Votre question

Comment me debarrasser de cheval de troie ?

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
19 Mai 2008 18:04:32

Win32:Beagle-AAW [Trj] et idem mais en rootkit Voilà les nom des coupables.

A chaque démarrage de l'ordi ils se remetttent et sont detectés par avast ?? c'est lourd avast n'arrete pas de s'allumer!!

Voilà mon rapport Hi jack

Logfile of HijackThis v1.99.1
Scan saved at 18:03:28, on 19/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\divers logiciels\hijackthis\test.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O17 - HKLM\System\CCS\Services\Tcpip\..\{2557AA90-3FEF-4D1D-8478-9BB1AA3E1A81}: NameServer = 212.27.54.252
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


Merci de m'expliquer la marche à suivre svp, je suppose des manip en mode ss echec...??
Je reviens ds 1h a peu pres...Merci bcp!

Autres pages sur : debarrasser cheval troie

19 Mai 2008 19:05:46

svp, je ne sais pas quoi faire
a b 8 Sécurité
19 Mai 2008 19:09:41

Un bonjour ?

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    Contenus similaires
    19 Mai 2008 22:07:26

    Voilà le rapport :

    ComboFix 08-05-15.3 - Administrateur 2008-05-19 21:58:23.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.323 [GMT 2:00]
    Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrateur\Application Data\m
    C:\Documents and Settings\Administrateur\Application Data\m\data.oct
    C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe
    C:\Documents and Settings\Administrateur\Application Data\m\list.oct
    C:\Documents and Settings\Administrateur\Application Data\m\shared
    C:\Documents and Settings\Administrateur\Application Data\m\shared\[ITA].-.NOD32.W98&WNT.-.2.51.26.+.FIX.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\000-639_-_Rational_Unified_Process_Practice_Exam_Questions_1.0_Patch.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\3D_Hand_Clock_4.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Advanced Password Generator 3.09.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Advent_RSS_1.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Allok_Video_to_MP4_Converter_4.2.0709.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\AnyBook_Professional_IV_-_Publishers_Business_Kit_10.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Batch Replacer for MS PowerPoint 2.4.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Bid-n-Invoice_Landlord_2.2.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\BigSpeed Voice Chat SDK 1.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\BloodPressMgr 2.7.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Bluefire 1.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\CAD Image 6.1.0.54.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Chat_Kitty_Screensaver_1.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Cisco_642-511_Exam_Crack.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\CLogFile 1.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\COMET Font 1.2.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Convert 1.0.0.1.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Cool_Find_1.16.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\CRM-Express Standard 3.20 [KeyGen].zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\CTBar_2.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Dewqs'_Junk_Mail_Spittoon_2.7.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Digital Image Tool 1.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Digital_Diary_3.5.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\DNA Counter 1.0.3.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Easy Website Blocker 1.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Easy_POS_5.28.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\eDrum_MIDI_Mapper_1.1.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Elephant Backup 1.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Email_Extractor_1.0_Key.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Excel_Compare_2.0.3.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Excellence_AVI_MPEG_WAV_WMA_To_Mp3_Converter_1.0_Serial.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Extension renamer 1.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\EZ_IE_Backup_Pro_4.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\File_Wipe_2.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\FireLite_Virus_Scanner_2.7.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\FlippingBook SWF Object 1.8.8.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\FolderTrek 1.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Football ScoreBook 2.1h.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\g3BlindTimer_2.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Generic spreadsheet Charts 1.0.1.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\GOGO Picture Viewer ActiveX Control 4.27.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Grid Imp 2.2.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\HTMLSpy 1.04.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\HyperLabel_1.0.1.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\IMAGE2PDF 1.1.1.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\iNetBau_PlotManager_5.0.9_[Key].zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Internet Password Pro 1.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\IP_SpaceMon 3.5.5.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\iPod Download 2.5.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\JpegStripper_1.3.1.13.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Kaspersky.Security.for.PDA.v5.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Leithauser Research EBook Reader - Jokes For All Occassions 1.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\LingvoSoft Dictionary 2007 English - Russian 4.0.22.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Lock My PC 4.6.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\LyricFX_-_Find_Song_Lyrics_2.5.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Macromedia_Fireworks_8.0.0.777_Cracked.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\MAPILab_Share_n_Sync_1.2.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Math Kards 1.4.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\McAfee.Active.VirusScan.SMB.Edition.[shareprovider.com].zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Metadata Analyzer 2.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Mirador_Instant_Messenger_4.0.2.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Misfit Model 3D 1.3.4.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Mojopac_1.0.2.5.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Movavi Zune Video Converter 1.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\NCTAudioStudio_ActiveX_DLL.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Network Information Requester 1.1.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Network_Monitor_Widget_1.3.1.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Nod32.Antivirus.2.51.8.Xp.Winserver2003.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Onlineeye_Pro_2.0_Beta_1.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\OTTER_1.3.26.129.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Pamela_for_Skype_-_Basic_Version_1.38a.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\PC_Shower_2007_1.0_(Key).zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\PhotoAcute_Studio_2.51.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\PhotoPlayer_6.07_Crack.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Poison_Screensaver_1.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Pol-IP 1.1.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Pop Magic 1.0.0.4.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\popStumbler_1.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\PopUpCop 2.5.0.65.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Power_Equipment_1.03.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Private Notetaker 2.1.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Pro Tools M-Powered 7.4.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Protaxis_Planet_of_Domains_1.01.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\PSP_Shuffle_1.1.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\QtiPlot_0.9_RC2_[Key].zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\QuoteDownload_1.1.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\RegCompact_Pro_0.1.8_Serial.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Robohordes_demo.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Ruler Opera Widget 0.2.4.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\SearchIt_in_Google_1.5.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Secret_Of_The_Seven_Scrolls_1.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Secure Notes Organizer 3.0.11.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\ServiceMY 1.142.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Shooting_Star_2.5.11_Crack.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\ShootIt 3.5.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Shop-Script_PRO_2.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Shorty_1.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Sketcher 2.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\SLGallery 1.2.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\SMART_School_Conduct_1.1.4_(Key+Serial).zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\SpectraScope_2.86_(Key+Serial).zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\SpyAOL_9.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Stop The Popup 4.1.0.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Symantec.AntiVirus.for.VISTA.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Tables Transformer for Excel 1.1.4.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Thanksgiving Icons 1.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\The Black Knight 1.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\The Elder Scrolls III Morrowind - Sheikizza's Daedric Armor mod.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\THnotes_1.3.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Time_Organizer_1.0_(Crack).zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\TProgressDrum_1.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\TweakMP 6.0.2600.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Unclaimed_Money_4.4.304_(KeyGen).zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\UnPowerIt_Now_1.06.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\URL_Keeper_1.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Vegas Vault 1.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\VeroCAD 3.42.268.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Visual Requirements 1.4.8 (Key).zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Web2Pic_Pro_1.2.8.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Workspace Translator 1.0.2.0.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\World of Warcraft Alliance Tossing movie.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Yahoo!_Go_for_TV_0.2.55_Beta.zip
    C:\Documents and Settings\Administrateur\Application Data\m\shared\Zero-X_Seamless_Looper_1.51.zip
    C:\Documents and Settings\Administrateur\Application Data\m\srvlist.oct
    C:\Documents and Settings\Administrateur\new.txt
    C:\WINDOWS\system32\drivers\downld
    C:\WINDOWS\system32\drivers\downld\108859.exe
    C:\WINDOWS\system32\drivers\downld\111125.exe
    C:\WINDOWS\system32\drivers\downld\116984.exe
    C:\WINDOWS\system32\drivers\downld\124843.exe
    C:\WINDOWS\system32\drivers\downld\126500.exe
    C:\WINDOWS\system32\drivers\downld\139671.exe
    C:\WINDOWS\system32\drivers\downld\162406.exe
    C:\WINDOWS\system32\drivers\downld\177843.exe
    C:\WINDOWS\system32\drivers\downld\187500.exe
    C:\WINDOWS\system32\drivers\downld\188265.exe
    C:\WINDOWS\system32\drivers\downld\199218.exe
    C:\WINDOWS\system32\drivers\downld\212171.exe
    C:\WINDOWS\system32\drivers\downld\214109.exe
    C:\WINDOWS\system32\drivers\downld\215937.exe
    C:\WINDOWS\system32\drivers\downld\226453.exe
    C:\WINDOWS\system32\drivers\downld\237484.exe
    C:\WINDOWS\system32\drivers\downld\24003812.exe
    C:\WINDOWS\system32\drivers\downld\297718.exe
    C:\WINDOWS\system32\drivers\downld\313375.exe
    C:\WINDOWS\system32\drivers\downld\334671.exe
    C:\WINDOWS\system32\drivers\downld\412953.exe
    C:\WINDOWS\system32\drivers\downld\432671.exe
    C:\WINDOWS\system32\drivers\downld\444968.exe
    C:\WINDOWS\system32\drivers\downld\57593.exe
    C:\WINDOWS\system32\drivers\downld\60109.exe
    C:\WINDOWS\system32\drivers\downld\71625.exe
    C:\WINDOWS\system32\drivers\downld\76671.exe
    C:\WINDOWS\system32\drivers\downld\78421.exe
    C:\WINDOWS\system32\drivers\downld\88484.exe
    C:\WINDOWS\system32\drivers\downld\95812.exe
    C:\WINDOWS\system32\drivers\downld\96500.exe
    C:\WINDOWS\system32\drivers\hldrrr.exe
    C:\WINDOWS\system32\drivers\mdelk.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-19 to 2008-05-19 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-05 23:26 . 2008-05-16 12:34 38 --a------ C:\WINDOWS\avisplitter.INI
    2008-04-24 10:27 . 2008-04-24 10:27 <REP> d-------- C:\Program Files\K-Lite Codec Pack

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-19 14:21 --------- d-----w C:\Program Files\eMule
    2008-05-09 10:42 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-04-24 08:22 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-04-24 08:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-09 15:07 --------- d-----w C:\Program Files\ultra pinball
    2008-04-09 13:22 --------- d-----w C:\Program Files\Panasonic
    2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
    2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
    2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-03-18 15:17 18,448 ----a-w C:\Documents and Settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
    .

    ------- Sigcheck -------

    2005-09-18 12:52 359936 dbc20c4332fe84b826530c49ae09721e C:\WINDOWS\system32\drivers\tcpip.sys

    2005-09-17 15:37 2120704 685a3d6f43e5047f733b7150a78d0eae C:\WINDOWS\explorer.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
    "DXDllRegExe"="dxdllreg.exe" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nlsf"="cmd.exe" [2004-08-04 06:54 400896 C:\WINDOWS\system32\cmd.exe]
    "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 06:37 44544]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"= 0 (0x0)
    "NoFind"= 0 (0x0)
    "NoRun"= 0 (0x0)
    "NoDesktop"= 0 (0x0)
    "NoClose"= 0 (0x0)
    "StartMenuLogOff"= 0 (0x0)
    "HideClock"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "ForceClassicControlPanel"= 0 (0x0)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "ForceClassicControlPanel"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
    "NoAutoUpdate"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"=hex(2):6c,6f,67,6f,6e,75,69,32,2e,65,78,65,00

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.SP53"= SP5X_32.DLL
    "VIDC.SP54"= SP5X_32.DLL
    "VIDC.SP55"= SP5X_32.DLL
    "VIDC.SP56"= SP5X_32.DLL
    "VIDC.SP57"= SP5X_32.DLL
    "VIDC.SP58"= SP5X_32.DLL
    "VIDC.SP59"= SP5X_32.DLL
    "VIDC.YV12"= yv12vfw.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Acrobat Speed Launcher.lnk
    backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^LUMIX Simple Viewer.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\LUMIX Simple Viewer.lnk
    backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --a------ 2003-06-25 12:24 49152 C:\Program Files\HP\HP Software Update\HPWuSchd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPpromo psc 1300 series]
    --a------ 2003-10-09 12:17 126976 C:\Program Files\HP\Digital Imaging\Promotions\HPpromo.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
    --a------ 2002-12-10 19:32 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
    --a------ 2002-12-10 19:31 61440 C:\Program Files\Logitech\ImageStudio\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
    --a------ 2002-12-10 18:54 127022 C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-01-19 13:55 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2005-06-03 04:52 36975 C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-06-10 15:21]
    R3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);C:\WINDOWS\system32\DRIVERS\LV551AV.sys [2002-06-10 15:24]
    S3 VNic;ULan Network Driver Module;C:\WINDOWS\system32\DRIVERS\VNic.sys [2003-08-20 12:09]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6182cb32-41c7-11dc-97b3-00a1b008a11e}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
    \Shell\Open(0)\command - Recycled\ctfmon.exe

    *Newly Created Service* - CATCHME
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-19 22:01:12
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-19 22:05:34
    ComboFix-quarantined-files.txt 2008-05-19 20:05:30

    Pre-Run: 3,258,171,392 octets libres
    Post-Run: 3,540,750,336 octets libres

    305


    Merci de me dire ce qu'il faut faire, je reste connecté
    20 Mai 2008 09:31:56

    Re- bonjour,
    Ce matin mon ordi me mettait une fenetre, "protection de fichiers windows" me disant qu'il faut que je mette mon CD windows service pack 2 car des fichiers DLL doivent etre copiés.......Je pense que ça sent mauvais non ?
    Apparement le fait de m'etre servis de cumbofix a du m'enlever les cheveaux de troie car avast ne les detectent plus...
    Que dois faire maintenant svp ? Mettre mon cd d'installation de wind ? ( que je n'ai plus d'ailleurs!)

    Merci d'avance
    a b 8 Sécurité
    20 Mai 2008 12:22:21

    Reposte un rapport Hijackthis, on va s'en charger ;) 
    20 Mai 2008 15:19:31

    Hop, re bonjour, voilà le rapport hi-jack:

    Logfile of HijackThis v1.99.1
    Scan saved at 15:20:46, on 20/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    E:\divers logiciels\hijackthis\test.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2557AA90-3FEF-4D1D-8478-9BB1AA3E1A81}: NameServer = 212.27.54.252
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe



    Merci d'avance
    20 Mai 2008 23:00:47

    Re,
    Alors ce fut long......mais voilà le rapport après le scan




    Avira AntiVir Personal
    Report file date: mardi 20 mai 2008 21:51

    Scanning for 1281002 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: WINXTREME

    Version information:
    BUILD.DAT : 8.1.00.296 16479 Bytes 29/04/2008 10:47:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 20/05/2008 19:50:39
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 20/05/2008 19:50:39
    LUKE.DLL : 8.1.2.9 151809 Bytes 20/05/2008 19:50:39
    LUKERES.DLL : 8.1.2.1 12033 Bytes 20/05/2008 19:50:39
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 19:50:40
    ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 19:50:40
    ANTIVIR3.VDF : 7.0.4.69 76288 Bytes 20/05/2008 19:50:40
    Engineversion : 8.1.0.46
    AEVDF.DLL : 8.1.0.5 102772 Bytes 20/05/2008 19:50:40
    AESCRIPT.DLL : 8.1.0.33 266618 Bytes 20/05/2008 19:50:40
    AESCN.DLL : 8.1.0.18 119156 Bytes 20/05/2008 19:50:40
    AERDL.DLL : 8.1.0.20 418165 Bytes 20/05/2008 19:50:40
    AEPACK.DLL : 8.1.1.5 364918 Bytes 20/05/2008 19:50:40
    AEOFFICE.DLL : 8.1.0.18 192890 Bytes 20/05/2008 19:50:40
    AEHEUR.DLL : 8.1.0.29 1253750 Bytes 20/05/2008 19:50:40
    AEHELP.DLL : 8.1.0.14 115063 Bytes 20/05/2008 19:50:40
    AEGEN.DLL : 8.1.0.21 303477 Bytes 20/05/2008 19:50:40
    AEEMU.DLL : 8.1.0.6 430451 Bytes 20/05/2008 19:50:40
    AECORE.DLL : 8.1.0.29 168311 Bytes 20/05/2008 19:50:40
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 20/05/2008 19:50:39
    AVPREF.DLL : 8.0.0.1 25857 Bytes 20/05/2008 19:50:39
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVREG.DLL : 8.0.0.0 30977 Bytes 20/05/2008 19:50:39
    AVARKT.DLL : 1.0.0.23 307457 Bytes 20/05/2008 19:50:38
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 20/05/2008 19:50:38
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 20/05/2008 19:50:39
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 20/05/2008 19:50:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 20/05/2008 19:50:39
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 20/05/2008 19:50:36
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 20/05/2008 19:50:36

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:, E:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mardi 20 mai 2008 21:51

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'daemon.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    23 processes with 23 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!
    Boot sector 'E:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '25' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\data.oct.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a737aa.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\flec006.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [NOTE] The file was moved to '489837b9.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\000-639_-_Rational_Unified_Process_Practice_Exam_Questions_1.0_Patch.zip.vir
    [0] Archive type: ZIP
    --> 000-639_-_Rational_Unified_Process_Practice_Exam_Questions_1.0_Patch.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48633780.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\3D_Hand_Clock_4.0.zip.vir
    [0] Archive type: ZIP
    --> 3D_Hand_Clock_4.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48923796.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Advanced Password Generator 3.09.zip.vir
    [0] Archive type: ZIP
    --> Advanced Password Generator 3.09.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a937b8.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Advent_RSS_1.0.zip.vir
    [0] Archive type: ZIP
    --> Advent_RSS_1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a937ba.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Allok_Video_to_MP4_Converter_4.2.0709.zip.vir
    [0] Archive type: ZIP
    --> Allok_Video_to_MP4_Converter_4.2.0709.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489f37c4.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\AnyBook_Professional_IV_-_Publishers_Business_Kit_10.zip.vir
    [0] Archive type: ZIP
    --> AnyBook_Professional_IV_-_Publishers_Business_Kit_10.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48ac37c7.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Batch Replacer for MS PowerPoint 2.4.zip.vir
    [0] Archive type: ZIP
    --> Batch Replacer for MS PowerPoint 2.4.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a737bc.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Bid-n-Invoice_Landlord_2.2.zip.vir
    [0] Archive type: ZIP
    --> Bid-n-Invoice_Landlord_2.2.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489737c8.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\BigSpeed Voice Chat SDK 1.0.zip.vir
    [0] Archive type: ZIP
    --> BigSpeed Voice Chat SDK 1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489a37c8.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\BloodPressMgr 2.7.zip.vir
    [0] Archive type: ZIP
    --> BloodPressMgr 2.7.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a237cc.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Bluefire 1.0.zip.vir
    [0] Archive type: ZIP
    --> Bluefire 1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a837cc.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\CAD Image 6.1.0.54.zip.vir
    [0] Archive type: ZIP
    --> CAD Image 6.1.0.54.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '487737a2.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Chat_Kitty_Screensaver_1.0.zip.vir
    [0] Archive type: ZIP
    --> Chat_Kitty_Screensaver_1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489437c9.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Cisco_642-511_Exam_Crack.zip.vir
    [0] Archive type: ZIP
    --> Cisco_642-511_Exam_Crack.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a637cb.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\CLogFile 1.0.zip.vir
    [0] Archive type: ZIP
    --> CLogFile 1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a237ae.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\COMET Font 1.2.zip.vir
    [0] Archive type: ZIP
    --> COMET Font 1.2.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '488037b2.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Convert 1.0.0.1.zip.vir
    [0] Archive type: ZIP
    --> Convert 1.0.0.1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a137d2.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Cool_Find_1.16.zip.vir
    [0] Archive type: ZIP
    --> Cool_Find_1.16.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a237d3.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\CRM-Express Standard 3.20 [KeyGen].zip.vir
    [0] Archive type: ZIP
    --> CRM-Express Standard 3.20 [KeyGen].exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '488037b6.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\CTBar_2.0.zip.vir
    [0] Archive type: ZIP
    --> CTBar_2.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '487537b9.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Dewqs'_Junk_Mail_Spittoon_2.7.zip.vir
    [0] Archive type: ZIP
    --> Dewqs'_Junk_Mail_Spittoon_2.7.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48aa37ca.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Digital Image Tool 1.0.zip.vir
    [0] Archive type: ZIP
    --> Digital Image Tool 1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489a37cf.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Digital_Diary_3.5.zip.vir
    [0] Archive type: ZIP
    --> Digital_Diary_3.5.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '493a8270.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\DNA Counter 1.0.3.zip.vir
    [0] Archive type: ZIP
    --> DNA Counter 1.0.3.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '487437b5.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Easy Website Blocker 1.0.zip.vir
    [0] Archive type: ZIP
    --> Easy Website Blocker 1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a637c8.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Easy_POS_5.28.zip.vir
    [0] Archive type: ZIP
    --> Easy_POS_5.28.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a637c9.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\eDrum_MIDI_Mapper_1.1.zip.vir
    [0] Archive type: ZIP
    --> eDrum_MIDI_Mapper_1.1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a537ac.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Elephant Backup 1.0.zip.vir
    [0] Archive type: ZIP
    --> Elephant Backup 1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489837d5.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Email_Extractor_1.0_Key.zip.vir
    [0] Archive type: ZIP
    --> Email_Extractor_1.0_Key.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489437d6.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Excellence_AVI_MPEG_WAV_WMA_To_Mp3_Converter_1.0_Serial.zip.vir
    [0] Archive type: ZIP
    --> Excellence_AVI_MPEG_WAV_WMA_To_Mp3_Converter_1.0_Serial.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489637e2.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Excel_Compare_2.0.3.zip.vir
    [0] Archive type: ZIP
    --> Excel_Compare_2.0.3.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '49368243.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Extension renamer 1.0.zip.vir
    [0] Archive type: ZIP
    --> Extension renamer 1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a737e3.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\EZ_IE_Backup_Pro_4.0.zip.vir
    [0] Archive type: ZIP
    --> EZ_IE_Backup_Pro_4.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489237c6.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\File_Wipe_2.zip.vir
    [0] Archive type: ZIP
    --> File_Wipe_2.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489f37d5.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\FireLite_Virus_Scanner_2.7.zip.vir
    [0] Archive type: ZIP
    --> FireLite_Virus_Scanner_2.7.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a537d6.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\FlippingBook SWF Object 1.8.8.zip.vir
    [0] Archive type: ZIP
    --> FlippingBook SWF Object 1.8.8.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489c37d9.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\FolderTrek 1.0.zip.vir
    [0] Archive type: ZIP
    --> FolderTrek 1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489f37dd.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Football ScoreBook 2.1h.zip.vir
    [0] Archive type: ZIP
    --> Football ScoreBook 2.1h.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a237dd.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\g3BlindTimer_2.zip.vir
    [0] Archive type: ZIP
    --> g3BlindTimer_2.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '487537a1.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Generic spreadsheet Charts 1.0.1.zip.vir
    [0] Archive type: ZIP
    --> Generic spreadsheet Charts 1.0.1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a137d4.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\GOGO Picture Viewer ActiveX Control 4.27.zip.vir
    [0] Archive type: ZIP
    --> GOGO Picture Viewer ActiveX Control 4.27.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '487a37be.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Grid Imp 2.2.zip.vir
    [0] Archive type: ZIP
    --> Grid Imp 2.2.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489c37e2.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\HTMLSpy 1.04.zip.vir
    [0] Archive type: ZIP
    --> HTMLSpy 1.04.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '488037c4.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\HyperLabel_1.0.1.zip.vir
    [0] Archive type: ZIP
    --> HyperLabel_1.0.1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a337ea.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\IMAGE2PDF 1.1.1.0.zip.vir
    [0] Archive type: ZIP
    --> IMAGE2PDF 1.1.1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '487437be.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\iNetBau_PlotManager_5.0.9_[Key].zip.vir
    [0] Archive type: ZIP
    --> iNetBau_PlotManager_5.0.9_[Key].exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489837c0.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Internet Password Pro 1.zip.vir
    [0] Archive type: ZIP
    --> Internet Password Pro 1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a737e0.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\iPod Download 2.5.0.zip.vir
    [0] Archive type: ZIP
    --> iPod Download 2.5.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a237c3.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\IP_SpaceMon 3.5.5.zip.vir
    [0] Archive type: ZIP
    --> IP_SpaceMon 3.5.5.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489237c3.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\JpegStripper_1.3.1.13.zip.vir
    [0] Archive type: ZIP
    --> JpegStripper_1.3.1.13.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489837e4.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Kaspersky.Security.for.PDA.v5.0.zip.vir
    [0] Archive type: ZIP
    --> Kaspersky.Security.for.PDA.v5.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a637d5.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Leithauser Research EBook Reader - Jokes For All Occassions 1.0.zip.vir
    [0] Archive type: ZIP
    --> Leithauser Research EBook Reader - Jokes For All Occassions 1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489c37da.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\LingvoSoft Dictionary 2007 English - Russian 4.0.22.zip.vir
    [0] Archive type: ZIP
    --> LingvoSoft Dictionary 2007 English - Russian 4.0.22.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a137de.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Lock My PC 4.6.zip.vir
    [0] Archive type: ZIP
    --> Lock My PC 4.6.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489637e4.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\LyricFX_-_Find_Song_Lyrics_2.5.zip.vir
    [0] Archive type: ZIP
    --> LyricFX_-_Find_Song_Lyrics_2.5.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a537ef.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Macromedia_Fireworks_8.0.0.777_Cracked.zip.vir
    [0] Archive type: ZIP
    --> Macromedia_Fireworks_8.0.0.777_Cracked.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489637d7.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\MAPILab_Share_n_Sync_1.2.zip.vir
    [0] Archive type: ZIP
    --> MAPILab_Share_n_Sync_1.2.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '488337b8.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Math Kards 1.4.zip.vir
    [0] Archive type: ZIP
    --> Math Kards 1.4.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a737d8.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\McAfee.Active.VirusScan.SMB.Edition.[shareprovider.com].zip.vir
    [0] Archive type: ZIP
    --> McAfee.Active.VirusScan.SMB.Edition.[shareprovider.com].exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '487437db.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Metadata Analyzer 2.zip.vir
    [0] Archive type: ZIP
    --> Metadata Analyzer 2.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a737dd.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Mirador_Instant_Messenger_4.0.2.zip.vir
    [0] Archive type: ZIP
    --> Mirador_Instant_Messenger_4.0.2.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a537e3.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Misfit Model 3D 1.3.4.zip.vir
    [0] Archive type: ZIP
    --> Misfit Model 3D 1.3.4.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a637e3.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Mojopac_1.0.2.5.zip.vir
    [0] Archive type: ZIP
    --> Mojopac_1.0.2.5.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489d37e9.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Movavi Zune Video Converter 1.0.zip.vir
    [0] Archive type: ZIP
    --> Movavi Zune Video Converter 1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a937ea.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\NCTAudioStudio_ActiveX_DLL.zip.vir
    [0] Archive type: ZIP
    --> NCTAudioStudio_ActiveX_DLL.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '488737be.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Network Information Requester 1.1.zip.vir
    [0] Archive type: ZIP
    --> Network Information Requester 1.1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a737e1.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Network_Monitor_Widget_1.3.1.zip.vir
    [0] Archive type: ZIP
    --> Network_Monitor_Widget_1.3.1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '49257452.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Nod32.Antivirus.2.51.8.Xp.Winserver2003.zip.vir
    [0] Archive type: ZIP
    --> Nod32.Antivirus.2.51.8.Xp.Winserver2003.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489737ed.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Onlineeye_Pro_2.0_Beta_1.zip.vir
    [0] Archive type: ZIP
    --> Onlineeye_Pro_2.0_Beta_1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489f37ec.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\OTTER_1.3.26.129.zip.vir
    [0] Archive type: ZIP
    --> OTTER_1.3.26.129.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '488737d3.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Pamela_for_Skype_-_Basic_Version_1.38a.zip.vir
    [0] Archive type: ZIP
    --> Pamela_for_Skype_-_Basic_Version_1.38a.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a037e0.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\PC_Shower_2007_1.0_(Key).zip.vir
    [0] Archive type: ZIP
    --> PC_Shower_2007_1.0_(Key).exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489237c2.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\PhotoAcute_Studio_2.51.zip.vir
    [0] Archive type: ZIP
    --> PhotoAcute_Studio_2.51.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a237e8.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\PhotoPlayer_6.07_Crack.zip.vir
    [0] Archive type: ZIP
    --> PhotoPlayer_6.07_Crack.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '49028249.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Poison_Screensaver_1.0.zip.vir
    [0] Archive type: ZIP
    --> Poison_Screensaver_1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489c37f0.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Pol-IP 1.1.zip.vir
    [0] Archive type: ZIP
    --> Pol-IP 1.1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489f37f0.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Pop Magic 1.0.0.4.zip.vir
    [0] Archive type: ZIP
    --> Pop Magic 1.0.0.4.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a337f1.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\popStumbler_1.0.zip.vir
    [0] Archive type: ZIP
    --> popStumbler_1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '49038252.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\PopUpCop 2.5.0.65.zip.vir
    [0] Archive type: ZIP
    --> PopUpCop 2.5.0.65.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a337f2.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Power_Equipment_1.03.zip.vir
    [0] Archive type: ZIP
    --> Power_Equipment_1.03.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48aa37f2.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Private Notetaker 2.1.zip.vir
    [0] Archive type: ZIP
    --> Private Notetaker 2.1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489c37f6.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Pro Tools M-Powered 7.4.zip.vir
    [0] Archive type: ZIP
    --> Pro Tools M-Powered 7.4.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a237f6.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Protaxis_Planet_of_Domains_1.01.zip.vir
    [0] Archive type: ZIP
    --> Protaxis_Planet_of_Domains_1.01.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a237f7.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\PSP_Shuffle_1.1.zip.vir
    [0] Archive type: ZIP
    --> PSP_Shuffle_1.1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '488337d8.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\QtiPlot_0.9_RC2_[Key].zip.vir
    [0] Archive type: ZIP
    --> QtiPlot_0.9_RC2_[Key].exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489c37fb.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\QuoteDownload_1.1.zip.vir
    [0] Archive type: ZIP
    --> QuoteDownload_1.1.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a237fc.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\RegCompact_Pro_0.1.8_Serial.zip.vir
    [0] Archive type: ZIP
    --> RegCompact_Pro_0.1.8_Serial.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489a37ed.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Robohordes_demo.zip.vir
    [0] Archive type: ZIP
    --> Robohordes_demo.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489537f7.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Ruler Opera Widget 0.2.4.zip.vir
    [0] Archive type: ZIP
    --> Ruler Opera Widget 0.2.4.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489f37fd.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\SearchIt_in_Google_1.5.zip.vir
    [0] Archive type: ZIP
    --> SearchIt_in_Google_1.5.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489437ee.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Secret_Of_The_Seven_Scrolls_1.0.zip.vir
    [0] Archive type: ZIP
    --> Secret_Of_The_Seven_Scrolls_1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489637ee.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Secure Notes Organizer 3.0.11.zip.vir
    [0] Archive type: ZIP
    --> Secure Notes Organizer 3.0.11.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489637ef.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\ServiceMY 1.142.zip.vir
    [0] Archive type: ZIP
    --> ServiceMY 1.142.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '49058250.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Shooting_Star_2.5.11_Crack.zip.vir
    [0] Archive type: ZIP
    --> Shooting_Star_2.5.11_Crack.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a237f2.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\ShootIt 3.5.zip.vir
    [0] Archive type: ZIP
    --> ShootIt 3.5.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a237f3.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Shop-Script_PRO_2.0.zip.vir
    [0] Archive type: ZIP
    --> Shop-Script_PRO_2.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '49028254.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Shorty_1.0.zip.vir
    [0] Archive type: ZIP
    --> Shorty_1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a237f4.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Sketcher 2.0.zip.vir
    [0] Archive type: ZIP
    --> Sketcher 2.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489837f7.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\SLGallery 1.2.zip.vir
    [0] Archive type: ZIP
    --> SLGallery 1.2.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '487a37d9.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\SMART_School_Conduct_1.1.4_(Key+Serial).zip.vir
    [0] Archive type: ZIP
    --> SMART_School_Conduct_1.1.4_(Key+Serial).exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '487437da.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\SpectraScope_2.86_(Key+Serial).zip.vir
    [0] Archive type: ZIP
    --> SpectraScope_2.86_(Key+Serial).exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489837fe.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\SpyAOL_9.zip.vir
    [0] Archive type: ZIP
    --> SpyAOL_9.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48ac37fe.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Stop The Popup 4.1.0.0.zip.vir
    [0] Archive type: ZIP
    --> Stop The Popup 4.1.0.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a23803.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Symantec.AntiVirus.for.VISTA.zip.vir
    [0] Archive type: ZIP
    --> Symantec.AntiVirus.for.VISTA.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a03808.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Tables Transformer for Excel 1.1.4.zip.vir
    [0] Archive type: ZIP
    --> Tables Transformer for Excel 1.1.4.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489537f1.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Thanksgiving Icons 1.0.zip.vir
    [0] Archive type: ZIP
    --> Thanksgiving Icons 1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489437f8.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\The Black Knight 1.0.zip.vir
    [0] Archive type: ZIP
    --> The Black Knight 1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489837f9.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\The Elder Scrolls III Morrowind - Sheikizza's Daedric Armor mod.zip.vir
    [0] Archive type: ZIP
    --> The Elder Scrolls III Morrowind - Sheikizza's Daedric Armor mod.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489837fa.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\THnotes_1.3.zip.vir
    [0] Archive type: ZIP
    --> THnotes_1.3.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a137da.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Time_Organizer_1.0_(Crack).zip.vir
    [0] Archive type: ZIP
    --> Time_Organizer_1.0_(Crack).exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a037fc.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\TProgressDrum_1.0.zip.vir
    [0] Archive type: ZIP
    --> TProgressDrum_1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '49058244.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\TweakMP 6.0.2600.zip.vir
    [0] Archive type: ZIP
    --> TweakMP 6.0.2600.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '4898380b.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Unclaimed_Money_4.4.304_(KeyGen).zip.vir
    [0] Archive type: ZIP
    --> Unclaimed_Money_4.4.304_(KeyGen).exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48963802.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\UnPowerIt_Now_1.06.zip.vir
    [0] Archive type: ZIP
    --> UnPowerIt_Now_1.06.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48833803.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\URL_Keeper_1.0.zip.vir
    [0] Archive type: ZIP
    --> URL_Keeper_1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '487f37e8.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Vegas Vault 1.0.zip.vir
    [0] Archive type: ZIP
    --> Vegas Vault 1.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489a37fb.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\VeroCAD 3.42.268.zip.vir
    [0] Archive type: ZIP
    --> VeroCAD 3.42.268.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a537fb.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Visual Requirements 1.4.8 (Key).zip.vir
    [0] Archive type: ZIP
    --> Visual Requirements 1.4.8 (Key).exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a63800.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Web2Pic_Pro_1.2.8.zip.vir
    [0] Archive type: ZIP
    --> Web2Pic_Pro_1.2.8.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489537fc.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Workspace Translator 1.0.2.0.zip.vir
    [0] Archive type: ZIP
    --> Workspace Translator 1.0.2.0.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a53807.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\World of Warcraft Alliance Tossing movie.zip.vir
    [0] Archive type: ZIP
    --> World of Warcraft Alliance Tossing movie.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '49058da8.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Yahoo!_Go_for_TV_0.2.55_Beta.zip.vir
    [0] Archive type: ZIP
    --> Yahoo!_Go_for_TV_0.2.55_Beta.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489b37fa.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\Zero-X_Seamless_Looper_1.51.zip.vir
    [0] Archive type: ZIP
    --> Zero-X_Seamless_Looper_1.51.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48a537fe.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur\Application Data\m\shared\[ITA].-.NOD32.W98&WNT.-.2.51.26.+.FIX.zip.vir
    [0] Archive type: ZIP
    --> [ITA].-.NOD32.W98&WNT.-.2.51.26.+.FIX.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '488737e3.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\hldrrr.exe.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48973806.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\mdelk.exe.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '489837ff.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\313375.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [NOTE] The file was moved to '486637ce.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\88484.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [NOTE] The file was moved to '486737d6.qua'!
    C:\System Volume Information\_restore{9224F317-05AE-4134-B985-7C8BD6A40C98}\RP415\A0243842.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '4865381e.qua'!
    C:\System Volume Information\_restore{9224F317-05AE-4134-B985-7C8BD6A40C98}\RP415\A0244810.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '4865381f.qua'!
    C:\System Volume Information\_restore{9224F317-05AE-4134-B985-7C8BD6A40C98}\RP415\A0244835.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [NOTE] The file was moved to '48653820.qua'!
    C:\System Volume Information\_restore{9224F317-05AE-4134-B985-7C8BD6A40C98}\RP416\A0246886.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [NOTE] The file was moved to '48653824.qua'!
    C:\System Volume Information\_restore{9224F317-05AE-4134-B985-7C8BD6A40C98}\RP416\A0246895.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [NOTE] The file was moved to '48653825.qua'!
    C:\System Volume Information\_restore{9224F317-05AE-4134-B985-7C8BD6A40C98}\RP416\A0246897.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '49feb7a6.qua'!
    C:\System Volume Information\_restore{9224F317-05AE-4134-B985-7C8BD6A40C98}\RP416\A0246898.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.PV
    [NOTE] The file was moved to '48653826.qua'!
    C:\System Volume Information\_restore{9224F317-05AE-4134-B985-7C8BD6A40C98}\RP416\A0246899.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [NOTE] The file was moved to '49feb7a7.qua'!
    C:\WINDOWS\system32\drivers\atapi.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <D -Bureautique Perso>
    Begin scan in 'E:\' <E- Divers>
    E:\System Volume Information\_restore{69A03050-91F7-47FB-B0CD-28042FA37955}\RP95\A0063726.EXE
    [0] Archive type: ZIP SFX (self extracting)
    --> AutoPlay/Docs/DVD.exe
    [1] Archive type: RAR SFX (self extracting)
    --> XtremeDVD.exe
    [2] Archive type: ZIP SFX (self extracting)
    --> AutoPlay/Docs/DvdReMake Pro.exe
    [DETECTION] Is the Trojan horse TR/Agent.453632.A
    [NOTE] The file was moved to '48633ccb.qua'!


    End of the scan: mardi 20 mai 2008 23:03
    Used time: 1:11:38 min

    The scan has been done completely.

    4367 Scanning directories
    146875 Files were scanned
    139 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    139 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    146736 Files not concerned
    1058 Archives were scanned
    3 Warnings
    139 Notes

    21 Mai 2008 10:10:34

    Re,
    Je dois faire quoi angel dark stp ?
    Il faut savoir qu'à chaque démarrage l'ordi me demande d'inserer windows wp , service pack 2, pour vérifier certains fichiers etc....

    Merci d'avance
    a b 8 Sécurité
    21 Mai 2008 15:05:29

    Reposte un rapport Hijackthis.
    Tu vas faire la MaJ vers le SP3 qui devrait corriger tes derniers problèmes.
    21 Mai 2008 15:20:06

    Re,
    Voilà le rapport hi-jack....je comprends pas trop comment vous arrivez à voir ce qui va de ce qui ne va pas sur l'ordi....c'est fabuleux! Pourtant je m'y connais un "tout ptit peu" mais les rapports hi-jack j'ai jamais compris!
    Enfin voilà le mien:

    Logfile of HijackThis v1.99.1
    Scan saved at 15:22:27, on 21/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    E:\divers logiciels\hijackthis\test.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2557AA90-3FEF-4D1D-8478-9BB1AA3E1A81}: NameServer = 212.27.54.252
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    a b 8 Sécurité
    21 Mai 2008 19:20:46

    C'est ok pour moi.
    21 Mai 2008 19:29:23

    re,
    Tu m'as dis de faire "Tu vas faire la MaJ vers le SP3 qui devrait corriger tes derniers problèmes"...
    Je fais comment pour ça ? Faut avoir automatiquement la bonne version d'xp etc...?
    Merci déjà pour les virus
    a b 8 Sécurité
    21 Mai 2008 19:40:52

    Suffit de te rendre sur le site Windows Update.
    21 Mai 2008 20:10:37

    En fait impossible de faire la mise à jour sans clé...Il y aurait pas une autre manip à faire svp ?
    a b 8 Sécurité
    22 Mai 2008 13:13:05

    Tu n'as pas une vraie version de Windows ?
    22 Mai 2008 14:25:48

    Et non, pas sur cet ordinateur là...Et je lis sur telecharger.com des commentaires sur le SP2 qui me font douter de son efficacité si je dois le mettre à jour . Suis-je condamner à formater pour ne plus avoir ce message ?
    a b 8 Sécurité
    22 Mai 2008 15:42:25

    Euh je parle du SP3, tu as déjà le SP2...
    De toutes les façons, si tu as une version crakée, tu ne peux pas mettre le SP3.
    22 Mai 2008 16:26:56

    Oui c'est bien celà.
    Je suis alors condmané à voir ce message à chaque démarrage de l'ordi c'est bien celà ..?
    Si c'est le cas je formatterais dans l'été quand j'aurais un peu plus le temps....
    Je te remercie pr les virus!
    ++
    a b 8 Sécurité
    22 Mai 2008 16:46:47

    Tu as suivis la démarche indiquée par ton pc ?
    22 Mai 2008 18:03:12

    Ben la démarche de mon PC serait de mettre mon cd SP2 pr mettre à jour les fichiers DLL mais je n'ai pas de cd !!! J'ai essayer de telecharger le SP2 sur telecharger.com et les avis des utilisateurs disent qu'avec cette mise à jour leur ordi est devenu bien plus lent...Donc je ne sais que faire.? Je mettrais bien un cd d'XP pr voir ce qu'il se passe, mais la version installé sur l'ordi et le cd que j'ai d'xp n'est pas la meme!!...


    Verdict doc ?
    a b 8 Sécurité
    22 Mai 2008 19:30:06

    Tu as du mal à comprendre ? Tu as déjà le SP2 d'installé sur ton pc !
    Il faut un cd donc, télécharger le SP2 ne changera rien.
    22 Mai 2008 19:52:57

    Si j'ai bien compris que j'avais le SP2 sur mon ordi ! Seulement le mess d'erreur me le redemande. Il me faut donc un cd d'installation d'xp c'est ça?? je ne comprends plus...désolé......
    a b 8 Sécurité
    22 Mai 2008 20:35:50

    Bah si tu n'as pas le cd, on ne peut pas faire grand chose.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS