32\drivers\downld\329156.exe
c:\windows\system32\drivers\downld\329187.exe
c:\windows\system32\drivers\downld\329890.exe
c:\windows\system32\drivers\downld\330328.exe
c:\windows\system32\drivers\downld\33041031.exe
c:\windows\system32\drivers\downld\33047625.exe
c:\windows\system32\drivers\downld\33048953.exe
c:\windows\system32\drivers\downld\33059625.exe
c:\windows\system32\drivers\downld\33067593.exe
c:\windows\system32\drivers\downld\33096968.exe
c:\windows\system32\drivers\downld\331000.exe
c:\windows\system32\drivers\downld\33126406.exe
c:\windows\system32\drivers\downld\33136453.exe
c:\windows\system32\drivers\downld\33137515.exe
c:\windows\system32\drivers\downld\33139578.exe
c:\windows\system32\drivers\downld\33169250.exe
c:\windows\system32\drivers\downld\33178359.exe
c:\windows\system32\drivers\downld\332812.exe
c:\windows\system32\drivers\downld\334046.exe
c:\windows\system32\drivers\downld\335343.exe
c:\windows\system32\drivers\downld\338000.exe
c:\windows\system32\drivers\downld\339062.exe
c:\windows\system32\drivers\downld\340218.exe
c:\windows\system32\drivers\downld\341437.exe
c:\windows\system32\drivers\downld\342484.exe
c:\windows\system32\drivers\downld\342500.exe
c:\windows\system32\drivers\downld\342687.exe
c:\windows\system32\drivers\downld\343906.exe
c:\windows\system32\drivers\downld\345375.exe
c:\windows\system32\drivers\downld\346031.exe
c:\windows\system32\drivers\downld\346187.exe
c:\windows\system32\drivers\downld\347765.exe
c:\windows\system32\drivers\downld\348062.exe
c:\windows\system32\drivers\downld\352453.exe
c:\windows\system32\drivers\downld\353171.exe
c:\windows\system32\drivers\downld\356265.exe
c:\windows\system32\drivers\downld\357859.exe
c:\windows\system32\drivers\downld\358250.exe
c:\windows\system32\drivers\downld\359484.exe
c:\windows\system32\drivers\downld\359875.exe
c:\windows\system32\drivers\downld\361046.exe
c:\windows\system32\drivers\downld\363250.exe
c:\windows\system32\drivers\downld\367437.exe
c:\windows\system32\drivers\downld\369343.exe
c:\windows\system32\drivers\downld\376453.exe
c:\windows\system32\drivers\downld\377031.exe
c:\windows\system32\drivers\downld\378593.exe
c:\windows\system32\drivers\downld\381437.exe
c:\windows\system32\drivers\downld\382531.exe
c:\windows\system32\drivers\downld\383421.exe
c:\windows\system32\drivers\downld\386109.exe
c:\windows\system32\drivers\downld\386281.exe
c:\windows\system32\drivers\downld\388625.exe
c:\windows\system32\drivers\downld\390171.exe
c:\windows\system32\drivers\downld\391546.exe
c:\windows\system32\drivers\downld\392250.exe
c:\windows\system32\drivers\downld\394468.exe
c:\windows\system32\drivers\downld\395437.exe
c:\windows\system32\drivers\downld\400296.exe
c:\windows\system32\drivers\downld\401484.exe
c:\windows\system32\drivers\downld\403906.exe
c:\windows\system32\drivers\downld\406968.exe
c:\windows\system32\drivers\downld\408171.exe
c:\windows\system32\drivers\downld\408718.exe
c:\windows\system32\drivers\downld\418750.exe
c:\windows\system32\drivers\downld\419843.exe
c:\windows\system32\drivers\downld\422046.exe
c:\windows\system32\drivers\downld\422156.exe
c:\windows\system32\drivers\downld\424578.exe
c:\windows\system32\drivers\downld\436671.exe
c:\windows\system32\drivers\downld\445906.exe
c:\windows\system32\drivers\downld\452468.exe
c:\windows\system32\drivers\downld\479671.exe
c:\windows\system32\drivers\downld\496703.exe
c:\windows\system32\drivers\downld\500406.exe
c:\windows\system32\drivers\downld\523546.exe
c:\windows\system32\drivers\downld\551734.exe
c:\windows\system32\drivers\downld\556718.exe
c:\windows\system32\drivers\downld\568125.exe
c:\windows\system32\drivers\downld\571671.exe
c:\windows\system32\drivers\downld\598609.exe
c:\windows\system32\drivers\downld\61687312.exe
c:\windows\system32\drivers\downld\61693250.exe
c:\windows\system32\drivers\downld\61694125.exe
c:\windows\system32\drivers\downld\61706984.exe
c:\windows\system32\drivers\downld\61738218.exe
c:\windows\system32\drivers\downld\61740078.exe
c:\windows\system32\drivers\downld\61779531.exe
c:\windows\system32\drivers\downld\61780546.exe
c:\windows\system32\drivers\downld\61783171.exe
c:\windows\system32\drivers\downld\61814015.exe
c:\windows\system32\drivers\downld\61822859.exe
c:\windows\system32\drivers\downld\83115718.exe
c:\windows\system32\drivers\downld\83120578.exe
c:\windows\system32\drivers\downld\83121187.exe
c:\windows\system32\drivers\downld\83158421.exe
c:\windows\system32\drivers\downld\83161265.exe
c:\windows\system32\drivers\downld\83191109.exe
c:\windows\system32\drivers\downld\83192390.exe
c:\windows\system32\drivers\downld\83218765.exe
c:\windows\system32\drivers\downld\83231453.exe
c:\windows\system32\drivers\downld\83232515.exe
c:\windows\system32\drivers\downld\83234968.exe
c:\windows\system32\drivers\downld\83275375.exe
c:\windows\system32\drivers\downld\83285328.exe
c:\windows\system32\drivers\srosa.sys
c:\windows\system32\drivers\srosa2.sys
c:\windows\system32\drivers\winfilse.exe
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s


((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-29 ))))))))))))))))))))))))))))))))))))
.

2008-11-28 01:48 . 2008-11-28 01:49 <REP> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-28 00:15 . 2008-11-28 00:28 <REP> d-------- C:\SQL2KSP4
2008-11-26 17:16 . 2008-11-26 17:16 <REP> d-------- C:\TOS-All-r20205-V3.0.2(2)
2008-11-26 16:53 . 2008-11-26 17:03 246,383,578 --a------ C:\TOS-All-r20205-V3.0.2(2).zip
2008-11-21 23:57 . 2008-11-22 12:22 588,969 --a------ c:\windows\Pink Floyd.exe
2008-11-21 23:57 . 2008-11-22 12:22 407,240 --a------ c:\windows\Pink Floyd.scr
2008-11-21 23:57 . 2008-11-22 12:22 40,960 --a------ c:\windows\Pink Floyd.dll
2008-11-21 23:57 . 2008-11-22 12:22 18,192 --a------ c:\windows\Pink Floyd.dat
2008-11-12 15:47 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 15:20 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-29 09:43 --------- d-----w c:\documents and settings\AGH\Application Data\OpenOffice.org2
2008-11-28 13:31 --------- d-----w c:\program files\eMule
2008-11-28 00:48 --------- d-----w c:\program files\Microsoft SQL Server
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-15 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7557120]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-13 185632]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-29 81000]
"CFSServ.exe"="CFSServ.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]

c:\documents and settings\AGH\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide de Microsoft Office OneNote 2003.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 59080]
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2008-03-18 81920]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 257752]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1024:TCP"= 1024:TCP:Windows Media Connect

R2 KAV;Windows Support;c:\windows\system32\drivers\inf\svchost.exe [2008-06-09 2011136]
R2 OracleOraHome92Agent;OracleOraHome92Agent;c:\oracle\ora92\bin\agntsrvc.exe [2002-04-26 28944]
R2 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer;"c:\oracle\ora92\Apache\Apache\apache.exe" --ntservice [2002-04-18 4096]
R2 OracleServiceBDAGH;OracleServiceBDAGH;c:\oracle\ora92\bin\ORACLE.EXE BDAGH []
R3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-09-22 7040]
S1 aswSP;avast! Self Protection; []
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys []
S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache;c:\oracle\ora92\BIN\ONRSD.EXE [2002-04-26 242328]
S3 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator;c:\oracle\ora92\BIN\ENCSVC.EXE [2002-02-13 187392]
S3 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent;c:\oracle\ora92\BIN\AGNTSVC.EXE [2002-02-13 254464]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{176ccb92-e35d-11db-8933-00a0d15578a3}]
\Shell\AutoRun\command - E:\ie.exe
\Shell\explore\Command - E:\ie.exe
\Shell\open\Command - E:\ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{509e0aad-0775-11dc-8966-00a0d15578a3}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{509e0aae-0775-11dc-8966-00a0d15578a3}]
\Shell\AutoRun\command - video.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6334117e-824f-11dc-8a7a-00a0d15578a3}]
\Shell\AutoRun\command - E:\RavMon.exe
\Shell\explore\Command - E:\RavMon.exe -e
\Shell\open\Command - E:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92bd3a63-816f-11dc-8a76-0018de4b507e}]
\Shell\AutoRun\command - E:\RavMon.exe
\Shell\explore\Command - E:\RavMon.exe -e
\Shell\open\Command - E:\RavMon.exe
.
Contenu du dossier 'Tâches planifiées'

2008-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-TOSCDSPD - c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe
SafeBoot-sglfb.sys
SafeBoot-tga.sys
SafeBoot-wd.sys
SafeBoot-sacsvr


.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\AGH\Application Data\Mozilla\Firefox\Profiles\rwl12fub.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npoji610.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 16:20:55
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome92PagingServer]
"ImagePath"="c:\oracle\ora92/bin/pagntsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome92TNSListener]
"ImagePath"="c:\oracle\ora92\BIN\TNSLSNR "
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1240)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\msdtc.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\progra~1\MICROS~4\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft Analysis Services\Bin\msmdsrv.exe
c:\windows\system32\nvsvc32.exe
c:\oracle\ora92\bin\TNSLSNR.EXE
c:\oracle\ora92\bin\dbsnmp.exe
c:\oracle\ora92\bin\oracle.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\windows\ehome\mcrdsvc.exe
c:\oracle\ora92\jdk\bin\java.exe
c:\oracle\ora92\jdk\bin\java.exe
c:\oracle\ora92\bin\isqlplus
c:\windows\system32\dllhost.exe
c:\program files\Toshiba\ConfigFree\CFSServ.exe
c:\program files\OpenOffice.org 2.2\program\soffice.exe
c:\program files\OpenOffice.org 2.2\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2008-11-29 16:29:38 - La machine a redémarré [AGH]
ComboFix-quarantined-files.txt 2008-11-29 15:29:36

Avant-CF: 11,598,098,432 octets libres
Après-CF: 11,821,465,600 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

542 --- E O F --- 2008-11-13 11:52:40


Merci d'avance.

Autres pages sur : virus bagle

29 Novembre 2008 18:41:40

Bonsoir,

1) Télécharge et exécute le Désinstalleur d'Avast!.
Ceci effacera la majorité des traces du produit Avast! d'Alwil Software.

Télécharge et exécute le Norton Removal Tool.
Ce produit va désinstaller la majorité des traces des produits Symantec.

2) Télécharge Flash Disinfector (de sUBs) sur ton Bureau.

  • Connecte tous les périphériques externes. ( DD , USB , ..... )
  • Double clique sur Flash Disinfector et laisse toi guider.

    3) Sélectionne l'intégralité du cadre ci-dessous :

    File::
    E:\RavMon.exe
    E:\video.exe
    E:\ie.exe

    Suspect::
    c:\windows\Pink Floyd.exe
    c:\windows\Pink Floyd.scr
    c:\windows\Pink Floyd.dll
    c:\windows\Pink Floyd.dat

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"=-
    "Adobe Photo Downloader"=-
    "QuickTime Task"=-
    "iTunesHelper"=-
    "Adobe Reader Speed Launcher"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{176ccb92-e35d-11db-8933-00a0d15578a3}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{509e0aae-0775-11dc-8966-00a0d15578a3}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6334117e-824f-11dc-8a7a-00a0d15578a3}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92bd3a63-816f-11dc-8a76-0018de4b507e}]


  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix.
  • ComboFix créera ces fichiers sur ton Bureau :
    - Un fichier zippé nommé Submit [Date Time].zip
    - Un second fichier nommé - CF-Submit.htm
  • ComboFix peut exiger un redémarrage pour compléter son travail. Accepte.
  • Lorsque l'outil aura terminé, un rapport ComboFix.log apparaîtra à l'écran.
  • Une nouvelle fenêtre avec invite "Submit Files for further analysis" s'ouvrira. Clique "OK"
  • Ton navigateur se lancera automatiquement avec le fichier CF-Submit.htm et une fenêtre s'ouvrira :
    - Clique sur le bouton "Browse"("Parcourir") et navigue vers le fichier
    Submit [Date Time].zip qui est sur ton Bureau.
    - Clique sur le fichier afin de le sélectionner.
  • Soumets le fichier en cliquant "OK"
  • Lorsque cette opération sera complétée, tu peux supprimer ces deux fichiers qui se trouvent sur ton Bureau.
    Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
    29 Novembre 2008 19:16:39

    Bonsoir
    merci ton aide
    avant de voir te reponse j'ai essayé de désinstaller Avast et j'ai réussi sans problème
    j'ai ensuite telechargé Antivir sans problème et là je scan depuis plus d'une heure qu'est ce que tu en pense stp!!!!
    Contenus similaires
    Pas de réponse à votre question ? Demandez !
    29 Novembre 2008 19:32:26

    Slt,

    Et voici le rapport Antivir:



    Avira AntiVir Personal
    Report file date: samedi 29 novembre 2008 18:04

    Scanning for 1058638 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: AGHILES

    Version information:
    BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
    AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:26
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
    ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 16:57:13
    ANTIVIR2.VDF : 7.1.0.124 376832 Bytes 23/11/2008 17:03:04
    ANTIVIR3.VDF : 7.1.0.157 195072 Bytes 28/11/2008 17:03:04
    Engineversion : 8.2.0.36
    AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56
    AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/11/2008 14:00:07
    AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41
    AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
    AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 09:41:39
    AEOFFICE.DLL : 8.1.0.30 196986 Bytes 07/11/2008 15:06:41
    AEHEUR.DLL : 8.1.0.71 1487222 Bytes 07/11/2008 15:06:41
    AEHELP.DLL : 8.1.2.0 119159 Bytes 29/11/2008 17:03:06
    AEGEN.DLL : 8.1.1.6 323955 Bytes 29/11/2008 17:03:05
    AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
    AECORE.DLL : 8.1.5.2 172405 Bytes 29/11/2008 17:03:05
    AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: samedi 29 novembre 2008 18:04

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'HijackThis.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'soffice.bin' - '1' Module(s) have been scanned
    Scan process 'soffice.exe' - '1' Module(s) have been scanned
    Scan process 'sqlmangr.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'QTTask.exe' - '1' Module(s) have been scanned
    Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
    Scan process 'realsched.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'dllhost.exe' - '1' Module(s) have been scanned
    Scan process 'isqlplus' - '1' Module(s) have been scanned
    Scan process 'java.exe' - '1' Module(s) have been scanned
    Scan process 'java.exe' - '1' Module(s) have been scanned
    Scan process 'Apache.exe' - '1' Module(s) have been scanned
    Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
    Scan process 'X10nets.exe' - '1' Module(s) have been scanned
    Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
    Scan process 'TAPPSRV.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'oracle.exe' - '1' Module(s) have been scanned
    Scan process 'dbsnmp.exe' - '1' Module(s) have been scanned
    Scan process 'cmd.exe' - '1' Module(s) have been scanned
    Scan process 'TNSLSNR.EXE' - '1' Module(s) have been scanned
    Scan process 'Apache.exe' - '1' Module(s) have been scanned
    Scan process 'agntsrvc.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'msmdsrv.exe' - '1' Module(s) have been scanned
    Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ehSched.exe' - '1' Module(s) have been scanned
    Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
    Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'msdtc.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
    Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    63 processes with 63 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '55' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\AGH\Bureau\poubelle\CLE\DOC_CRM\methods_customer_relationship_management_fr.html
    [DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\flec006.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\Program Files\Toshiba\TOSCDSPD\toscdspd.exe.vir
    [DETECTION] Is the TR/Dldr.Bagle.agn Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\wintems.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\winfilse.exe.vir
    [DETECTION] Is the TR/Dldr.Bagle.agn Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_srosa_.sys.zip
    [0] Archive type: ZIP
    --> srosa.sys
    [DETECTION] Is the TR/Rootkit.Gen Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\15614828.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was moved to '4967844d.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\15621531.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was moved to '49678452.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\201125.exe.vir
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\216828.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\218156.exe.vir
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\224375.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\224593.exe.vir
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\225187.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was moved to '49668477.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\239812.exe.vir
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was moved to '496a847d.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\243875.exe.vir
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was moved to '49648484.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\243906.exe.vir
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was moved to '49648488.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\244859.exe.vir
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [WARNING] The file was ignored!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\249765.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [WARNING] The file was ignored!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\256468.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was moved to '496784a9.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\264515.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was moved to '496584b0.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\266968.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was moved to '496784b3.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\268703.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\268859.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\274796.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [WARNING] The file was ignored!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\275140.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [WARNING] The file was ignored!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\279906.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [WARNING] The file was ignored!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\280937.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [WARNING] The file was ignored!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\283437.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [WARNING] The file was ignored!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\287578.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [WARNING] The file was ignored!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\294531.exe.vir
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [WARNING] The file was ignored!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\301484.exe.vir
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [WARNING] The file was ignored!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\311062.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [WARNING] The file was ignored!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\317421.exe.vir
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\317593.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\321968.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\326828.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\327390.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\328781.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\329156.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\33041031.exe.vir
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\33059625.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\33067593.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\331000.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\33126406.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\348062.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\353171.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\357859.exe.vir
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\359875.exe.vir
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\378593.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\388625.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\408171.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\568125.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\598609.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\61687312.exe.vir
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\61706984.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\61740078.exe.vir
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\83115718.exe.vir
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\83158421.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\83161265.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\83192390.exe.vir
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\83218765.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP215\A0048232.exe
    [DETECTION] Contains recognition pattern of the DR/LiveTV dropper
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP215\A0048547.sys
    [DETECTION] Is the TR/Rootkit.Gen Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP215\A0048548.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP215\A0048549.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP215\A0048550.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048647.inf
    [DETECTION] Is the TR/Agent.Abt.34 Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048655.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048656.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048663.exe
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048671.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048672.exe
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048674.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048675.exe
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048676.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048682.exe
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048684.exe
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048685.exe
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048686.exe
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048688.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048694.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048699.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048701.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048702.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048703.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048704.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048705.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048706.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048707.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048708.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048709.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048711.exe
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048715.exe
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048725.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048727.exe
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048728.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048729.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048730.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048731.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048733.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048734.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048738.exe
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048741.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048742.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048744.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048745.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048766.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048768.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048770.exe
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048773.exe
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048780.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048786.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048796.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048812.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048814.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048815.exe
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048818.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048820.exe
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048826.exe
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048829.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048830.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048832.exe
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048833.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048840.exe
    [DETECTION] Is the TR/Dldr.Bagle.agn Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048841.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048842.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048843.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP216\A0048846.exe
    [DETECTION] Is the TR/Dldr.Bagle.agn Trojan
    [NOTE] The file was deleted!


    End of the scan: samedi 29 novembre 2008 19:30
    Used time: 1:25:20 Hour(s)

    The scan has been done completely.

    20124 Scanning directories
    1332911 Files were scanned
    130 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    110 files were deleted
    0 files were repaired
    9 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    1332779 Files not concerned
    12470 Archives were scanned
    13 Warnings
    119 Notes

    29 Novembre 2008 21:22:29

    Bonsoir,

    j'ai fait ce que tu m'as dis (mais sans désinstaller Antivir , un oubli!!!)
    je n'ai pas eu de rapport ComboFix.txt
    cela signifirai t-il que tout est enfin OK?
    30 Novembre 2008 10:20:13

    Bonsoir,

    Regarde dans C:\ComboFix.txt, sinon refais la manipulation :) 
    30 Novembre 2008 10:45:03

    Bonjour,

    Tu as raison le rapport y état effectivement :

    ComboFix 08-11-29.02 - AGH 2008-11-29 20:38:19.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.323 [GMT 1:00]
    Lancé depuis: c:\documents and settings\AGH\Bureau\Combo-Fix.exe
    Commutateurs utilisés :: c:\documents and settings\AGH\Bureau\CFScript.txt
    * Un nouveau point de restauration a été créé

    FILE ::
    E:\ie.exe
    E:\RavMon.exe
    E:\video.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-29 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-29 20:23 . 2008-11-29 20:23 <REP> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
    2008-11-29 18:01 . 2008-11-29 18:01 <REP> d-------- c:\program files\Avira
    2008-11-29 18:01 . 2008-11-29 18:01 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
    2008-11-29 16:53 . 2008-11-29 16:53 <REP> d-------- c:\program files\Trend Micro
    2008-11-28 01:48 . 2008-11-28 01:49 <REP> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
    2008-11-28 00:15 . 2008-11-28 00:28 <REP> d-------- C:\SQL2KSP4
    2008-11-26 17:16 . 2008-11-26 17:16 <REP> d-------- C:\TOS-All-r20205-V3.0.2(2)
    2008-11-26 16:53 . 2008-11-26 17:03 246,383,578 --a------ C:\TOS-All-r20205-V3.0.2(2).zip
    2008-11-21 23:57 . 2008-11-22 12:22 588,969 --a------ c:\windows\Pink Floyd.exe
    2008-11-21 23:57 . 2008-11-22 12:22 407,240 --a------ c:\windows\Pink Floyd.scr
    2008-11-21 23:57 . 2008-11-22 12:22 40,960 --a------ c:\windows\Pink Floyd.dll
    2008-11-21 23:57 . 2008-11-22 12:22 18,192 --a------ c:\windows\Pink Floyd.dat
    2008-11-12 15:47 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-29 19:05 --------- d-----w c:\documents and settings\AGH\Application Data\OpenOffice.org2
    2008-11-29 19:03 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2008-11-28 13:31 --------- d-----w c:\program files\eMule
    2008-11-28 00:48 --------- d-----w c:\program files\Microsoft SQL Server
    2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
    2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
    2008-09-04 16:45 1,106,944 ----a-w c:\windows\system32\msxml3.dll
    2008-08-29 19:06 1,350,664 ----a-w c:\windows\system32\msxml6.dll
    2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
    2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-11-29_16.25.47.89 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-05-09 11:15:51 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys
    + 2008-01-21 16:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys
    + 2008-10-30 09:21:03 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
    + 2007-03-01 08:34:22 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys
    + 2008-11-29 19:03:31 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_3e4.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
    "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-15 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7557120]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "CFSServ.exe"="CFSServ.exe" [BU]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]

    c:\documents and settings\AGH\Menu D‚marrer\Programmes\D‚marrage\
    Lancement rapide de Microsoft Office OneNote 2003.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 59080]
    OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2008-03-18 81920]
    Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 257752]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1024:TCP"= 1024:TCP:Windows Media Connect

    R2 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer;"c:\oracle\ora92\Apache\Apache\apache.exe" --ntservice [2002-04-18 4096]
    R2 OracleServiceBDAGH;OracleServiceBDAGH;c:\oracle\ora92\bin\ORACLE.EXE BDAGH []
    R3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-09-22 7040]
    S2 KAV;Windows Support;c:\windows\system32\drivers\inf\svchost.exe [2008-06-09 2011136]
    S2 OracleOraHome92Agent;OracleOraHome92Agent;c:\oracle\ora92\bin\agntsrvc.exe [2002-04-26 28944]
    S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache;c:\oracle\ora92\BIN\ONRSD.EXE [2002-04-26 242328]
    S3 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator;c:\oracle\ora92\BIN\ENCSVC.EXE [2002-02-13 187392]
    S3 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent;c:\oracle\ora92\BIN\AGNTSVC.EXE [2002-02-13 254464]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{509e0aad-0775-11dc-8966-00a0d15578a3}]
    \Shell\AutoRun\command - E:\LaunchU3.exe -a

    *Newly Created Service* - SSMDRV
    .
    Contenu du dossier 'Tâches planifiées'

    2008-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-29 20:41:25
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...


    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\OracleOraHome92PagingServer]
    "ImagePath"="c:\oracle\ora92/bin/pagntsrv.exe"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\OracleOraHome92TNSListener]
    "ImagePath"="c:\oracle\ora92\BIN\TNSLSNR "
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(1240)
    c:\windows\system32\Ati2evxx.dll
    .
    Heure de fin: 2008-11-29 20:43:47
    ComboFix-quarantined-files.txt 2008-11-29 19:42:29
    ComboFix2.txt 2008-11-29 15:29:39

    Avant-CF: 11 737 751 552 octets libres
    Après-CF: 11,741,552,640 octets libres

    135 --- E O F --- 2008-11-13 11:52:40

    Merci bcp...
    30 Novembre 2008 11:05:27

    Re,

    1) Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
    - Coche Afficher les fichiers et dossiers cachés
    - Décoche Masquer les extensions des fichiers dont le type est connu
    - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
    clique sur Appliquer, puis OK.

    N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

    Fais analyser le(s) fichier(s) suivants sur Virustotal

  • Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier : c:\windows\Pink Floyd.exe
  • Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image :
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.

    2) Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
    Une fois l'installation et la mise à jour effectuées :
  • Fais redémarrer ton ordinateur en mode sans échec
    - Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
    -- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
    --- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
    ---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

    ~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    ~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
    ~~~~ Fais redémarrer ton ordinateur normalement et poste le rapport dans ta prochaine réponse.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    Note : Si tu ne parviens à télécharger MBAM à part de MajorGeeks, tu peux le télécharger ici!

    [#FF0000]Aide
    :
  • Comment utiliser MBAM.
  • Comment faire démarrer son ordinateur en mode sans échec.
    30 Novembre 2008 16:02:23

    Re,

    Voici le rapport de Virustotal :


    Fichier Pink_Floyd.exe reçu le 2008.11.30 11:54:23 (CET)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.11.28.2 2008.11.29 -
    AntiVir 7.9.0.36 2008.11.29 -
    Authentium 5.1.0.4 2008.11.30 -
    Avast 4.8.1281.0 2008.11.29 -
    AVG 8.0.0.199 2008.11.29 -
    BitDefender 7.2 2008.11.30 -
    CAT-QuickHeal 10.00 2008.11.29 -
    ClamAV 0.94.1 2008.11.30 -
    DrWeb 4.44.0.09170 2008.11.29 -
    eSafe 7.0.17.0 2008.11.30 -
    eTrust-Vet 31.6.6234 2008.11.28 -
    Ewido 4.0 2008.11.29 -
    F-Prot 4.4.4.56 2008.11.29 -
    F-Secure 8.0.14332.0 2008.11.30 -
    Fortinet 3.117.0.0 2008.11.30 -
    GData 19 2008.11.30 -
    Ikarus T3.1.1.45.0 2008.11.30 -
    K7AntiVirus 7.10.538 2008.11.29 -
    Kaspersky 7.0.0.125 2008.11.30 -
    McAfee 5449 2008.11.29 -
    McAfee+Artemis 5449 2008.11.29 -
    Microsoft 1.4104 2008.11.30 -
    NOD32 3651 2008.11.30 -
    Norman 5.80.02 2008.11.28 -
    Panda 9.0.0.4 2008.11.29 -
    PCTools 4.4.2.0 2008.11.29 -
    Prevx1 V2 2008.11.30 -
    Rising 21.05.62.00 2008.11.30 -
    SecureWeb-Gateway 6.7.6 2008.11.29 -
    Sophos 4.36.0 2008.11.30 -
    Sunbelt 3.1.1832.2 2008.11.27 -
    Symantec 10 2008.11.30 -
    TheHacker 6.3.1.1.169 2008.11.29 -
    TrendMicro 8.700.0.1004 2008.11.28 -
    VBA32 3.12.8.9 2008.11.29 -
    ViRobot 2008.11.29.1492 2008.11.29 -
    VirusBuster 4.5.11.0 2008.11.29 -
    Information additionnelle
    File size: 588969 bytes
    MD5...: e5ad1a080763753cf762f368b7a5bb60
    SHA1..: 1b90876b8d8d1592472e973717cf42f72d4d47b3
    SHA256: b66c8f02a62735092622296f2287fb41a903cb93a1eed0654e268fb20a62923a
    SHA512: 5a49ff1c7bef3e98ac490b56f0e8d4909a7b6f36767747e77af5835f8696834f<br>07bbb5a3ff98fbbf6f4bb40c62d12687d666d5f16e03fa834424947495b91873<br>
    ssdeep: 12288:n0/zSknQPmbFlXTPhvHA7azeJn8nl0iT00/ALdE:NqbFR9A7aCn8l0iTN/<br>r<br>
    PEiD..: Macromedia Windows Flash Projector/Player v5.0
    TrID..: File type identification<br>Macromedia Projector/Flash executable (94.0%)<br>Win32 Executable MS Visual C++ (generic) (3.1%)<br>Windows Screen Saver (1.0%)<br>Win32 Executable Generic (0.7%)<br>Win32 Dynamic Link Library (generic) (0.6%)
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40d3b0<br>timedatestamp.....: 0x399c98bd (Fri Aug 18 02:00:29 2000)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x44b2c 0x45000 6.52 99b5e638d3bbf5d9e6fa65d173fffdff<br>.rdata 0x46000 0x7c58 0x8000 5.38 ad98c90bd16d466f92f591c26e604910<br>.data 0x4e000 0x467c 0x3000 6.33 63e0565b1f308fb0ef0227c8e2f6a512<br>.data1 0x53000 0xb0 0x1000 0.27 c296d471842422764f23588df0c9cea8<br>.rsrc 0x54000 0x96d0 0xa000 3.93 255803c9a3b2f08049d92aa30789daec<br><br>( 7 imports ) <br>> KERNEL32.dll: ReadFile, GlobalAlloc, GetProcAddress, LoadLibraryA, SetErrorMode, InitializeCriticalSection, SystemTimeToFileTime, GetSystemTime, GetTimeZoneInformation, IsDBCSLeadByte, GetACP, GetCPInfo, Sleep, WaitForMultipleObjects, CreateThread, ExitThread, WinExec, CopyFileA, WriteFile, SetEndOfFile, DeleteFileA, GetVersionExA, CreateFileA, GetFileSize, SetFilePointer, CloseHandle, GlobalUnlock, GlobalLock, GetModuleFileNameA, GetCommandLineA, GetModuleHandleA, ExitProcess, lstrlenA, GetStartupInfoA, CreateProcessA, EnterCriticalSection, GlobalFree, LeaveCriticalSection, DeleteCriticalSection, QueryPerformanceCounter<br>> USER32.dll: SetTimer, GetFocus, SetCapture, ReleaseCapture, SetCursor, EndPaint, BeginPaint, MessageBoxA, DeleteMenu, ClientToScreen, TrackPopupMenu, GetCapture, GetCursorPos, WindowFromPoint, ScreenToClient, MapVirtualKeyA, CheckMenuItem, InvalidateRect, PostMessageA, GetDlgItemTextA, EnableWindow, SetDlgItemTextA, SetFocus, GetClientRect, GetMenu, SetMenu, GetDesktopWindow, MoveWindow, DialogBoxParamA, FillRect, KillTimer, EnableMenuItem, PostQuitMessage, LoadMenuA, ShowWindow, UpdateWindow, LoadIconA, LoadCursorA, RegisterClassA, LoadAcceleratorsA, GetMessageA, TranslateMessage, DispatchMessageA, TranslateAcceleratorA, GetWindow, GetWindowRect, SetWindowPos, GetWindowLongA, DefWindowProcA, IsWindow, DestroyWindow, CreateWindowExA, SetWindowLongA, DdeInitializeA, DdeCreateStringHandleA, DdeConnect, DdeClientTransaction, DdeDisconnect, DdeFreeStringHandle, DdeUninitialize, GetKeyState, EmptyClipboard, SetClipboardData, EndDialog, GetSubMenu, LoadStringA, OpenClipboard, GetClipboardData, CloseClipboard, GetDC, ReleaseDC, GetWindowTextLengthA, GetDlgItem, DestroyMenu<br>> GDI32.dll: SetPolyFillMode, StrokePath, ExtCreatePen, DeleteObject, SelectObject, StretchDIBits, SetDIBitsToDevice, GdiFlush, CreateCompatibleBitmap, DeleteDC, CreateDIBSection, GetDeviceCaps, EndPath, CreateCompatibleDC, BitBlt, EnumFontFamiliesA, ExtTextOutA, SetBkColor, GetBkColor, SetTextAlign, SetBkMode, SetTextColor, SelectClipRgn, LineTo, MoveToEx, CreatePen, GetTextExtentPoint32A, GetTextMetricsA, GetTextAlign, GetBkMode, GetTextColor, IntersectClipRect, GetClipRgn, CreateRectRgn, CreateFontIndirectA, DPtoLP, GetObjectA, RealizePalette, StartDocA, LPtoDP, StartPage, EndPage, EndDoc, BeginPath, CreatePalette, SelectPalette, GetSystemPaletteEntries, FillPath, SelectClipPath, PolyBezierTo, GetClipBox, SaveDC, RestoreDC, CreateSolidBrush<br>> comdlg32.dll: GetSaveFileNameA, GetOpenFileNameA, PrintDlgA<br>> ADVAPI32.dll: RegSetValueA, RegCreateKeyA, RegQueryValueExA, RegCloseKey, RegQueryValueA, RegOpenKeyExA, RegSetValueExA<br>> SHELL32.dll: DragQueryFileA, DragAcceptFiles<br>> WINMM.dll: timeKillEvent, timeSetEvent, waveOutReset, timeEndPeriod, timeGetTime, timeBeginPeriod, timeGetDevCaps, waveOutGetDevCapsA, waveOutClose, waveOutWrite, waveOutPrepareHeader, waveOutUnprepareHeader, waveOutOpen<br><br>( 0 exports ) <br>
    packers (Kaspersky): Swf2Exe

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.11.28.2 2008.11.29 -
    AntiVir 7.9.0.36 2008.11.29 -
    Authentium 5.1.0.4 2008.11.30 -
    Avast 4.8.1281.0 2008.11.29 -
    AVG 8.0.0.199 2008.11.29 -
    BitDefender 7.2 2008.11.30 -
    CAT-QuickHeal 10.00 2008.11.29 -
    ClamAV 0.94.1 2008.11.30 -
    DrWeb 4.44.0.09170 2008.11.29 -
    eSafe 7.0.17.0 2008.11.30 -
    eTrust-Vet 31.6.6234 2008.11.28 -
    Ewido 4.0 2008.11.29 -
    F-Prot 4.4.4.56 2008.11.29 -
    F-Secure 8.0.14332.0 2008.11.30 -
    Fortinet 3.117.0.0 2008.11.30 -
    GData 19 2008.11.30 -
    Ikarus T3.1.1.45.0 2008.11.30 -
    K7AntiVirus 7.10.538 2008.11.29 -
    Kaspersky 7.0.0.125 2008.11.30 -
    McAfee 5449 2008.11.29 -
    McAfee+Artemis 5449 2008.11.29 -
    Microsoft 1.4104 2008.11.30 -
    NOD32 3651 2008.11.30 -
    Norman 5.80.02 2008.11.28 -
    Panda 9.0.0.4 2008.11.29 -
    PCTools 4.4.2.0 2008.11.29 -
    Prevx1 V2 2008.11.30 -
    Rising 21.05.62.00 2008.11.30 -
    SecureWeb-Gateway 6.7.6 2008.11.29 -
    Sophos 4.36.0 2008.11.30 -
    Sunbelt 3.1.1832.2 2008.11.27 -
    Symantec 10 2008.11.30 -
    TheHacker 6.3.1.1.169 2008.11.29 -
    TrendMicro 8.700.0.1004 2008.11.28 -
    VBA32 3.12.8.9 2008.11.29 -
    ViRobot 2008.11.29.1492 2008.11.29 -
    VirusBuster 4.5.11.0 2008.11.29 -

    Information additionnelle
    File size: 588969 bytes
    MD5...: e5ad1a080763753cf762f368b7a5bb60
    SHA1..: 1b90876b8d8d1592472e973717cf42f72d4d47b3
    SHA256: b66c8f02a62735092622296f2287fb41a903cb93a1eed0654e268fb20a62923a
    SHA512: 5a49ff1c7bef3e98ac490b56f0e8d4909a7b6f36767747e77af5835f8696834f<br>07bbb5a3ff98fbbf6f4bb40c62d12687d666d5f16e03fa834424947495b91873<br>
    ssdeep: 12288:n0/zSknQPmbFlXTPhvHA7azeJn8nl0iT00/ALdE:NqbFR9A7aCn8l0iTN/<br>r<br>
    PEiD..: Macromedia Windows Flash Projector/Player v5.0
    TrID..: File type identification<br>Macromedia Projector/Flash executable (94.0%)<br>Win32 Executable MS Visual C++ (generic) (3.1%)<br>Windows Screen Saver (1.0%)<br>Win32 Executable Generic (0.7%)<br>Win32 Dynamic Link Library (generic) (0.6%)
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40d3b0<br>timedatestamp.....: 0x399c98bd (Fri Aug 18 02:00:29 2000)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x44b2c 0x45000 6.52 99b5e638d3bbf5d9e6fa65d173fffdff<br>.rdata 0x46000 0x7c58 0x8000 5.38 ad98c90bd16d466f92f591c26e604910<br>.data 0x4e000 0x467c 0x3000 6.33 63e0565b1f308fb0ef0227c8e2f6a512<br>.data1 0x53000 0xb0 0x1000 0.27 c296d471842422764f23588df0c9cea8<br>.rsrc 0x54000 0x96d0 0xa000 3.93 255803c9a3b2f08049d92aa30789daec<br><br>( 7 imports ) <br>> KERNEL32.dll: ReadFile, GlobalAlloc, GetProcAddress, LoadLibraryA, SetErrorMode, InitializeCriticalSection, SystemTimeToFileTime, GetSystemTime, GetTimeZoneInformation, IsDBCSLeadByte, GetACP, GetCPInfo, Sleep, WaitForMultipleObjects, CreateThread, ExitThread, WinExec, CopyFileA, WriteFile, SetEndOfFile, DeleteFileA, GetVersionExA, CreateFileA, GetFileSize, SetFilePointer, CloseHandle, GlobalUnlock, GlobalLock, GetModuleFileNameA, GetCommandLineA, GetModuleHandleA, ExitProcess, lstrlenA, GetStartupInfoA, CreateProcessA, EnterCriticalSection, GlobalFree, LeaveCriticalSection, DeleteCriticalSection, QueryPerformanceCounter<br>> USER32.dll: SetTimer, GetFocus, SetCapture, ReleaseCapture, SetCursor, EndPaint, BeginPaint, MessageBoxA, DeleteMenu, ClientToScreen, TrackPopupMenu, GetCapture, GetCursorPos, WindowFromPoint, ScreenToClient, MapVirtualKeyA, CheckMenuItem, InvalidateRect, PostMessageA, GetDlgItemTextA, EnableWindow, SetDlgItemTextA, SetFocus, GetClientRect, GetMenu, SetMenu, GetDesktopWindow, MoveWindow, DialogBoxParamA, FillRect, KillTimer, EnableMenuItem, PostQuitMessage, LoadMenuA, ShowWindow, UpdateWindow, LoadIconA, LoadCursorA, RegisterClassA, LoadAcceleratorsA, GetMessageA, TranslateMessage, DispatchMessageA, TranslateAcceleratorA, GetWindow, GetWindowRect, SetWindowPos, GetWindowLongA, DefWindowProcA, IsWindow, DestroyWindow, CreateWindowExA, SetWindowLongA, DdeInitializeA, DdeCreateStringHandleA, DdeConnect, DdeClientTransaction, DdeDisconnect, DdeFreeStringHandle, DdeUninitialize, GetKeyState, EmptyClipboard, SetClipboardData, EndDialog, GetSubMenu, LoadStringA, OpenClipboard, GetClipboardData, CloseClipboard, GetDC, ReleaseDC, GetWindowTextLengthA, GetDlgItem, DestroyMenu<br>> GDI32.dll: SetPolyFillMode, StrokePath, ExtCreatePen, DeleteObject, SelectObject, StretchDIBits, SetDIBitsToDevice, GdiFlush, CreateCompatibleBitmap, DeleteDC, CreateDIBSection, GetDeviceCaps, EndPath, CreateCompatibleDC, BitBlt, EnumFontFamiliesA, ExtTextOutA, SetBkColor, GetBkColor, SetTextAlign, SetBkMode, SetTextColor, SelectClipRgn, LineTo, MoveToEx, CreatePen, GetTextExtentPoint32A, GetTextMetricsA, GetTextAlign, GetBkMode, GetTextColor, IntersectClipRect, GetClipRgn, CreateRectRgn, CreateFontIndirectA, DPtoLP, GetObjectA, RealizePalette, StartDocA, LPtoDP, StartPage, EndPage, EndDoc, BeginPath, CreatePalette, SelectPalette, GetSystemPaletteEntries, FillPath, SelectClipPath, PolyBezierTo, GetClipBox, SaveDC, RestoreDC, CreateSolidBrush<br>> comdlg32.dll: GetSaveFileNameA, GetOpenFileNameA, PrintDlgA<br>> ADVAPI32.dll: RegSetValueA, RegCreateKeyA, RegQueryValueExA, RegCloseKey, RegQueryValueA, RegOpenKeyExA, RegSetValueExA<br>> SHELL32.dll: DragQueryFileA, DragAcceptFiles<br>> WINMM.dll: timeKillEvent, timeSetEvent, waveOutReset, timeEndPeriod, timeGetTime, timeBeginPeriod, timeGetDevCaps, waveOutGetDevCapsA, waveOutClose, waveOutWrite, waveOutPrepareHeader, waveOutUnprepareHeader, waveOutOpen<br><br>( 0 exports ) <br>
    packers (Kaspersky): Swf2Exe

    Et le r
    30 Novembre 2008 16:05:46

    Re,

    Re,

    Enfin après 2h et demi de scan :
    Résultat : Aucun element nuisible détecté : (j'espère que cette fois c'est la bonne!!!)

    Et voici le rapport Malwarebytes :

    Malwarebytes' Anti-Malware 1.30
    Version de la base de données: 1437
    Windows 5.1.2600 Service Pack 2

    30/11/2008 15:41:13
    mbam-log-2008-11-30 (15-41-13).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 227922
    Temps écoulé: 2 hour(s), 34 minute(s), 41 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)



    Encore Merci...
    30 Novembre 2008 17:05:53

    Re,

    Poste un nouveau rapport HijackThis :) 

    J'ai des doutes sur des fichiers ... (PinkFloyd)

    Upload :

    Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
    - Coche Afficher les fichiers et dossiers cachés
    - Décoche Masquer les extensions des fichiers dont le type est connu
    - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
    clique sur Appliquer, puis OK.

    N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

    Je vais te demander d'uploader un ou plusieurs fichier(s)/dossier(s) aux développeurs, ceci dans le but d'améliorer les outils :) 

    Peux-tu chercher ce(s) fichier(s) : c:\windows\Pink Floyd.exe, c:\windows\Pink Floyd.scr , c:\windows\Pink Floyd.dll , c:\windows\Pink Floyd.dat
    et envoyer à cette (ces) adresse(s) : http://secubox.gateweb.org/mad.php
    30 Novembre 2008 18:45:06

    Re,

    C'est bizarre dès que je lance HijackThis pour la première fois j'ai un message me demandent d'envoyer le rapport d'erreur (j'ai eu le même message la fois passée), je clique non et la suite se passe normalement, je l'ai relancé encore deux fois et là je ne reçoit plus de message il scan directement etc

    Encore une chose le rapport HijackThis s'affiche dans SAS (Logiciel installé sur mon PC) BIZARRE!!!

    Enfin voici le rapport HijackThis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:24:31, on 30/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\drivers\inf\svchost.exe
    C:\WINDOWS\system32\drivers\inf\svchost.exe
    C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
    C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\oracle\ora92\bin\agntsrvc.exe
    C:\oracle\ora92\Apache\Apache\apache.exe
    C:\WINDOWS\system32\cmd.exe
    C:\oracle\ora92\BIN\TNSLSNR.exe
    C:\oracle\ora92\bin\dbsnmp.exe
    c:\oracle\ora92\bin\ORACLE.EXE
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\oracle\ora92\Apache\Apache\apache.exe
    C:\oracle\ora92\jdk\bin\java.exe
    C:\oracle\ora92\jdk\bin\java.exe
    c:\oracle\ora92\bin\isqlplus
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
    O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/229?2237dd14d4c04700b56d3597d73310a8
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/230?2237dd14d4c04700b56d3597d73310a8
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Windows Support (KAV) - ClassicsExperience - C:\WINDOWS\system32\drivers\inf\svchost.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
    O23 - Service: OracleOraHome92Agent - Oracle Corporation - C:\oracle\ora92\bin\agntsrvc.exe
    O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
    O23 - Service: OracleOraHome92HTTPServer - Unknown owner - C:\oracle\ora92\Apache\Apache\apache.exe
    O23 - Service: OracleOraHome92PagingServer - Unknown owner - C:\oracle\ora92/bin/pagntsrv.exe
    O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - C:\oracle\ora92\BIN\ENCSVC.EXE
    O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - C:\oracle\ora92\BIN\AGNTSVC.EXE
    O23 - Service: OracleOraHome92TNSListener - Unknown owner - C:\oracle\ora92\BIN\TNSLSNR.exe
    O23 - Service: OracleServiceBDAGH - Oracle Corporation - c:\oracle\ora92\bin\ORACLE.EXE
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/AGH/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

    --
    End of file - 9939 bytes


    enfin
    1 Décembre 2008 17:53:08

    Re,

    1) Télécharge et exécute le Norton Removal Tool.
    Ce produit va désinstaller la majorité des traces des produits Symantec.

    2) Relance Hijackthis (clique droit -> lancer en tant qu'adminstrateur sous Vista), do a system scan only, coche ces lignes (si toujours présentes) :
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O24 - Desktop Component 0: (no name) - file:///CDOCUME~1/AGH/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

    Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
    Puis Fix Checked !

    3) Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
    - Décoche Masquer les extensions des fichiers dont le type est connu
    clique sur Appliquer, puis OK.

    Sélectionne l’intégralité du cadre ci-dessous (espaces compris) :
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="www.google.fr"


    Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Enregistre le sous sur ton Bureau sous le nom de Correction.reg
    Double-clique dessus, accepte l’inscription des données.

    4) Renomme tous ces fichiers avec l'extension .BAK :

    c:\windows\Pink Floyd.exe, c:\windows\Pink Floyd.scr , c:\windows\Pink Floyd.dll , c:\windows\Pink Floyd.dat



    Comment se porte ton PC ?
    1 Décembre 2008 19:29:25

    Re,

    j'ai fait ce que tu m'a demandé, le seul changement que je remarque est que l'image de fond d'écran a disparu!!! (devenu noir)
    sinon mon PC fonctionne normalement (comme avant cette manipulation)!
    est ce que tu veux plus détail sur quelque chose en particulier?

    Thanks...
    2 Décembre 2008 17:59:53

    Re,

    Je crois que mon PC rame un peu finalement!!!
    qu'en penses-tu?
    2 Décembre 2008 19:07:03

    Re,

    Pour moi, c'est clean.
    C'est toi qui avais mis le fond d'écran ? Tu veux le remettre ?
    3 Décembre 2008 14:48:45

    Re,

    Au fait pour le fond d'écran c'était une fausse alerte! l'image est revenue après redémarrage (c'est une image que j'ai dans mon bureau depuis un certain temps déjà!)
    Là mon PC se porte bien, quand j'ai dis qu'il ramait un peu je crois que c'était finalement dû a mon nouvel antivirus (Antivir).

    Concernant les fichiers PinkFloyd devrais-je les supprimer ?
    Devrais-je réinstaller les produits Symantec. Etc...
    Merci...
    4 Décembre 2008 19:05:00

    Re,

    On va voir :) 

    Poste un nouveau rapport HijackThis ;) 
    5 Décembre 2008 00:56:10

    Bonsoir,

    Voici le rapport HijackThis :


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:49:47, on 05/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\drivers\inf\svchost.exe
    C:\WINDOWS\system32\drivers\inf\svchost.exe
    C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
    C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\oracle\ora92\bin\omtsreco.exe
    C:\oracle\ora92\bin\agntsrvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\oracle\ora92\Apache\Apache\apache.exe
    C:\WINDOWS\system32\cmd.exe
    C:\oracle\ora92\BIN\TNSLSNR.exe
    C:\oracle\ora92\bin\dbsnmp.exe
    c:\oracle\ora92\bin\ORACLE.EXE
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\oracle\ora92\Apache\Apache\apache.exe
    C:\oracle\ora92\jdk\bin\java.exe
    C:\oracle\ora92\jdk\bin\java.exe
    c:\oracle\ora92\bin\isqlplus
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
    O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/229?2237dd14d4c04700b56d3597d73310a8
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/230?2237dd14d4c04700b56d3597d73310a8
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Windows Support (KAV) - ClassicsExperience - C:\WINDOWS\system32\drivers\inf\svchost.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
    O23 - Service: OracleOraHome92Agent - Oracle Corporation - C:\oracle\ora92\bin\agntsrvc.exe
    O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
    O23 - Service: OracleOraHome92HTTPServer - Unknown owner - C:\oracle\ora92\Apache\Apache\apache.exe
    O23 - Service: OracleOraHome92PagingServer - Unknown owner - C:\oracle\ora92/bin/pagntsrv.exe
    O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - C:\oracle\ora92\BIN\ENCSVC.EXE
    O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - C:\oracle\ora92\BIN\AGNTSVC.EXE
    O23 - Service: OracleOraHome92TNSListener - Unknown owner - C:\oracle\ora92\BIN\TNSLSNR.exe
    O23 - Service: OracleServiceBDAGH - Oracle Corporation - c:\oracle\ora92\bin\ORACLE.EXE
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 9637 bytes
    5 Décembre 2008 17:40:30

    Re,

    Depuis hier ma connexion internet est vraiment lente, je n'arrive pas à regarder des vidéos en ligne sans coupure toutes les 2 secondes, je ne sais pas est ce que c'est dû à mon opérateur ou à un virus j'ai portant rebouté mon modem ,j'ai fait un scan avec Antivir et il a encore détecté des virus et des Bagle.
    Je ne sais pas quel est ton avis sur le rapport HijackThis d'hier?

    Je t'envois le rapport d'Antivir :



    Avira AntiVir Personal
    Report file date: vendredi 5 décembre 2008 15:50

    Scanning for 1071567 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: AGHILES

    Version information:
    BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
    AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:26
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
    ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 16:57:13
    ANTIVIR2.VDF : 7.1.0.160 571392 Bytes 30/11/2008 17:13:42
    ANTIVIR3.VDF : 7.1.0.183 162304 Bytes 03/12/2008 17:39:24
    Engineversion : 8.2.0.36
    AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56
    AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/11/2008 14:00:07
    AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41
    AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
    AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 09:41:39
    AEOFFICE.DLL : 8.1.0.30 196986 Bytes 07/11/2008 15:06:41
    AEHEUR.DLL : 8.1.0.71 1487222 Bytes 07/11/2008 15:06:41
    AEHELP.DLL : 8.1.2.0 119159 Bytes 29/11/2008 17:03:06
    AEGEN.DLL : 8.1.1.6 323955 Bytes 29/11/2008 17:03:05
    AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
    AECORE.DLL : 8.1.5.2 172405 Bytes 29/11/2008 17:03:05
    AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: vendredi 5 décembre 2008 15:50

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'soffice.bin' - '1' Module(s) have been scanned
    Scan process 'dllhost.exe' - '1' Module(s) have been scanned
    Scan process 'soffice.exe' - '1' Module(s) have been scanned
    Scan process 'sqlmangr.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'isqlplus' - '1' Module(s) have been scanned
    Scan process 'java.exe' - '1' Module(s) have been scanned
    Scan process 'java.exe' - '1' Module(s) have been scanned
    Scan process 'Apache.exe' - '1' Module(s) have been scanned
    Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
    Scan process 'X10nets.exe' - '1' Module(s) have been scanned
    Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
    Scan process 'TAPPSRV.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'oracle.exe' - '1' Module(s) have been scanned
    Scan process 'dbsnmp.exe' - '1' Module(s) have been scanned
    Scan process 'TNSLSNR.EXE' - '1' Module(s) have been scanned
    Scan process 'cmd.exe' - '1' Module(s) have been scanned
    Scan process 'Apache.exe' - '1' Module(s) have been scanned
    Scan process 'agntsrvc.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'msmdsrv.exe' - '1' Module(s) have been scanned
    Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ehSched.exe' - '1' Module(s) have been scanned
    Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
    Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'msdtc.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
    Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    56 processes with 56 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '55' files ).


    Starting the file scan:

    Begin scan in 'C:'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\data.oct.vir
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49ad4d91.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\3D Ghost Manor Screensaver Mac OS 8 and 9 1.3.zip.vir
    [0] Archive type: ZIP
    --> install_crack.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49594d88.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\3D Summer Butterflies 3.5.zip.vir
    [0] Archive type: ZIP
    --> key_gen.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49594d91.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Active_Media_Eclipse_4.1_Key+Serial.zip.vir
    [0] Archive type: ZIP
    --> crac.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49ad4db5.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\AidProject M+E 06.09.01.zip.vir
    [0] Archive type: ZIP
    --> setup.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '499d4dbf.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\AIM_6.2.32.1_Beta.zip.vir
    [0] Archive type: ZIP
    --> key_generator.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49864da2.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\AKS_Dup_Finder_1.0.zip.vir
    [0] Archive type: ZIP
    --> install_patch.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '498c4dab.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Alchameze GrabPic 1.0.zip.vir
    [0] Archive type: ZIP
    --> keygen.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '499c4dd4.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\All_To_MP3_Converter_2.0.zip.vir
    [0] Archive type: ZIP
    --> setup.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a54ddf.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\ALO_Audio_Editor_2007_3.1.27.zip.vir
    [0] Archive type: ZIP
    --> patch.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49884dc4.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\ANASIL_Network_Analyzer_2.2_(Key).zip.vir
    [0] Archive type: ZIP
    --> install.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '497a4dcc.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Anonymous_Surfing_2.0.4_Crack.zip.vir
    [0] Archive type: ZIP
    --> install.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a84df3.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Astrology.com_LoveScope_1.0.zip.vir
    [0] Archive type: ZIP
    --> crac.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49ad4dff.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Austria Traffic Cameras 1.0.zip.vir
    [0] Archive type: ZIP
    --> setup.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49ac4e07.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\AutoSiteGallery 1.6.zip.vir
    [0] Archive type: ZIP
    --> serial.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49ad4e0c.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Auto_Reboot_Remover_1.0.zip.vir
    [0] Archive type: ZIP
    --> key_gen.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49ad4e0f.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\AVG.Anti-Virus.v7.1.371.Incl.Keygen-SSG.zip.vir
    [0] Archive type: ZIP
    --> setup.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49804df4.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Awady_EasyTrial_1.zip.vir
    [0] Archive type: ZIP
    --> key_generator.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '499a4e19.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Aye Text to MP3 3.0.zip.vir
    [0] Archive type: ZIP
    --> setup.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '499e4e20.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\A_Smaller_Image_3.1.zip.vir
    [0] Archive type: ZIP
    --> run.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '498c4e0a.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\BabyaCAD_1.0.zip.vir
    [0] Archive type: ZIP
    --> key_generator.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '499b4e12.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\BodyTrans_2.1.4.zip.vir
    [0] Archive type: ZIP
    --> key_gen.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '499d4e23.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\BootMaster_Partition_Recovery_PLUS_4.01.zip.vir
    [0] Archive type: ZIP
    --> patch.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a84e26.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Brushes_Pack_1_-_WavyLines_for_Illustrator_1.0_[Crack].zip.vir
    [0] Archive type: ZIP
    --> install.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49ae4e31.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Buy Estate toolbar for IE 4.5.134.0.zip.vir
    [0] Archive type: ZIP
    --> patch.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49b24e39.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\CeExplorer_(CE_Palmtop)_1.2.zip.vir
    [0] Archive type: ZIP
    --> key_generator.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '497e4e2d.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Cinematheca 1.0.zip.vir
    [0] Archive type: ZIP
    --> run.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a74e35.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\CMB_Audio_Player_2.0.0_(Patch).zip.vir
    [0] Archive type: ZIP
    --> crac.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '497b4e1e.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\CodeThatScroller 1.2.6.zip.vir
    [0] Archive type: ZIP
    --> keygen.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '499d4e45.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Connection Manager 3.2.zip.vir
    [0] Archive type: ZIP
    --> install.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a74e48.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\ContactSafe 1.0.zip.vir
    [0] Archive type: ZIP
    --> key_gen.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a74e4a.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Cool_Video_Converter_5.3.zip.vir
    [0] Archive type: ZIP
    --> key_gen.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a84e4e.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Coupon Craze - Coupon Notifier 1.6.zip.vir
    [0] Archive type: ZIP
    --> serial.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49ae4e51.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Cyber Cafe Administrator 1.1.zip.vir
    [0] Archive type: ZIP
    --> patch.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '499b4e5f.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Date Reminder 3.0 [Key+Serial].zip.vir
    [0] Archive type: ZIP
    --> install.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49ad4e4c.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\DeepAnalysis_1.10.14.zip.vir
    [0] Archive type: ZIP
    --> install_patch.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '499e4e55.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\DEKSI SmartCheck 2.0 [Serial].zip.vir
    [0] Archive type: ZIP
    --> install_crack.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49844e39.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\DIN Settings Calculator 1.1.zip.vir
    [0] Archive type: ZIP
    --> install_patch.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49874e41.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\DS_Applets_2.28_(Patch).zip.vir
    [0] Archive type: ZIP
    --> key_gen.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49984e4e.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\DVDXStudio 1.0.zip.vir
    [0] Archive type: ZIP
    --> setup.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '497d4e57.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\DVD_and_CD_Designer_5.0.3.zip.vir
    [0] Archive type: ZIP
    --> install.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '497d4e5a.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\DWG_DXF_Convert_Command_Line_1.3.1.zip.vir
    [0] Archive type: ZIP
    --> keygen.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49804e5f.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\dwpMaster_2.5.zip.vir
    [0] Archive type: ZIP
    --> keygen.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a94e82.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Easiestutils DVD to iPhone converter 4.9.0.65.zip.vir
    [0] Archive type: ZIP
    --> setup.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49ac4e71.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\EmailUnlimited 7.5.20.zip.vir
    [0] Archive type: ZIP
    --> crac.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '499a4e7f.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\EMCO Acrobat Reader Deploy 6.x.zip.vir
    [0] Archive type: ZIP
    --> setup.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '497c4e62.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\ePlum_OfficeCapture_2.1.0_[Cracked].zip.vir
    [0] Archive type: ZIP
    --> run.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a54e69.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\eSTOP_3.30_(Cracked).zip.vir
    [0] Archive type: ZIP
    --> crac.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '498d4e6f.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\EZ_Backup_Excel_Basic_4.7_[Serial].zip.vir
    [0] Archive type: ZIP
    --> install.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49984e7b.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\EZ_Outlook_Backup_Premium_3.zip.vir
    [0] Archive type: ZIP
    --> patch.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49984e7e.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\febooti_ieZoom_toolbar_1.4_[Cracked].zip.vir
    [0] Archive type: ZIP
    --> key_gen.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '499b4e8b.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\File Spliter 1.0.0.8.zip.vir
    [0] Archive type: ZIP
    --> keygen.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a54e93.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\FileTouch.zip.vir
    [0] Archive type: ZIP
    --> run.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a54e96.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Fileusage_2.zip.vir
    [0] Archive type: ZIP
    --> keygen.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a54e98.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Flamenco 1.0.zip.vir
    [0] Archive type: ZIP
    --> install_patch.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '499a4e9d.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Flickr Watchr 1.3.zip.vir
    [0] Archive type: ZIP
    --> keygen.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a24ea4.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Form 1099-S Proceeds from Real Estate Transactions 1.01.zip.vir
    [0] Archive type: ZIP
    --> setup.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49ab4eab.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Fuzzy System Component 1.0.zip.vir
    [0] Archive type: ZIP
    --> install_patch.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49b34eb4.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Garden_Flash_Template_1.0_build_2006.07.27_[Serial].zip.vir
    [0] Archive type: ZIP
    --> keygen.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49ab4ea3.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Geo_Data_International_Admin_(English)_2.01.zip.vir
    [0] Archive type: ZIP
    --> serial.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a84eab.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Ghost_Navigator_2.6.2.zip.vir
    [0] Archive type: ZIP
    --> install.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a84eb2.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Go_Game_Skill_of_Endgame_for_Symbian_UIQ_1.1.zip.vir
    [0] Archive type: ZIP
    --> key_gen.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49984ebd.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Great Artist - Nudes 1.1.zip.vir
    [0] Archive type: ZIP
    --> install.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '499e4ec9.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\GSA Image Analyser 3.1.0.zip.vir
    [0] Archive type: ZIP
    --> crac.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '497a4ead.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Handy_Submit_1.1.zip.vir
    [0] Archive type: ZIP
    --> key_generator.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a74ec0.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\HelpScribble 7.7.2.zip.vir
    [0] Archive type: ZIP
    --> crac.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a54ec7.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\HKSafeForm_1.5.zip.vir
    [0] Archive type: ZIP
    --> setup.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '498c4eb0.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Hotbabe Chess 1.2.zip.vir
    [0] Archive type: ZIP
    --> install_crack.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49ad4edd.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\HPGL_Import_for_SolidWorks_1.0.zip.vir
    [0] Archive type: ZIP
    --> keygen.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49804ec1.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Incoming_demo.zip.vir
    [0] Archive type: ZIP
    --> install_patch.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '499c4ee2.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\IsItUp Network Monitor 6.24.zip.vir
    [0] Archive type: ZIP
    --> run.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49824eea.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\JexePack_5.6a.zip.vir
    [0] Archive type: ZIP
    --> serial.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49b14ee0.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\JiniBong_2.7.zip.vir
    [0] Archive type: ZIP
    --> crac.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a74ee6.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Kensington_MouseWorks_5.5.zip.vir
    [0] Archive type: ZIP
    --> run.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '4823f727.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\KnowledgeMiner_5.1.1.zip.vir
    [0] Archive type: ZIP
    --> install_patch.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a84ef1.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Las_Vegas_Hotel_Interiors_Screensaver_1.0_With_Crack.zip.vir
    [0] Archive type: ZIP
    --> crac.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49ac4ee7.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\LingvoSoft_Suite_2007_English_-_Hungarian_2.0.23.zip.vir
    [0] Archive type: ZIP
    --> setup.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a74efb.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\LingvoSoft_Talking_Picture_Dictionary_2007_French_-_Polish_1.1.18.zip.vir
    [0] Archive type: ZIP
    --> keygen.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a74f02.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\LuckyZoom_1.0_Key+Serial.zip.vir
    [0] Archive type: ZIP
    --> install.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '499c4f10.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Mark Twain's Quotes 2.1.zip.vir
    [0] Archive type: ZIP
    --> install_crack.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49ab4eff.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\MB Free Learn Tarot Software 1.85.zip.vir
    [0] Archive type: ZIP
    --> serial.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49594ee3.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Media_Universe_R3.23.zip.vir
    [0] Archive type: ZIP
    --> install.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '499d4f08.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\MindTouch_Deki_1.7.zip.vir
    [0] Archive type: ZIP
    --> keygen.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a74f0e.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Mobile AMR converter 1.5.0.zip.vir
    [0] Archive type: ZIP
    --> key_gen.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '499b4f19.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\MovieTrack_3.4.1.zip.vir
    [0] Archive type: ZIP
    --> install.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49af4f1c.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\nBinder 5.5.1.0.zip.vir
    [0] Archive type: ZIP
    --> install_crack.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a24ef1.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\netcrafttoolbar 1.1.1.8.zip.vir
    [0] Archive type: ZIP
    --> patch.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49ad4f16.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\NetTools_2.6.3.zip.vir
    [0] Archive type: ZIP
    --> install_patch.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49ad4f19.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Network_Security_Protector_1.6.zip.vir
    [0] Archive type: ZIP
    --> install_crack.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49ad4f1b.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Nimbuzz 0.13.14.zip.vir
    [0] Archive type: ZIP
    --> install_patch.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a64f22.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Normit_1.0.0.47.zip.vir
    [0] Archive type: ZIP
    --> install.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49ab4f2a.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\novaPDF_Std_4.2_build_187.zip.vir
    [0] Archive type: ZIP
    --> keygen.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49af4f2d.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\OX IE Cache 1.10.zip.vir
    [0] Archive type: ZIP
    --> install_patch.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49594f18.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Ozon_1.0_[Cracked].zip.vir
    [0] Archive type: ZIP
    --> patch.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a84f3d.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Painless Schedule 2.0.29.103.zip.vir
    [0] Archive type: ZIP
    --> crac.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a24f26.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Parental_Advisor_1.0.zip.vir
    [0] Archive type: ZIP
    --> crac.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '482ff6eb.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\PCMesh_Anonymous_Web_Surfing_5.3.0.0_(Patch).zip.vir
    [0] Archive type: ZIP
    --> serial.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49864f0e.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\pdf-Office 6.0.2 Crack.zip.vir
    [0] Archive type: ZIP
    --> install_crack.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '499f4f31.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Pivot Stickfigure Animator 2.2.5.zip.vir
    [0] Archive type: ZIP
    --> setup.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49af4f39.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\PlumSaver 1.0.zip.vir
    [0] Archive type: ZIP
    --> key_generator.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49ae4f3e.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Port_Monitor_ActiveX_Component_1.5.zip.vir
    [0] Archive type: ZIP
    --> crac.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49ab4f43.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\PostgreSQL Sybase ASE Import, Export & Convert Software 7.0.zip.vir
    [0] Archive type: ZIP
    --> key_gen.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49ac4f45.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Pwd-Gen 1.3.zip.vir
    [0] Archive type: ZIP
    --> patch.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '499d4f4f.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Quake_III_Arena_Rocket_Arena_3_v1.76_Patch.zip.vir
    [0] Archive type: ZIP
    --> key_gen.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '499a4f4f.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\RC_Localize_5.5_[KeyGen].zip.vir
    [0] Archive type: ZIP
    --> serial.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49984f1e.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Realtime Landscaping Pro 2.03.zip.vir
    [0] Archive type: ZIP
    --> key_generator.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '499a4f43.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\RegFind 1.0.20.zip.vir
    [0] Archive type: ZIP
    --> keygen.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a04f45.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Rent Calculator Plus! 04 (KeyGen).zip.vir
    [0] Archive type: ZIP
    --> patch.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a74f47.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\RTG Conflicts 1.02.zip.vir
    [0] Archive type: ZIP
    --> install_patch.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49804f38.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Rubik's Cube 2.2.zip.vir
    [0] Archive type: ZIP
    --> run.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '499b4f5c.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Screen_Shot_Engine_1.0.zip.vir
    [0] Archive type: ZIP
    --> patch.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49ab4f4c.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\ShellBrowser_.Net_Edition_1.0_(With_Crack).zip.vir
    [0] Archive type: ZIP
    --> run.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '499e4f53.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Shopping_fun_toolbar_for_IE_4.5.129.0.zip.vir
    [0] Archive type: ZIP
    --> key_generator.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a84f55.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\SIMAGIS_2.0.zip.vir
    [0] Archive type: ZIP
    --> key_gen.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49864f38.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\SmarterStats 3.1.2357.zip.vir
    [0] Archive type: ZIP
    --> key_generator.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '499a4f5e.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Source_Replicator_1.0.zip.vir
    [0] Archive type: ZIP
    --> keygen.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49ae4f62.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Space_Combat_1.zip.vir
    [0] Archive type: ZIP
    --> install_patch.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '499a4f65.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Stored_Procedure_Generator_pro_1.0_Serial.zip.vir
    [0] Archive type: ZIP
    --> setup.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a84f6b.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Strike Drive 1.0.zip.vir
    [0] Archive type: ZIP
    --> install.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49ab4f6d.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Superman Returns Screensaver.zip.vir
    [0] Archive type: ZIP
    --> setup.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a94f6f.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Table2CSS Converter 2.4.1.zip.vir
    [0] Archive type: ZIP
    --> run.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '499b4f5f.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Text_Handler_2.2_(KeyGen).zip.vir
    [0] Archive type: ZIP
    --> serial.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49b14f65.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\The Hat 2.3.zip.vir
    [0] Archive type: ZIP
    --> key_generator.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '499e4f6a.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\TimeTool_3.3.3.zip.vir
    [0] Archive type: ZIP
    --> install.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a64f6c.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\TitleFix_1.1.zip.vir
    [0] Archive type: ZIP
    --> install_crack.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49ad4f6e.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\UltraPlayer_Media_Player_2.112.zip.vir
    [0] Archive type: ZIP
    --> install.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49ad4f73.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Urban_Celebration_1.0.zip.vir
    [0] Archive type: ZIP
    --> setup.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '499b4f7c.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\VolTimer_1.zip.vir
    [0] Archive type: ZIP
    --> install_crack.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49a54f7b.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Wifi-Owl (Bundle) 2.2.0.14593.zip.vir
    [0] Archive type: ZIP
    --> serial.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '499f4f76.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\AGH\Application Data\m\shared\Word_Viewer_ActiveX_Control_3.2_[Key].zip.vir
    [0] Archive type: ZIP
    --> key_gen.exe
    [DETECTION] Is the TR/Dldr.Bagle.agv Trojan
    [NOTE] The file was moved to '49ab4f7e.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\244859.exe.vir
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was moved to '496d4f4e.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\249765.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was moved to '49724f56.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\274796.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was moved to '496d4f5d.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\275140.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was moved to '496e4f5f.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\279906.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was moved to '49724f61.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\280937.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was moved to '49694f64.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\283437.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was moved to '496c4f67.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\287578.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was moved to '49704f68.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\294531.exe.vir
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was moved to '496d4f6c.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\301484.exe.vir
    [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
    [NOTE] The file was moved to '496a4f65.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\311062.exe.vir
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE] The file was moved to '496a4f69.qua'!


    End of the scan: vendredi 5 décembre 2008 17:13
    Used time: 1:22:30 Hour(s)

    The scan has been done completely.

    20170 Scanning directories
    1338050 Files were scanned
    141 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    141 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    1337907 Files not concerned
    12507 Archives were scanned
    2 Warnings
    141 Notes



    6 Décembre 2008 10:48:44

    Re,

    Tout ce qu'a trouvé AntiVir est dans la quarantaine de ComboFix donc déjà éliminé.

    Tes logs sont propres.

    Garde AntiVir et ne réinstalle pas les produits Symantec, en revanche, tu peux faire ceci :

    Installe un parefeu :
    Je t'en propose plusieurs (à toi d'en choisir un !) :

  • Sygate
  • Oupost
  • Kerio
  • Zone Alarm, etc ....

    Désactive le parefeu de Windows après avoir installé un nouveau parefeu.

    Aide : Comment désactiver le parefeu de Windows..

    -----------

    Prévention :

    - Nettoyage des fichiers temporaires :

    Télécharge Ccleaner sur ton Bureau.

  • Clique sur "download the latest version"
  • Installe-le en laissant seulement les options suivantes cochées :
    - Ajouter un raccourci sur le Bureau
    - Contrôler automatiquement les mises à jour de CCleaner
  • Lance le Nettoyage
  • Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.

    Aide : Comment utiliser CCleaner.


    Telecharge ATFcleaner sur ton Bureau.

  • Double-clique sur l'exécutable téléchargé.
  • Dans l'onglet Main, coche simplement la case Select All (toutes les cases vont se cocher) puis sur le bouton Empty Selected.
  • Si tu possèdes Firefox ou Opera comme navigateur, pense à choisir ton navigateur en haut a gauche avant de sélectionner Select All puis Empty Selected.
  • Puis réponds Non au message qui s'affiche, si tu ne souhaites pas perdre tes mots de passe.

    Aide : Comment utiliser AFTCleaner.

    -- Restauration Système :

    Désactive-Réactive la restauration système.

    Méthode XP :
    Clique sur Démarrer, fais un clique droit sur le Poste de travail puis clique sur Propiétés. Sélectionne l'onglet Restauration du Système.
    Dans cet onglet, coche la case Désactiver la Restauration du système sur tous les lecteurs.
    Un message de confirmation va apparaître. Clique sur Oui, puis OK. Fais redémarrer ton ordinateur pour que les changements soient bien pris en compte.
    Pour réactiver la restauration système, il suffit de décocher cette même case et de faire redémarrer ton ordinateur (en ayant suivi les mêmes étapes).

    Méthode Vista :
    Clique sur Démarrer, fais un clique droit sur Ordinateur, puis clique sur Propriétés. Clique à gauche sur Paramètres système avancés. Sélectionne l'onglet Protection du Système.
    Dans cet onglet, décoche (une par une) tes partitions, un message de confirmation va apparaître, clique sur Désactiver la protection du système, Clique sur Appliquer, puis OK.
    Fais redémarrer ton ordinateur pour que les changements soient bien pris en compte.
    Pour réactiver la restauration système, il suffit de décocher cette même case et de faire redémarrer ton ordinateur (en ayant suivi les mêmes étapes).

    Aide : Comment Désactiver-Réactiver la Restauration Système.

    --- Affichage normal des fichiers :

    Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
    - Décoche Afficher les fichiers et dossiers cachés
    - Coche Masquer les fichiers protégés du système d'exploitation (recommandé)
    clique sur Appliquer, puis OK.

    ---- Suppression des outils installés :

    Télécharge ToolsCleaner2 (de A.Rothstein)

  • Installe le sur ton Bureau.
  • Clique sur Recherche pour lancer le scan.
  • Clique sur Supprimer pour nettoyer les outils utilisés.
  • Clique sur Quitter.
  • Supprime maintenant ToolsCleaner.

    ----- Remise en place des protections, protection du système avec les Mises à Jour ! :

    Je t'invite maintenant à (ré)activer toutes tes protections résidentes (Antivirus, Antispyware, Firewall..).
    Tu dois avoir accès à tes protections dans la zone systray à côté de la barre des tâches. Si tu as des difficultés, n'hésite pas à me questionner !
    Si ce n'est pas fait, assure-toi que les Mises à jour Automatiques Windows soient activées !
    Mets tes Softwares correctement à jour (Java, Adobe, Flash ..) grâce à Sotware Inspector (chez Secunia)

    Un petit mot à propos de Java :

    Une fois la nouvelle version téléchargée, installe-la et fais redémarrer ton ordinateur.
    Hélas, les anciennes version de Java (qui contiennent des failles, donc dangereuses !) sont toujours présentes !
    C'est donc très important que tu désinstalles les anciennes versions de Java.

  • Va dans Démarrer, Panneau de Configuration, Ajout/Suppression de Programmes
  • Déinstalles toutes les versions de Java exceptée la plus récente.

    Aide : Comment utiliser Secunia Software Inspector.

    ------ Ton infection, tu la dénonces ? :

    Tu n'es pas obligé mais ce serait bien que tu rapportes ton infection sur Malware Complaints
  • Ton(tes) infection(s) : Bagle.
  • Si tu ne la trouves pas dans la liste, poste dans Autres infections.

    Aide : Comment dénoncer mon infection sur Malware Complaints.

    Je t'invite maintenant à regarder ces dossiers très instructifs en terme de prévention !

    - Sécurité/Prévention
    - Conséquences de la multi-protection
    - Toolbars : Inutilité et ralentissements

    Bonne journée/soirée :) 
    6 Décembre 2008 22:54:53

    Re,

    J'ai essayé de faire ce que tu me demandes mais ma connexion ne me permet pas de télécharger, je le fait sur un autre PC et je copie à chaque fois c'est pénible
    j'ai fait toutes les étapes mais je bloque sur la dernière celle de (Sotware Inspector) je suis arrivé à scanné mais pas à télécharger par exemple java ou flash!!!!
    ce que je ne comprend pas c'est que ce problème de connexion je ne l'avais pas avant (même quand le virus n'était pas en quarantaine)
    Si mes logs sont propres alors d'où peut bien venir ce problème?

    Merci pour ta patience
    7 Décembre 2008 10:59:42

    Re,

    Tu n'as pas accès au NET ?

    Télécharge FindyKill (Chiquitine29) sur ton Bureau.

  • Lance l'installation du programme en exécutant le fichier téléchargé.
  • Double-clique maintenant sur le raccourci de FindyKill.
  • Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
  • Poste le rapport généré dans ta prochaine réponse.


    Note : La barre des tâches et les icônes vont disparaître pendant la recherche.
    7 Décembre 2008 12:28:28

    Re,

    j'arrive à accéder mais connexion est tellement lente qu'il me faut presque 1 minute pour charger une page mais pour télécharger un outil par exemple ce n'est plus possible, on m'annonce 25 minutes et 1 heure après c'est toujours le cas!!!
    j'ai essayé chez un ami et c'est la même chose donc le problème ne vient pas de mon opérateur!!
    7 Décembre 2008 12:43:31

    Re,

    je n'arrive pas à lacer FindyKill
    j'ai un message d'erreur : (This file contains invalid data)!!!
    7 Décembre 2008 13:46:26

    Re,

    Bizarre ...

    - ~ Je ne sais pas ~ -

    Tu n'es plus infecté.

    Poste ton problème dans la catégorie Internet-Réseaux du forum :) 
    7 Décembre 2008 15:27:37

    Re,

    Ouaou... ça m'inquiète un peu!!! tu n'as plus de solutions pour moi!
    j'ai posté sur le forum Internet Réseaux
    Merci pour le temps que tu m'as consacré j'espère que mon problème sera résolu...
    8 Décembre 2008 00:36:24

    Re,

    Bizarrement en téléchargent FindyKill sur un autre PC j'arrive enfin à le lancer cette fois!!!
    Apparemment tu n'en a pas encore fini avec moi!!! Merci d'avance...

    Voici le rapport :



    ----------------- FindyKill V4.707 ------------------

    * User : AGH - AGHILES
    * Emplacement : C:\Program Files\FindyKill
    * Outils Mis a jours le 06/12/08 par Chiquitine29
    * Recherche effectuée à 0:19:08 le 08/12/2008
    * Windows XP - Internet Explorer 6.0.2900.5512

    ((((((((((((((((( *** Recherche *** ))))))))))))))))))


    --------------- [ Processus actifs ] ----------------


    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\msdtc.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\drivers\inf\svchost.exe
    C:\WINDOWS\system32\drivers\inf\svchost.exe
    C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
    C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\oracle\ora92\bin\omtsreco.exe
    C:\oracle\ora92\bin\agntsrvc.exe
    C:\oracle\ora92\Apache\Apache\apache.exe
    C:\WINDOWS\Explorer.EXE
    C:\oracle\ora92\bin\dbsnmp.exe
    C:\oracle\ora92\BIN\TNSLSNR.exe
    c:\oracle\ora92\bin\ORACLE.EXE
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\oracle\ora92\Apache\Apache\apache.exe
    C:\oracle\ora92\jdk\bin\java.exe
    C:\oracle\ora92\jdk\bin\java.exe
    c:\oracle\ora92\bin\isqlplus
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe

    --------------- [ Fichiers/Dossiers infectieux ] ----------------


    »»»» Presence des fichiers dans C:


    »»»» Presence des fichiers dans C:\WINDOWS


    »»»» Presence des fichiers dans C:\WINDOWS\Prefetch


    »»»» Presence des fichiers dans C:\WINDOWS\system32


    »»»» Presence des fichiers dans C:\WINDOWS\system32\drivers


    »»»» Presence des fichiers dans C:\Documents and Settings\AGH\Application Data


    »»»» Presence des fichiers dans C:\DOCUME~1\AGH\LOCALS~1\Temp


    »»»» Presence des fichiers dans C:\Documents and Settings\AGH\Local Settings\Temporary Internet Files\Content.IE5

    Found ! [06/08/2007 11:43] - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\7B5560BB781B40259A06350E9B643B6E_more.jpg
    Found ! [14/09/2007 07:34] - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg

    --------------- [ Registre / Startup ] ----------------

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
    MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    ccleaner="C:\Program Files\CCleaner\CCleaner.exe" /AUTO

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    CFSServ.exe=CFSServ.exe -NoClient
    avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
    Installed=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
    NoChange=1
    Installed=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
    Installed=1
    <NO NAME>=

    [HKEY_CURRENT_USER\software\local appwizard-generated applications\key_generator]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\toscdspd]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\winfilse]

    --------------- [ Registre / Clés infectieuses ] ----------------


    Found ! - HKEY_USERS\S-1-5-21-305095919-2088872888-1262905243-1005\Software\Local AppWizard-Generated Applications\winfilse
    Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winfilse

    --------------- [ Etat / Services ] ----------------



    +- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

    /!\ Ndisuio - Type de démarrage = 4

    EapHost - Type de démarrage = 3

    Ip6Fw - Type de démarrage = 3

    SharedAccess - Type de démarrage = 2

    wuauserv - Type de démarrage = 2

    wscsvc - Type de démarrage = 2



    --------------- [ Recherche dans supports amovibles] ----------------


    +- Informations :

    C: - Lecteur fixe


    +- Contenu de l'autorun : C:\autorun.inf



    +- presence des fichiers :

    Found ! [29/11/2008 20:28][drahs----] - C:\autorun.inf
    C:\autorun.inf - This folder was created by flash disinfector !


    --------------- [ Registre / Mountpoint2 ] ----------------


    -> Not found !


    ------------------- ! Fin du rapport ! --------------------

    8 Décembre 2008 16:45:32

    Re,

    Tu n'avais plus accès à Internet, non ?

    Pour les fichiers Pink Floyd, tu peux les garder, j'ai contacté le développeur et il n'a rien repéré de méchant.

    Relance FindyKill en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
    [#ff0000]! Ne ferme pas la fenêtre lors de la suppression ! [/#f]
    Un rapport sera généré, poste son contenu ici.


    Note : Un redémarrage est parfois nécessaire, FindyKill vous enverra un message si cela est nécessaire.
    8 Décembre 2008 18:31:15

    Re,

    Content de te relire! sur le forum internet et réseaux je n'ai eu aucune réponse!!
    concernant ma connexion elle est très très...très lente et impossible de telecharger un outil! je l'avais fait sur un autre PC


    Voici le rapport :



    ----------------- FindyKill V4.707 ------------------

    * User : AGH - AGHILES
    * executed from : C:\Program Files\FindyKill
    * Update on 06/12/08 par Chiquitine29
    * Start at 11:43:01 the 08/12/2008
    * Windows XP - Internet Explorer 6.0.2900.5512


    ((((((((((((((( *** deleting *** ))))))))))))))))))


    --------------- [ Active Processes ] ----------------


    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\WINDOWS\system32\logonui.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
    C:\WINDOWS\system32\msdtc.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\drivers\inf\svchost.exe
    C:\WINDOWS\system32\drivers\inf\svchost.exe
    C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
    C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\oracle\ora92\bin\omtsreco.exe
    C:\oracle\ora92\bin\agntsrvc.exe
    C:\oracle\ora92\Apache\Apache\apache.exe
    C:\oracle\ora92\BIN\TNSLSNR.exe
    C:\oracle\ora92\bin\dbsnmp.exe
    c:\oracle\ora92\bin\ORACLE.EXE
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\oracle\ora92\bin\oradim.exe
    C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\oracle\ora92\Apache\Apache\apache.exe
    C:\oracle\ora92\jdk\bin\java.exe
    C:\oracle\ora92\jdk\bin\java.exe
    c:\oracle\ora92\bin\isqlplus

    --------------- [ Infected files / folders ] ----------------


    »»»» Supression files in C:


    »»»» Supression files in C:\WINDOWS


    »»»» Supression files in C:\WINDOWS\Prefetch


    »»»» Supression files in C:\WINDOWS\system32


    »»»» Supression files in C:\WINDOWS\system32\drivers


    »»»» Supression files in C:\Documents and Settings\AGH\Application Data


    »»»» Supression files in C:\DOCUME~1\AGH\LOCALS~1\Temp


    »»»» Supression files in C:\Documents and Settings\AGH\Local Settings\Temporary Internet Files\Content.IE5

    Deleted ! - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\7B5560BB781B40259A06350E9B643B6E_more.jpg
    Deleted ! - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg

    --------------- [ Registry / Infected keys ] ----------------

    Deleted ! - HKEY_USERS\S-1-5-21-305095919-2088872888-1262905243-1005\Software\Local AppWizard-Generated Applications\winfilse

    --------------- [ States / Restarting of services ] ----------------



    +- Services : [ Auto=2 / Request=3 / Disable=4 ]

    Ndisuio - Type of startup = 3

    EapHost - Type of startup = 2

    Ip6Fw - Type of startup = 2

    SharedAccess - Type of startup = 2

    wuauserv - Type of startup = 2

    wscsvc - Type of startup = 2


    --------------- [ Cleaning removable drives ] ----------------

    +- Informations :

    C: - Lecteur fixe

    E: - Lecteur amovible


    +- deleting files :

    Not deleted !! - C:\autorun.inf

    --------------- [ Registry / Mountpoint2 ] ----------------


    -> Not found !


    --------------- [ Searching Cracks / Keygen ] ----------------



    ---------------- ! End of report ! ------------------


    9 Décembre 2008 13:33:20

    Bonjour,

    Je viens de m'apercevoir qu'en wifi ma connexion est normale, or le problème c'est que je n'ai pas le wifi chez moi :fou: !!!
    j'ai essayé de me connecté avec le câble au boulo et chez un ami et c'est pareille!, le problème vient donc du port???
    9 Décembre 2008 22:27:31

    Bonjour,

    La connexion par Ethernet ne marche pas ?
    9 Décembre 2008 22:53:10

    Re,

    Oui, je n'est pas de wifi chez moi, je me suis tjr connecté par cable et ma connexion est tjr très très lente, elle marche mais elle est lente contrairement au wifi que j'avais essayé hier au boulo!
    10 Décembre 2008 14:48:43

    Re,

    Et bien, je ne sais pas :D 

    Désolé :p 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS