Se connecter / S'enregistrer
Votre question

Virus bagle je crois ke je suis infecté aidez moi

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
17 Février 2008 03:21:57

bonjour, depuis peu avast ne fonctionne plus sur mon ordinateur, il ne se demarre pas au lancement de windows, de plus lorsque je veux le lancer depuis le fichier avast il m'affiche ce message d'erreur :

"C:\Program Files\Alwil Software\Avast4\ashAvast.exe n'es pas une application valide."

Ainsi je n'ai plus d'antivirus

Ensuite il apparait parfois un message d'erreur sans que je ne demande rien :

"Une erreur est survenue.
Souhaitez-vous effectuer un débogage?

Ligne : 88
Erreur : 'top.maincontent.left' a la valeur Null ou n'est pas un objet."

J'ai consulté des messages semblables à mon problème, c'est pourquoi je suppose que mon pc est infecté

J'ai vu aussi que ce probleme se traite au cas par cas

J'espère que quelqu'un pourra m'aider, je l'en remercie d'avance

(s'il vous faut plus de details je suis dispo a vous les donner)

Autres pages sur : virus bagle infecte aidez

a b 8 Sécurité
17 Février 2008 13:41:12

Bonjour,

Peut être du Bagle.

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combo-fix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combo-fix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    17 Février 2008 17:01:06

    Suite à votre message, je vous envoie le rapport de combo-fix.exe comme vous me l'avez demandé
    Merci pour votre aide ( en attendant votre reponse):


    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\WINDOWS\system32\drivers\hldrrr.exe
    C:\WINDOWS\system32\drivers\srosa.sys
    C:\WINDOWS\system32\mdelk.exe
    C:\WINDOWS\system32\wintems.exe
    C:\Program Files\montorgueil
    C:\Program Files\montorgueil\14.06128
    C:\WINDOWS\system32\drivers\down
    C:\WINDOWS\system32\drivers\down\14607424.exe
    C:\WINDOWS\system32\drivers\down\14697503.exe
    C:\WINDOWS\system32\drivers\down\14863402.exe
    C:\WINDOWS\system32\drivers\down\14881238.exe
    C:\WINDOWS\system32\drivers\down\14904741.exe
    C:\WINDOWS\system32\drivers\down\14943297.exe
    C:\WINDOWS\system32\drivers\down\14965979.exe
    C:\WINDOWS\system32\drivers\down\15001370.exe
    C:\WINDOWS\system32\drivers\down\15003333.exe
    C:\WINDOWS\system32\drivers\down\15020468.exe
    C:\WINDOWS\system32\drivers\down\15031584.exe
    C:\WINDOWS\system32\drivers\down\15038404.exe
    C:\WINDOWS\system32\drivers\down\15045974.exe
    C:\WINDOWS\system32\drivers\down\15067535.exe
    C:\WINDOWS\system32\drivers\down\15077119.exe
    C:\WINDOWS\system32\drivers\down\15082066.exe
    C:\WINDOWS\system32\drivers\down\15088265.exe
    C:\WINDOWS\system32\drivers\down\15094915.exe
    C:\WINDOWS\system32\drivers\down\15112440.exe
    C:\WINDOWS\system32\drivers\down\15114543.exe
    C:\WINDOWS\system32\drivers\down\15116185.exe
    C:\WINDOWS\system32\drivers\down\15122274.exe
    C:\WINDOWS\system32\drivers\down\15147060.exe
    C:\WINDOWS\system32\drivers\down\15156123.exe
    C:\WINDOWS\system32\drivers\down\15166007.exe
    C:\WINDOWS\system32\drivers\down\15173608.exe
    C:\WINDOWS\system32\drivers\down\15186126.exe
    C:\WINDOWS\system32\drivers\down\15190933.exe
    C:\WINDOWS\system32\drivers\down\15207717.exe
    C:\WINDOWS\system32\drivers\down\15240775.exe
    C:\WINDOWS\system32\drivers\down\15242066.exe
    C:\WINDOWS\system32\drivers\down\15243208.exe
    C:\WINDOWS\system32\drivers\down\15249016.exe
    C:\WINDOWS\system32\drivers\down\15256667.exe
    C:\WINDOWS\system32\drivers\down\15260303.exe
    C:\WINDOWS\system32\drivers\down\15292609.exe
    C:\WINDOWS\system32\drivers\down\15298898.exe
    C:\WINDOWS\system32\drivers\down\30060925.exe
    C:\WINDOWS\system32\drivers\down\30544700.exe
    C:\WINDOWS\system32\drivers\down\30554414.exe
    C:\WINDOWS\system32\drivers\down\30607100.exe
    C:\WINDOWS\system32\drivers\down\30607110.exe
    C:\WINDOWS\system32\drivers\down\30638595.exe
    C:\WINDOWS\system32\drivers\down\30646126.exe
    C:\WINDOWS\system32\drivers\down\30651254.exe
    C:\WINDOWS\system32\drivers\down\30654769.exe
    C:\WINDOWS\system32\drivers\down\30680346.exe
    C:\WINDOWS\system32\drivers\down\30756285.exe
    C:\WINDOWS\system32\drivers\down\30771126.exe
    C:\WINDOWS\system32\drivers\down\30779238.exe
    C:\WINDOWS\system32\drivers\down\30803172.exe
    C:\WINDOWS\system32\drivers\down\30808189.exe
    C:\WINDOWS\system32\drivers\down\30865532.exe
    C:\WINDOWS\system32\drivers\down\30886652.exe
    C:\WINDOWS\system32\drivers\down\45315.exe
    C:\WINDOWS\system32\drivers\down\45425.exe
    C:\WINDOWS\system32\drivers\down\46136.exe
    C:\WINDOWS\system32\drivers\down\46316.exe
    C:\WINDOWS\system32\drivers\down\46767.exe
    C:\WINDOWS\system32\drivers\down\46787.exe
    C:\WINDOWS\system32\drivers\down\47968.exe
    C:\WINDOWS\system32\drivers\down\48069.exe
    C:\WINDOWS\system32\drivers\down\48159.exe
    C:\WINDOWS\system32\drivers\down\48299.exe
    C:\WINDOWS\system32\drivers\down\48329.exe
    C:\WINDOWS\system32\drivers\down\48389.exe
    C:\WINDOWS\system32\drivers\down\48720.exe
    C:\WINDOWS\system32\drivers\down\48900.exe
    C:\WINDOWS\system32\drivers\down\49000.exe
    C:\WINDOWS\system32\drivers\down\49250.exe
    C:\WINDOWS\system32\drivers\down\49310.exe
    C:\WINDOWS\system32\drivers\down\49381.exe
    C:\WINDOWS\system32\drivers\down\49401.exe
    C:\WINDOWS\system32\drivers\down\49561.exe
    C:\WINDOWS\system32\drivers\down\49731.exe
    C:\WINDOWS\system32\drivers\down\49981.exe
    C:\WINDOWS\system32\drivers\down\49991.exe
    C:\WINDOWS\system32\drivers\down\50041.exe
    C:\WINDOWS\system32\drivers\down\50202.exe
    C:\WINDOWS\system32\drivers\down\50442.exe
    C:\WINDOWS\system32\drivers\down\50542.exe
    C:\WINDOWS\system32\drivers\down\50702.exe
    C:\WINDOWS\system32\drivers\down\50722.exe
    C:\WINDOWS\system32\drivers\down\5080224.exe
    C:\WINDOWS\system32\drivers\down\50843.exe
    C:\WINDOWS\system32\drivers\down\50933.exe
    C:\WINDOWS\system32\drivers\down\51023.exe
    C:\WINDOWS\system32\drivers\down\51113.exe
    C:\WINDOWS\system32\drivers\down\51193.exe
    C:\WINDOWS\system32\drivers\down\51263.exe
    C:\WINDOWS\system32\drivers\down\52064.exe
    C:\WINDOWS\system32\drivers\down\52185.exe
    C:\WINDOWS\system32\drivers\down\52335.exe
    C:\WINDOWS\system32\drivers\down\52495.exe
    C:\WINDOWS\system32\drivers\down\52585.exe
    C:\WINDOWS\system32\drivers\down\5278339.exe
    C:\WINDOWS\system32\drivers\down\5293641.exe
    C:\WINDOWS\system32\drivers\down\53046.exe
    C:\WINDOWS\system32\drivers\down\53436.exe
    C:\WINDOWS\system32\drivers\down\53597.exe
    C:\WINDOWS\system32\drivers\down\53697.exe
    C:\WINDOWS\system32\drivers\down\53937.exe
    C:\WINDOWS\system32\drivers\down\53967.exe
    C:\WINDOWS\system32\drivers\down\54097.exe
    C:\WINDOWS\system32\drivers\down\54187.exe
    C:\WINDOWS\system32\drivers\down\5484456.exe
    C:\WINDOWS\system32\drivers\down\5485898.exe
    C:\WINDOWS\system32\drivers\down\5504865.exe
    C:\WINDOWS\system32\drivers\down\5521950.exe
    C:\WINDOWS\system32\drivers\down\5534207.exe
    C:\WINDOWS\system32\drivers\down\5537963.exe
    C:\WINDOWS\system32\drivers\down\5544813.exe
    C:\WINDOWS\system32\drivers\down\5575086.exe
    C:\WINDOWS\system32\drivers\down\5583779.exe
    C:\WINDOWS\system32\drivers\down\5618769.exe
    C:\WINDOWS\system32\drivers\down\5691664.exe
    C:\WINDOWS\system32\drivers\down\5823353.exe
    C:\WINDOWS\system32\drivers\down\5830784.exe
    C:\WINDOWS\system32\drivers\down\5923197.exe
    C:\WINDOWS\system32\drivers\down\6060083.exe
    C:\WINDOWS\system32\drivers\hldrrr.exe
    C:\WINDOWS\system32\drivers\srosa.sys
    C:\WINDOWS\system32\mdelk.exe
    C:\WINDOWS\system32\wintems.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_SROSA
    -------\srosa




    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-17 06:45 . 2008-02-17 06:45 <REP> d-------- C:\Program Files\Weflirt
    2008-02-17 06:45 . 2008-02-17 06:45 <REP> d-------- C:\Documents and Settings\Esther\Application Data\Weflirt
    2008-02-17 02:15 . 2008-02-17 02:15 <REP> d-------- C:\Documents and Settings\Esther\Application Data\Apple Computer
    2008-02-17 01:14 . 2008-02-17 16:26 <REP> d-------- C:\Downloads
    2008-02-17 01:05 . 2008-02-17 16:32 <REP> d-------- C:\Program Files\FlashGet
    2008-02-11 00:37 . 2008-02-11 00:37 69,632 --a------ C:\WINDOWS\AutoUpdateWin31.dll
    2008-02-11 00:37 . 2008-02-11 00:37 45,056 --a------ C:\WINDOWS\AutoUpdateWin32.exe
    2008-02-11 00:37 . 2008-02-11 00:37 32,768 --a------ C:\WINDOWS\AutoUpdateWin33.exe
    2008-02-11 00:37 . 2008-02-11 00:37 24,576 --a------ C:\WINDOWS\WindowsUpdates.exe
    2008-02-10 19:58 . 2008-02-11 00:50 <REP> d-------- C:\Program Files\GOlive
    2008-01-31 22:24 . 2008-01-31 22:24 <REP> d-------- C:\Program Files\Windows Media Connect 2
    2008-01-31 22:22 . 2008-01-31 22:22 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2008-01-31 22:22 . 2008-01-31 22:23 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
    2008-01-31 15:44 . 2008-02-17 02:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-31 15:44 . 2008-01-31 15:44 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-01-21 18:31 . 2008-02-11 01:04 <REP> d-------- C:\Program Files\eMule

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-17 15:13 --------- d-----w C:\Program Files\YesMessenger
    2008-02-11 00:35 --------- d-----w C:\Program Files\Allocam Multi Visio
    2008-02-10 19:40 --------- d-----w C:\Program Files\Camfrog
    2008-02-03 00:09 --------- d-----w C:\Program Files\Everest Poker
    2008-01-31 14:45 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
    2008-01-04 23:26 46 ----a-w C:\Program Files\Init
    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2006-06-04 12:51 4,096 ----a-w C:\Documents and Settings\Esther\log.dat
    2006-01-11 07:59 254 ----a-w C:\Documents and Settings\Esther\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A75E294E-C047-4D29-B07E-37B792881BEF}]
    2008-02-11 00:37 69632 --a------ C:\Windows\AutoUpdateWin31.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "fsc-reminder.exe"="C:\WINDOWS\reminder\fsc-reminder.exe" [2005-01-19 17:10 28672]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-25 00:20 401491]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 11:06 196608]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-06-07 13:08 4670968]
    "Totocam"="" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2005-01-20 19:04 77824 C:\WINDOWS\SOUNDMAN.EXE]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 12:38 88361 C:\WINDOWS\AGRSMMSG.exe]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-08 09:36 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-08 09:32 126976]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-12-05 13:22 159744]
    "PowerManager"="C:\Program Files\Power Manager\PM.exe" [2005-03-30 14:07 159744]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-02-17 16:29 79224]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 10:52 221184]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 11:31 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 11:24 217088]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-18 10:37 282624]
    "Capuccino"="C:\Program Files\Capuccino Webcam Chat\Capuccino_Webcam_Chat.exe" [ ]
    "Secure"="C:\WINDOWS\WindowsUpdates.exe" [2008-02-11 00:37 24576]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-06 00:37:10 323646]
    hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
    NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-09-18 10:41:41 118784]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-01-14 16:22]
    S3 ids00026;ids00026;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys []
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8644af30-eeb7-11db-95c4-0012f0d23dee}]
    \Shell\AutoRun\command - E:\start.exe
    \Shell\FramaKey\command - E:\start.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2006-03-11 16:52:15 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1133715113.job"
    - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
    "2008-02-17 15:20:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-17 16:48:31
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-17 16:49:11
    ComboFix-quarantined-files.txt 2008-02-17 15:48:49
    17 Février 2008 23:06:10

    Bonsoir, voila jai supprimé comme vous me l'avez dit avast et je l'ai remplacé par antivir, ca a l'air de marcher, mais je vous fais part du diagnostic du logiciel afin que vous me confirmiez ou non si le probleme est règlé.
    J'ai encore quelques doutes, et vous suit reconnaissant de l'attention portée a mon sujet, sachant ke le rapport est plutot long :


    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 19:30:25
    ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 19:30:25
    ANTIVIR3.VDF : 7.0.2.148 201216 Bytes 15/02/2008 19:30:25
    AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 17/02/2008 19:30:25
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 17/02/2008 19:30:26
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: dimanche 17 février 2008 20:31

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'notepad.exe' - '1' Module(s) have been scanned
    Scan process 'flashget.exe' - '1' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
    Scan process 'wmplayer.exe' - '1' Module(s) have been scanned
    Scan process 'GP4Demo.exe' - '1' Module(s) have been scanned
    Scan process 'sol.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'hposts08.exe' - '1' Module(s) have been scanned
    Scan process 'hpoevm08.exe' - '1' Module(s) have been scanned
    Scan process 'Ymsgr_tray.exe' - '1' Module(s) have been scanned
    Scan process 'hpotdd01.exe' - '1' Module(s) have been scanned
    Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned
    Scan process 'hpobnz08.exe' - '1' Module(s) have been scanned
    Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
    Scan process 'WCESCOMM.EXE' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'qttask.exe' - '1' Module(s) have been scanned
    Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
    Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'PM.exe' - '1' Module(s) have been scanned
    Scan process 'Apoint.exe' - '1' Module(s) have been scanned
    Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
    Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
    Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
    Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'MDM.EXE' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    45 processes with 45 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '68' files ).


    Starting the file scan:

    Begin scan in 'C:\' <N00705>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.ix
    [INFO] The file was moved to '4827a263.qua'!
    C:\Program Files\eMule\Incoming\camfrog.video.chat.3.91-patch.rar
    [0] Archive type: ZIP
    --> camfrog.video.chat.3.91-patch [maxtreme].exe
    [DETECTION] Is the Trojan horse TR/Agent.67896
    [INFO] The file was moved to '4825a2ab.qua'!
    C:\Program Files\eMule\Incoming\x Chat Free 3 build 060815.zip
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.ix
    [INFO] The file was moved to '47fba27b.qua'!
    C:\Program Files\eMule\Temp\041.part
    [0] Archive type: RAR
    --> Camfrog Video Chat 3.94.23341.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.bml.2
    [INFO] The file was moved to '47e9a297.qua'!
    C:\QooBox\Quarantine\catchme2008-02-17_163338.75.zip
    [0] Archive type: ZIP
    --> srosa.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    --> wintems.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> mdelk.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    --> hldrrr.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.ix
    [INFO] The file was moved to '482ca74f.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was moved to '481da755.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\wintems.exe.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was moved to '4826a75c.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\hldrrr.exe.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was moved to '481ca763.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\14607424.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was moved to '47eea731.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\14863402.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '47f0a733.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\14881238.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '47f0a738.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\30060925.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was moved to '47e8a737.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\45315.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was moved to '47eba73f.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\45425.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was moved to '47eca741.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\46136.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '47e9a744.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\46316.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '47eba745.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\50041.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was moved to '47e8a742.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\50702.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '47efa743.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\5080224.exe.vir
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was moved to '47f0a745.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\5278339.exe.vir
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '47efa749.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP171\A0383852.dll
    [DETECTION] Is the Trojan horse TR/Agent.57874
    [INFO] The file was moved to '47eba7c7.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP171\A0386843.dll
    [DETECTION] Is the Trojan horse TR/Agent.57874
    [INFO] The file was moved to '47eba7ca.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0387836.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '47eba7ce.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0387860.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '47eba7d1.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0387908.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '47eba7d5.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0387929.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '47eba7d7.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0387930.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '47eba7d9.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0388909.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '47eba7da.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0388938.dll
    [DETECTION] Is the Trojan horse TR/Agent.57874
    [INFO] The file was moved to '47eba7dd.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0388973.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '47eba7e0.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0388974.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '47eba7e3.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0388975.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '47eba7e4.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0388981.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '47eba7e8.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0388982.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '47eba7ea.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0388983.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '47eba7ec.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0389000.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '47eba7ee.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0389001.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '47eba7ef.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0389002.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '47eba7f1.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0389014.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '47eba7f3.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0389025.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '47eba7f5.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0389047.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '47eba7f7.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0390048.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '47eba7fa.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0391047.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '47eba7fc.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0392047.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '47eba7fe.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0392068.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '47eba800.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0392116.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '47eba802.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0392132.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '47eba80b.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0392147.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '47eba80c.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0392153.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '46960115.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0392183.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '47eba80d.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0392217.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '47eba80e.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0399260.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '47eba811.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0400258.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '47eca811.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0400279.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '47eca812.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0400280.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '47eca813.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP172\A0400291.sys
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '47eca814.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP173\A0400319.exe
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was moved to '47eca817.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP173\A0400321.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '46910100.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP173\A0400322.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '47eca818.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP173\A0400356.exe
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was moved to '47eca819.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP173\A0400373.exe
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was moved to '47eca81a.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP173\A0400374.exe
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was moved to '46910103.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP173\A0400375.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '47eca81b.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP173\A0400376.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '46910104.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP173\A0400396.exe
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was moved to '47eca81c.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP173\A0400400.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '46910105.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP173\A0400402.exe
    [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
    [INFO] The file was moved to '47eca81d.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP173\A0400414.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [INFO] The file was moved to '46910106.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP173\A0400447.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was moved to '47eca81f.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP173\A0400448.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was moved to '46910138.qua'!
    C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP173\A0400449.exe
    [DETECTION] Is the Trojan horse TR/Killav.28714
    [INFO] The file was moved to '47eca821.qua'!
    C:\WINDOWS\AutoUpdateWin32.exe
    [DETECTION] Is the Trojan horse TR/Agent.DYH
    [INFO] The file was moved to '482ca870.qua'!


    End of the scan: dimanche 17 février 2008 22:44
    Used time: 2:13:00 min

    The scan has been done completely.

    5621 Scanning directories
    376705 Files were scanned
    75 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    72 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    376630 Files not concerned
    7513 Archives were scanned
    2 Warnings
    15 Notes

    a b 8 Sécurité
    18 Février 2008 12:24:31

    Refais un scan Combofix.
    18 Février 2008 15:50:57

    Voici le rapport Combofix ( jai oublié de vous dire ke lorsque j'ai fais un scan avec antivir, j'ai mis les fichiers virus en quarantaine plutot que de les supprimer, car je voulais votre avis, est-ce la bonne manip ?)

    Endroit: C:\Downloads\Combo-Fix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-17 20:01 . 2008-02-17 20:01 <REP> d-------- C:\Program Files\Avira
    2008-02-17 20:01 . 2008-02-17 20:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-02-17 06:45 . 2008-02-17 06:45 <REP> d-------- C:\Program Files\Weflirt
    2008-02-17 06:45 . 2008-02-17 06:45 <REP> d-------- C:\Documents and Settings\Esther\Application Data\Weflirt
    2008-02-17 02:15 . 2008-02-17 02:15 <REP> d-------- C:\Documents and Settings\Esther\Application Data\Apple Computer
    2008-02-17 01:14 . 2008-02-17 20:01 <REP> d-------- C:\Downloads
    2008-02-17 01:05 . 2008-02-18 15:35 <REP> d-------- C:\Program Files\FlashGet
    2008-02-11 00:37 . 2008-02-11 00:37 69,632 --a------ C:\WINDOWS\AutoUpdateWin31.dll
    2008-02-11 00:37 . 2008-02-11 00:37 32,768 --a------ C:\WINDOWS\AutoUpdateWin33.exe
    2008-02-11 00:37 . 2008-02-11 00:37 24,576 --a------ C:\WINDOWS\WindowsUpdates.exe
    2008-02-10 19:58 . 2008-02-11 00:50 <REP> d-------- C:\Program Files\GOlive
    2008-01-31 22:24 . 2008-01-31 22:24 <REP> d-------- C:\Program Files\Windows Media Connect 2
    2008-01-31 22:22 . 2008-01-31 22:22 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2008-01-31 22:22 . 2008-01-31 22:23 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
    2008-01-31 15:44 . 2008-02-17 02:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-31 15:44 . 2008-01-31 15:44 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-01-21 18:31 . 2008-02-11 01:04 <REP> d-------- C:\Program Files\eMule

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-17 15:13 --------- d-----w C:\Program Files\YesMessenger
    2008-02-11 00:35 --------- d-----w C:\Program Files\Allocam Multi Visio
    2008-02-10 19:40 --------- d-----w C:\Program Files\Camfrog
    2008-02-03 00:09 --------- d-----w C:\Program Files\Everest Poker
    2008-01-31 14:45 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
    2008-01-04 23:26 46 ----a-w C:\Program Files\Init
    2006-06-04 12:51 4,096 ----a-w C:\Documents and Settings\Esther\log.dat
    2006-01-11 07:59 254 ----a-w C:\Documents and Settings\Esther\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A75E294E-C047-4D29-B07E-37B792881BEF}]
    2008-02-11 00:37 69632 --a------ C:\WINDOWS\AutoUpdateWin31.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "fsc-reminder.exe"="C:\WINDOWS\reminder\fsc-reminder.exe" [2005-01-19 17:10 28672]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-25 00:20 401491]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 11:06 196608]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-06-07 13:08 4670968]
    "Totocam"="" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2005-01-20 19:04 77824 C:\WINDOWS\SOUNDMAN.EXE]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 12:38 88361 C:\WINDOWS\AGRSMMSG.exe]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-08 09:36 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-08 09:32 126976]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-12-05 13:22 159744]
    "PowerManager"="C:\Program Files\Power Manager\PM.exe" [2005-03-30 14:07 159744]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 10:52 221184]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 11:31 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 11:24 217088]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-18 10:37 282624]
    "Capuccino"="C:\Program Files\Capuccino Webcam Chat\Capuccino_Webcam_Chat.exe" [ ]
    "Secure"="C:\WINDOWS\WindowsUpdates.exe" [2008-02-11 00:37 24576]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-17 20:30 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-06 00:37:10 323646]
    hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
    NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-09-18 10:41:41 118784]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-01-14 16:22]
    S3 ids00026;ids00026;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys []
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8644af30-eeb7-11db-95c4-0012f0d23dee}]
    \Shell\AutoRun\command - E:\start.exe
    \Shell\FramaKey\command - E:\start.exe

    *Newly Created Service* - SSMDRV
    *Newly Created Service* - WINIO
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2006-03-11 16:52:15 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1133715113.job"
    - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
    "2008-02-18 14:20:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-18 15:37:33
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-18 15:38:35
    ComboFix-quarantined-files.txt 2008-02-18 14:38:21
    ComboFix2.txt 2008-02-17 15:49:11
    a b 8 Sécurité
    18 Février 2008 18:48:32

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\AutoUpdateWin31.dll
    C:\WINDOWS\AutoUpdateWin33.exe
    C:\WINDOWS\WindowsUpdates.exe

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A75E294E-C047-4D29-B07E-37B792881BEF}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Secure"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    19 Février 2008 01:59:07

    Voici le rapport demandé, je n'en ai vu qu'un, il n'y a pas eu de redémarrage

    Endroit: C:\Downloads\Combo-Fix.exe
    Command switches used :: C:\Documents and Settings\Esther\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE
    C:\WINDOWS\AutoUpdateWin31.dll
    C:\WINDOWS\AutoUpdateWin33.exe
    C:\WINDOWS\WindowsUpdates.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\AutoUpdateWin31.dll
    C:\WINDOWS\AutoUpdateWin33.exe
    C:\WINDOWS\WindowsUpdates.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-19 to 2008-02-19 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-17 20:01 . 2008-02-17 20:01 <REP> d-------- C:\Program Files\Avira
    2008-02-17 20:01 . 2008-02-17 20:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-02-17 06:45 . 2008-02-17 06:45 <REP> d-------- C:\Program Files\Weflirt
    2008-02-17 06:45 . 2008-02-17 06:45 <REP> d-------- C:\Documents and Settings\Esther\Application Data\Weflirt
    2008-02-17 02:15 . 2008-02-17 02:15 <REP> d-------- C:\Documents and Settings\Esther\Application Data\Apple Computer
    2008-02-17 01:14 . 2008-02-17 20:01 <REP> d-------- C:\Downloads
    2008-02-17 01:05 . 2008-02-19 01:41 <REP> d-------- C:\Program Files\FlashGet
    2008-02-10 19:58 . 2008-02-11 00:50 <REP> d-------- C:\Program Files\GOlive
    2008-01-31 22:24 . 2008-01-31 22:24 <REP> d-------- C:\Program Files\Windows Media Connect 2
    2008-01-31 22:22 . 2008-01-31 22:22 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2008-01-31 22:22 . 2008-01-31 22:23 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
    2008-01-31 15:44 . 2008-02-18 16:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-31 15:44 . 2008-01-31 15:44 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-01-21 18:31 . 2008-02-11 01:04 <REP> d-------- C:\Program Files\eMule

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-17 15:13 --------- d-----w C:\Program Files\YesMessenger
    2008-02-11 00:35 --------- d-----w C:\Program Files\Allocam Multi Visio
    2008-02-10 19:40 --------- d-----w C:\Program Files\Camfrog
    2008-02-03 00:09 --------- d-----w C:\Program Files\Everest Poker
    2008-01-31 14:45 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
    2008-01-04 23:26 46 ----a-w C:\Program Files\Init
    2006-06-04 12:51 4,096 ----a-w C:\Documents and Settings\Esther\log.dat
    2006-01-11 07:59 254 ----a-w C:\Documents and Settings\Esther\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "fsc-reminder.exe"="C:\WINDOWS\reminder\fsc-reminder.exe" [2005-01-19 17:10 28672]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-25 00:20 401491]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 11:06 196608]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-06-07 13:08 4670968]
    "Totocam"="" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2005-01-20 19:04 77824 C:\WINDOWS\SOUNDMAN.EXE]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 12:38 88361 C:\WINDOWS\AGRSMMSG.exe]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-08 09:36 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-08 09:32 126976]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-12-05 13:22 159744]
    "PowerManager"="C:\Program Files\Power Manager\PM.exe" [2005-03-30 14:07 159744]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 10:52 221184]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 11:31 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 11:24 217088]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-18 10:37 282624]
    "Capuccino"="C:\Program Files\Capuccino Webcam Chat\Capuccino_Webcam_Chat.exe" [ ]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-17 20:30 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-06 00:37:10 323646]
    hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
    NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-09-18 10:41:41 118784]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-01-14 16:22]
    S3 ids00026;ids00026;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys []
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8644af30-eeb7-11db-95c4-0012f0d23dee}]
    \Shell\AutoRun\command - E:\start.exe
    \Shell\FramaKey\command - E:\start.exe

    *Newly Created Service* - WINIO
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2006-03-11 16:52:15 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1133715113.job"
    - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
    "2008-02-18 18:20:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-19 01:44:43
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-19 1:45:48
    ComboFix-quarantined-files.txt 2008-02-19 00:45:33
    ComboFix2.txt 2008-02-18 14:38:36
    ComboFix3.txt 2008-02-17 15:49:11
    a b 8 Sécurité
    19 Février 2008 13:02:03

    C'est mieux ?
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS