Mara

Ah oui, par contre, toujours impossible d'installer supercopier, il est classé dans les intrusions de Kerio et impossible de faire quoi que ce soit à part le désinstaller, saurais-tu comment faire pour qu'il fonctionne ? Sinon je m'en passerai.... @+

HEllo! Ca y est, j'ai réussi à paramétrer pour pouvoir télécharger le fichier que tu as mis en lien, il suffiser de décocher l'option bloquage de publicité.... Sinon j'ai réussi à remmettre ma connexion sans fil. Voilà la procédure que j'ai fait si certains comme moi avait un message du style "windows ne peut pas configurer la connexion sans fil" J'ai ouvert: Exécuter->regedit->H_KEY_LOCAL_MACHINE->SYSTEM->CurrentContolSet->Services->Ndisuio Et j'ai modifier la clé Start, en mettant 3 à la place de 4. Ensuite, j'ai redémarrer et tout est rentré dans l'ordre. C'est à valider par un expert, mais je pense que c'est bon... Bon je pense que pour cette ordi, c'est régler, il me reste plus qu'à bien me familiariser avec Sunbelt FireWall et ça ira... Merci encore à toi Thanos, si tu peux m'aider pour mon second ordi, pas de refus... j'ai ouvert un autre post http://forum.zebulon.fr/2eme-pc-infecte-pa...ti-t145666.html A moins qu'il me suffit de refaire la même procédure ? Merci encore

Bonjour à tous encore une fois. Ayant pratiquement régler mes problèmes de virus sur mon ordinateur portable, je m'occupe à présent de mon ordinateur de bureau, il est infecté lui aussi... Je crois que c'est le même virus, Bagle... J'attends vos instructions et merci encore pour votre aide!! RESPECT à ce forum!!!

Ca y est, j'ai fait toutes les étapes que tu m'as demandé. La connexion sans fil ne fonctionne toujours pas... Autre problème, Kerio FireWall m'empêche de télécharger des fichiers venant d'internet, Exemple, quand j'ai cliqué sur le lien pour ATF Cleaner, une page est apparu avec un message pour dire que le firewall empéché l'ouverture de la page. J'ai donc du le désactiver pour télécharge ATF Cleaner. Saurais tu comment régler ça ? Je n'arrive pas à réinstaller supercopier également, c'est moins grave mais bon.... Une fois installer, c'est toujours le copieur windows qui fait les copies et j'ai toutes les 2min une alerte d'intrusion pour supercopier... Voilà, sinon, j'ouvre un nouveau post pour mon PC de bureau, j'espère que tu auras encore le temps et la patience de m'aider, il a l'air pire que le portable.... Merci...

Autre chose, je voulais égelemtn connaitre ton point de vue sur SuperCopier, vu qu'il était infecté. Est-ce que je peux le réinstaller ou il ne sert pas à grand chose ?

Re-bonjour, En passant par "executer", je n'ai pas réussi à désinstaller ComboFix, le fichier est introuvable Que dois-je faire de Malwarebytes' ? Je suis finalement en train d'installer Kerio Je suis d'accord avec toi pour les programmes cracké et le P2P, ça m'apprendra! De toute façon, je savais que l'infection venaiut de là, à force de faire le c... lol Sinon, depuis que le virus s'est déclaré je n'ai plus de connection wifi, ça me marque Windows ne peut pas configurer l'accès. Saurais-tu comment rétablir les choses comme avant ? Est-ce qu'il a pu neutraliser d'autres trucs sur l'ordi ? Ensuite, maintenant que mon portable est clean, peut-on s'occuper de mon ordi de bureau? Merci à toi encore une fois...

Voilà le rapport DSS, merci encore pour ton aide!! Deckard's System Scanner v20071014.68 Run by Mara & Sam on 2008-06-01 18:04:23 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Mara & Sam.exe) ------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:06:12, on 01/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\ATK0100\Hcontrol.exe C:\WINDOWS\System32\ezSP_Px.exe C:\WINDOWS\system32\ICO.EXE C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Sony\HotKey Utility\HKserv.exe C:\Program Files\sony\vaio power management\SPMgr.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe C:\Program Files\Sony\HotKey Utility\HKWnd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Mara & Sam\Bureau\dss.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Mara & Sam.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/ O15 - Trusted Zone: *.sony-europe.com O15 - Trusted Zone: *.sonystyle-europe.com O15 - Trusted Zone: *.vaio-link.com O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe -- End of file - 9861 bytes -- Files created between 2008-05-01 and 2008-06-01 ----------------------------- 2008-06-01 18:05:51 0 d-------- C:\Program Files\Trend Micro 2008-06-01 12:13:56 0 d-------- C:\Program Files\Avira 2008-06-01 11:59:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-05-31 09:05:52 68096 --a------ C:\WINDOWS\zip.exe 2008-05-31 09:05:52 49152 --a------ C:\WINDOWS\VFind.exe 2008-05-31 09:05:52 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-05-31 09:05:52 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-05-31 09:05:52 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-05-31 09:05:52 98816 --a------ C:\WINDOWS\sed.exe 2008-05-31 09:05:52 80412 --a------ C:\WINDOWS\grep.exe 2008-05-31 09:05:52 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-05-30 14:00:00 0 d-------- C:\Documents and Settings\Mara & Sam\Application Data\Malwarebytes 2008-05-30 13:59:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-30 13:59:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-30 12:07:27 0 d-------- C:\Program Files\Sophos 2008-05-06 16:51:41 0 d-------- C:\Program Files\Fichiers communs\PCSuite 2008-05-06 16:51:40 0 d-------- C:\Program Files\Fichiers communs\Nokia 2008-05-06 16:50:13 0 d-------- C:\Program Files\PC Connectivity Solution -- Find3M Report --------------------------------------------------------------- 2008-05-30 13:55:14 0 d-------- C:\Program Files\Common Files 2008-05-30 11:16:15 0 d-------- C:\Program Files\SuperCopier2 2008-05-30 08:23:59 0 d-------- C:\Program Files\eMule 2008-05-29 12:17:44 0 d-------- C:\Program Files\Fichiers communs 2008-05-29 12:07:08 0 d-------- C:\Documents and Settings\Mara & Sam\Application Data\Symantec 2008-05-19 11:04:00 0 d-------- C:\Program Files\Microsoft Silverlight 2008-05-14 11:45:39 0 d-------- C:\Documents and Settings\Mara & Sam\Application Data\Adobe 2008-05-06 17:26:40 0 d-------- C:\Program Files\Fichiers communs\Adobe 2008-05-06 16:35:08 0 d-------- C:\Program Files\Nokia 2008-04-21 08:39:37 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-04-21 08:39:00 0 d-------- C:\Program Files\InterActual 2008-04-17 16:49:50 0 d-------- C:\Program Files\Fichiers communs\Sony Shared 2008-04-16 19:08:46 0 d-------- C:\Program Files\Apple Software Update 2008-04-14 14:39:49 0 d-------- C:\Program Files\TuneUp Utilities 2008 2008-04-13 16:01:20 0 d-------- C:\Documents and Settings\Mara & Sam\Application Data\dvdcss 2008-04-10 09:52:23 0 d-------- C:\Program Files\Windows Live 2008-04-09 17:21:15 0 d-------- C:\Documents and Settings\Mara & Sam\Application Data\TuneUp Software 2008-04-09 17:20:16 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-04-09 17:02:31 0 d-------- C:\Program Files\Uniblue 2008-04-09 17:01:13 0 d-------- C:\Documents and Settings\Mara & Sam\Application Data\Uniblue 2008-04-09 17:00:29 0 d-------- C:\Documents and Settings\Mara & Sam\Application Data\Smart PC Solutions 2008-04-09 14:18:48 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-04-09 11:34:27 0 d-------- C:\Program Files\CCleaner 2008-04-04 13:33:02 0 d-------- C:\Program Files\QuickTime 2008-04-04 13:27:28 0 d-------- C:\Documents and Settings\Mara & Sam\Application Data\Apple Computer 2008-04-04 13:25:27 0 d-------- C:\Program Files\iTunes 2008-04-04 13:25:15 0 d-------- C:\Program Files\iPod 2008-04-04 13:22:32 0 d-------- C:\Program Files\Safari 2008-04-04 13:21:55 0 d-------- C:\Program Files\Bonjour 2008-04-01 16:19:32 0 d-------- C:\Documents and Settings\Mara & Sam\Application Data\Nokia Multimedia Player 2008-03-15 09:38:33 511392 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-03-15 09:38:33 85256 --a------ C:\WINDOWS\system32\perfc00C.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [07/11/2003 06:21] "Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [19/09/2003 06:42] "ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [19/08/2002 23:29] "Mouse Suite 98 Daemon"="ICO.EXE" [14/03/2002 05:46 C:\WINDOWS\system32\ico.exe] "BluetoothAuthenticationAgent"="irprops.cpl" [19/08/2004 13:10 C:\WINDOWS\system32\irprops.cpl] "HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [12/02/2004 23:01] "SonyPowerCfg"="C:\Program Files\sony\vaio power management\SPMgr.exe" [11/12/2003 23:03] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [20/02/2004 03:12] "ATIModeChange"="Ati2mdxx.exe" [04/09/2001 05:24 C:\WINDOWS\system32\Ati2mdxx.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [25/03/2004 09:00] "VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [25/01/2007 20:41] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/03/2008 23:37] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [12/02/2008 10:06] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 13:09] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [29/07/2003 15:52:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - AVGIO *Newly Created Service* - SSMDRV -- End of Deckard's System Scanner: finished at 2008-06-01 18:06:45 ------------

Est-ce que la version gratuite d'antivir suffit ? ou faut-il acheter tout le pack ? Sinon, faut-il associer antivir avec un autre anti-virus ou autres... QUe faire du pare-feu Windows ? Je te post les rapports Voilà celui d'antivir, fait en mode sans echec: Avira AntiVir Personal Report file date: dimanche 1 juin 2008 12:34 Scanning for 1304401 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Save mode Username: Mara & Sam Computer name: MARANUI Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 21:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 20:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 20:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 20:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 22:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 01:08:58 ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 01/06/2008 22:18:19 ANTIVIR3.VDF : 7.0.4.121 2048 Bytes 01/06/2008 22:18:21 Engineversion : 8.1.0.51 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 21:58:21 AESCRIPT.DLL : 8.1.0.37 270715 Bytes 01/06/2008 22:20:25 AESCN.DLL : 8.1.0.20 119157 Bytes 01/06/2008 22:20:13 AERDL.DLL : 8.1.0.20 418165 Bytes 01/06/2008 22:20:06 AEPACK.DLL : 8.1.1.5 364918 Bytes 01/06/2008 22:19:51 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 01/06/2008 22:19:38 AEHEUR.DLL : 8.1.0.29 1253750 Bytes 01/06/2008 22:19:29 AEHELP.DLL : 8.1.0.15 115063 Bytes 01/06/2008 22:19:02 AEGEN.DLL : 8.1.0.25 307573 Bytes 01/06/2008 22:18:55 AEEMU.DLL : 8.1.0.6 430451 Bytes 01/06/2008 22:18:43 AECORE.DLL : 8.1.0.30 168311 Bytes 01/06/2008 22:18:31 AVWINLL.DLL : 1.0.0.7 14593 Bytes 24/01/2008 05:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 22:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 17/04/2007 01:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 24/01/2008 05:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 20:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 20:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/01/2008 05:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 24/01/2008 05:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 26/01/2008 00:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 11/03/2008 02:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 07/03/2008 00:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: high Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: dimanche 1 juin 2008 12:34 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '40' files ). Starting the file scan: Begin scan in 'C:\' <VAIO> C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Mara & Sam\Bureau\ComboFix.exe [DETECTION] Contains detection pattern of the application APPL/Tool.NirCmd.D [DETECTION] Contains detection pattern of the application APPL/Rmadmin.131072 [DETECTION] Contains detection pattern of the SPR/Tool.PV program [NOTE] The file was moved to '48b025f4.qua'! C:\Documents and Settings\Mara & Sam\Mes documents\Mara\Programs\Adobe\Photoshop CS2 9.0\Keygen Photoshop CS2 Fr.exe [DETECTION] Contains detection pattern of the worm WORM/Autorun.cxl [NOTE] The file was moved to '48bc29be.qua'! C:\Documents and Settings\Mara & Sam\Mes documents\Mara\Programs\Norton Antivirus 2005\Norton SystemWorks 2005\crack\kgnsw.exe [DETECTION] Is the Trojan horse TR/Dldr.Delf.BR.3 [NOTE] The file was moved to '48b12b6f.qua'! C:\Documents and Settings\Mara & Sam\Mes documents\Mara\Programs\Norton Antivirus 2005\Norton SystemWorks 2005\GoBack\Setup.exe [DETECTION] Contains detection pattern of the dial-up program DIAL/Generic [NOTE] The file was moved to '48b72b73.qua'! C:\Documents and Settings\Mara & Sam\Mes documents\Mara\Programs\WinRAR\keygen.exe [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.aac.4 Backdoor server programs [NOTE] The file was moved to '48bc2e0e.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\data.oct.vir [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b73fdd.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\0Pop 2.05.zip.vir [0] Archive type: ZIP --> 0Pop 2.05.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b23fce.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\70-221 Microsoft MCSE Windows 2000 Design 8.01.05.zip.vir [0] Archive type: ZIP --> 70-221 Microsoft MCSE Windows 2000 Design 8.01.05.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48703faf.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\ABC Amber DBX Converter 4.01 [Patch].zip.vir [0] Archive type: ZIP --> ABC Amber DBX Converter 4.01 [Patch].exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48863fc2.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\ABC Amber HLP Converter 4.01.zip.vir [0] Archive type: ZIP --> ABC Amber HLP Converter 4.01.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48863fc4.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Acala DVD to Pocket PC Movie 2.7.7 (Key+Serial).zip.vir [0] Archive type: ZIP --> Acala DVD to Pocket PC Movie 2.7.7 (Key+Serial).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a43fe7.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Adriana Lima 15 Screensaver 1.0.zip.vir [0] Archive type: ZIP --> Adriana Lima 15 Screensaver 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b53fe9.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Advanced eLearning Builder 3.6.3.zip.vir [0] Archive type: ZIP --> Advanced eLearning Builder 3.6.3.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b93fea.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Advanced Excel Repair 1.4 (Patch).zip.vir [0] Archive type: ZIP --> Advanced Excel Repair 1.4 (Patch).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b93fec.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Advanced Web-Page Efficiency Analysis (AWPEA) 1.5.2 (KeyGen).zip.vir [0] Archive type: ZIP --> Advanced Web-Page Efficiency Analysis (AWPEA) 1.5.2 (KeyGen).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b93fee.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\All-Purpose Legal Documents 1.02.zip.vir [0] Archive type: ZIP --> All-Purpose Legal Documents 1.02.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48af3ff7.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\All-Secure Computer Locking Software 1.0.zip.vir [0] Archive type: ZIP --> All-Secure Computer Locking Software 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48af3ff9.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Amadeus II 3.7.2.zip.vir [0] Archive type: ZIP --> Amadeus II 3.7.2.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a43ffc.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Amadis FLV to DVD Creator 1.0.4 Cracked.zip.vir [0] Archive type: ZIP --> Amadis FLV to DVD Creator 1.0.4 Cracked.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a43ffe.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\American Civil War Gettysburg 1.zip.vir [0] Archive type: ZIP --> American Civil War Gettysburg 1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a84000.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\AppStarter 0.5.3.zip.vir [0] Archive type: ZIP --> AppStarter 0.5.3.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b34004.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Art Agent 2.1.zip.vir [0] Archive type: ZIP --> Art Agent 2.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b74008.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Audubon Close Up - Nesting Birds 1.0.zip.vir [0] Archive type: ZIP --> Audubon Close Up - Nesting Birds 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a7400c.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Automatos Server Agent 3.4.6.zip.vir [0] Archive type: ZIP --> Automatos Server Agent 3.4.6.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b7400e.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\BargainChecker Toolbar 3.zip.vir [0] Archive type: ZIP --> BargainChecker Toolbar 3.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b53ffb.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\BBComposer 0.8.1.zip.vir [0] Archive type: ZIP --> BBComposer 0.8.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48863fde.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Bed`s Printer Switcher 1.0.2.1.zip.vir [0] Archive type: ZIP --> Bed`s Printer Switcher 1.0.2.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a74003.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Bible Lesson Record Book 1.02 Serial.zip.vir [0] Archive type: ZIP --> Bible Lesson Record Book 1.02 Serial.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a54009.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Binary Boy 1.96.zip.vir [0] Archive type: ZIP --> Binary Boy 1.96.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b1400b.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Boka Darts (OS X) 2.0.zip.vir [0] Archive type: ZIP --> Boka Darts (OS X) 2.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48ae4013.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Books Program 2.2.3.zip.vir [0] Archive type: ZIP --> Books Program 2.2.3.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b24015.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Browser Form Filler 1.13.zip.vir [0] Archive type: ZIP --> Browser Form Filler 1.13.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b2401a.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\BufferZone Security for MSN Messenger 1.70-1.zip.vir [0] Archive type: ZIP --> BufferZone Security for MSN Messenger 1.70-1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a9401f.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Calendar Tool 2.4.zip.vir [0] Archive type: ZIP --> Calendar Tool 2.4.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48af400c.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Canadian Postal Code Database (Premium Edition) June 2007 Key.zip.vir [0] Archive type: ZIP --> Canadian Postal Code Database (Premium Edition) June 2007 Key.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b1400f.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\CCViewer 5.1 [Key].zip.vir [0] Archive type: ZIP --> CCViewer 5.1 [Key].exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48993ff2.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\CDSHiELD SE 1.05.zip.vir [0] Archive type: ZIP --> CDSHiELD SE 1.05.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48963ff5.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Check All 0.2.2.zip.vir [0] Archive type: ZIP --> Check All 0.2.2.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a8401b.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\CheckBalance 1.3.zip.vir [0] Archive type: ZIP --> CheckBalance 1.3.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a8401d.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Chessmaster Challenge 1.zip.vir [0] Archive type: ZIP --> Chessmaster Challenge 1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a8401e.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Cinematheca 1.0.zip.vir [0] Archive type: ZIP --> Cinematheca 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b14021.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Claves.de.Panda.Internet.Security.2007.hasta.Octubre.2007.Garantizadas.por. Jose.Mendez.zip.vir [0] Archive type: ZIP --> Claves.de.Panda.Internet.Security.2007.hasta.Octubre.2007.Garantizadas.por.Jose. Mendez.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a44026.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\CMDocSafe 1.0.zip.vir [0] Archive type: ZIP --> CMDocSafe 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48874008.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Complete Program Deleter 4.0.zip.vir [0] Archive type: ZIP --> Complete Program Deleter 4.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b0402b.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Convert PowerPoint to HTML 1.20.zip.vir [0] Archive type: ZIP --> Convert PowerPoint to HTML 1.20.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b1402d.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Cool Paint 2.6.0.1 (KeyGen).zip.vir [0] Archive type: ZIP --> Cool Paint 2.6.0.1 (KeyGen).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b2402f.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Copy Attachment To Clipboard 0.3.zip.vir [0] Archive type: ZIP --> Copy Attachment To Clipboard 0.3.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b34032.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\CopyText 2.2.zip.vir [0] Archive type: ZIP --> CopyText 2.2.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b34034.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Creative PC-CAM 750 Driver 1.02.zip.vir [0] Archive type: ZIP --> Creative PC-CAM 750 Driver 1.02.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a84038.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Currency Converter 1.zip.vir [0] Archive type: ZIP --> Currency Converter 1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b5403d.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\DataBase VB Net Builder 1.zip.vir [0] Archive type: ZIP --> DataBase VB Net Builder 1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b7402a.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\DataBatcher 1.2 Serial.zip.vir [0] Archive type: ZIP --> DataBatcher 1.2 Serial.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b7402c.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Debt Repayment Calculator 1.zip.vir [0] Archive type: ZIP --> Debt Repayment Calculator 1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a54033.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Desktop Clock Christmas Edition 3.6.1.85 [Key].zip.vir [0] Archive type: ZIP --> Desktop Clock Christmas Edition 3.6.1.85 [Key].exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b64036.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Desktop Fay 2.8 KeyGen.zip.vir [0] Archive type: ZIP --> Desktop Fay 2.8 KeyGen.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b64037.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Device Info 1.07 Beta.zip.vir [0] Archive type: ZIP --> Device Info 1.07 Beta.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b94038.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\DigiGenius Sound Recorder 3.6.6.zip.vir [0] Archive type: ZIP --> DigiGenius Sound Recorder 3.6.6.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48aa403e.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\DigitalWeb NetPatrol 2.0.zip.vir [0] Archive type: ZIP --> DigitalWeb NetPatrol 2.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48aa4040.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\DmailerSync Plus 6.0.033.zip.vir [0] Archive type: ZIP --> DmailerSync Plus 6.0.033.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a44046.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Doctors Calls and Tasks Scheduler 1.5.zip.vir [0] Archive type: ZIP --> Doctors Calls and Tasks Scheduler 1.5.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a6404a.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\DocuSync Desktop Manager 1.2.5.884.zip.vir [0] Archive type: ZIP --> DocuSync Desktop Manager 1.2.5.884.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a6404c.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Dragon UnPACKer 5.2.0.169.zip.vir [0] Archive type: ZIP --> Dragon UnPACKer 5.2.0.169.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a4404f.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\E-mail Templates 5.zip.vir [0] Archive type: ZIP --> E-mail Templates 5.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b0400c.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Easter Fun 1.0 [With Crack].zip.vir [0] Archive type: ZIP --> Easter Fun 1.0 [With Crack].exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b64042.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\EasyHex Hex Editor 1.13 (Serial).zip.vir [0] Archive type: ZIP --> EasyHex Hex Editor 1.13 (Serial).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b64043.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\EasySites 1.0.zip.vir [0] Archive type: ZIP --> EasySites 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b64046.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\EasyStat 4.0 KeyGen.zip.vir [0] Archive type: ZIP --> EasyStat 4.0 KeyGen.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b64047.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Einstein 1.54.zip.vir [0] Archive type: ZIP --> Einstein 1.54.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b14050.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\EMS SQL Manager 2007 Lite for PostgreSQL 4.1.0.7 [KeyGen].zip.vir [0] Archive type: ZIP --> EMS SQL Manager 2007 Lite for PostgreSQL 4.1.0.7 [KeyGen].exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48964035.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\eNewsViews 2.0.zip.vir [0] Archive type: ZIP --> eNewsViews 2.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '492b4229.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\ePodcast Creator 2.0.65 [KeyGen].zip.vir [0] Archive type: ZIP --> ePodcast Creator 2.0.65 [KeyGen].exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b2403c.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\eRocket with Random House Dictionary 1.1.zip.vir [0] Archive type: ZIP --> eRocket with Random House Dictionary 1.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b2403f.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Esoteria demo.zip.vir [0] Archive type: ZIP --> Esoteria demo.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b24062.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Fast BugTrack 3.1.zip.vir [0] Archive type: ZIP --> Fast BugTrack 3.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b64051.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\FGDL Update 1.0.zip.vir [0] Archive type: ZIP --> FGDL Update 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48874039.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Float Planes 1 1.1.zip.vir [0] Archive type: ZIP --> Float Planes 1 1.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b2405f.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Forge of Destiny II (Medieval Total War).zip.vir [0] Archive type: ZIP --> Forge of Destiny II (Medieval Total War).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b54064.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Ghoster 1.1.zip.vir [0] Archive type: ZIP --> Ghoster 1.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b2405e.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Guiding Star Tarot 1.2.zip.vir [0] Archive type: ZIP --> Guiding Star Tarot 1.2.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48ac406e.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Guitar Guru 2.0.zip.vir [0] Archive type: ZIP --> Guitar Guru 2.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48ac406f.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\HeavyMath Cam 3D Webmaster Edition 3.5 (Crack).zip.vir [0] Archive type: ZIP --> HeavyMath Cam 3D Webmaster Edition 3.5 (Crack).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a44060.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\HelDecPack 12OCT2004.zip.vir [0] Archive type: ZIP --> HelDecPack 12OCT2004.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48af4061.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\HTMLSpeed 2.0.1.zip.vir [0] Archive type: ZIP --> HTMLSpeed 2.0.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48904052.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\HTMLtoRTF Converter Pro 2.07.03 Key.zip.vir [0] Archive type: ZIP --> HTMLtoRTF Converter Pro 2.07.03 Key.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48904054.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\iceCDInfo 1.5.zip.vir [0] Archive type: ZIP --> iceCDInfo 1.5.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a84065.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Icon Lock-iT XP 3.3 Patch.zip.vir [0] Archive type: ZIP --> Icon Lock-iT XP 3.3 Patch.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b24067.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Idokorro Mobile Admin 3.2.2.zip.vir [0] Archive type: ZIP --> Idokorro Mobile Admin 3.2.2.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b24069.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\IECookiesView 1.7.zip.vir [0] Archive type: ZIP --> IECookiesView 1.7.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '4886404c.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\IIS Mod-Rewrite Standard 2.1.zip.vir [0] Archive type: ZIP --> IIS Mod-Rewrite Standard 2.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48964052.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\iLibs 1.13.zip.vir [0] Archive type: ZIP --> iLibs 1.13.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48ac4056.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Infimail 1.02.zip.vir [0] Archive type: ZIP --> Infimail 1.02.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a9407a.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\IntelliTimer Pro 2.0.zip.vir [0] Archive type: ZIP --> IntelliTimer Pro 2.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b7407c.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\InterGate 8.5.zip.vir [0] Archive type: ZIP --> InterGate 8.5.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b7407e.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\IP2Country mapping Database 1.0.2 Serial.zip.vir [0] Archive type: ZIP --> IP2Country mapping Database 1.0.2 Serial.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48754061.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\iPod Photo Slideshow 1.11.zip.vir [0] Archive type: ZIP --> iPod Photo Slideshow 1.11.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '49314273.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\JavaScript Dissolving PopMenu 1.0.zip.vir [0] Archive type: ZIP --> JavaScript Dissolving PopMenu 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b94075.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\jvider 1.7 [Cracked].zip.vir [0] Archive type: ZIP --> jvider 1.7 [Cracked].exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48ac408b.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\KanjiBrowze 2006.1.zip.vir [0] Archive type: ZIP --> KanjiBrowze 2006.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b14077.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\La Nacion RSS Feed 1.1.zip.vir [0] Archive type: ZIP --> La Nacion RSS Feed 1.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48634079.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Lacy Clock Screensaver 2.3.zip.vir [0] Archive type: ZIP --> Lacy Clock Screensaver 2.3.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a6407a.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\LeaseTrak 1.0 (Cracked).zip.vir [0] Archive type: ZIP --> LeaseTrak 1.0 (Cracked).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a44080.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\LingvoSoft Talking Dictionary 2006 Russian Estonian 3.1.41.zip.vir [0] Archive type: ZIP --> LingvoSoft Talking Dictionary 2006 Russian Estonian 3.1.41.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b14085.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\LingvoSoft Talking Dictionary 2007 English - Swedish 4.0.22 (Patch).zip.vir [0] Archive type: ZIP --> LingvoSoft Talking Dictionary 2007 English - Swedish 4.0.22 (Patch).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b14087.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Linux Kernel 2.6.10.zip.vir [0] Archive type: ZIP --> Linux Kernel 2.6.10.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b14088.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Little Setup Builder 2.0.zip.vir [0] Archive type: ZIP --> Little Setup Builder 2.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b7408a.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Lockix Pro 1.0.2.zip.vir [0] Archive type: ZIP --> Lockix Pro 1.0.2.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a64093.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Magic Squares Widget 1.0.zip.vir [0] Archive type: ZIP --> Magic Squares Widget 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48aa4086.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Mailing List Express 6.20 (Crack).zip.vir [0] Archive type: ZIP --> Mailing List Express 6.20 (Crack).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48ac4087.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Mcafee.Internet.Security.2.007.(Incluye.serial).zip.vir [0] Archive type: ZIP --> Mcafee.Internet.Security.2.007.(Incluye.serial).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a4408a.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Mean Snoring Mouse 1.0.zip.vir [0] Archive type: ZIP --> Mean Snoring Mouse 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a4408e.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Media Protector 2.5.zip.vir [0] Archive type: ZIP --> Media Protector 2.5.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a74090.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\MediaJoin 2.0.zip.vir [0] Archive type: ZIP --> MediaJoin 2.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a74091.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Metriclock 1.0.4.zip.vir [0] Archive type: ZIP --> Metriclock 1.0.4.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b74093.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\MiniPortal EP 3.3.99.zip.vir [0] Archive type: ZIP --> MiniPortal EP 3.3.99.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b1409a.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\MMD DupFinder 1.8.zip.vir [0] Archive type: ZIP --> MMD DupFinder 1.8.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48874080.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Molecular Workbench 1.3.zip.vir [0] Archive type: ZIP --> Molecular Workbench 1.3.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48af40a3.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\MorphMan 4.0.zip.vir [0] Archive type: ZIP --> MorphMan 4.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b540a5.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\MP3 Album Manager 2.0.zip.vir [0] Archive type: ZIP --> MP3 Album Manager 2.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48764088.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Multi-Replace 2.2.5.0.zip.vir [0] Archive type: ZIP --> Multi-Replace 2.2.5.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48af40ae.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\My Voice Email 1.5.zip.vir [0] Archive type: ZIP --> My Voice Email 1.5.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '486340b3.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\MyAssist 1.2.zip.vir [0] Archive type: ZIP --> MyAssist 1.2.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '488440b5.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\NetSender 1.0.zip.vir [0] Archive type: ZIP --> NetSender 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b740a3.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\NetServe FTP Client 1.0.zip.vir [0] Archive type: ZIP --> NetServe FTP Client 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b740a5.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Networker IM 3.6.zip.vir [0] Archive type: ZIP --> Networker IM 3.6.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b740a6.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Neverwinter Nights Community Expansion Pack v1.5 patch (zip).zip.vir [0] Archive type: ZIP --> Neverwinter Nights Community Expansion Pack v1.5 patch (zip).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b940a7.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\NFL Pooltracker 2006 2.0.2.zip.vir [0] Archive type: ZIP --> NFL Pooltracker 2006 2.0.2.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '488f408a.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\NOD32.2.51.30.PL.+.Outpost.Pro.Install.3.51.759.6511.(462).PL.zip.vir [0] Archive type: ZIP --> NOD32.2.51.30.PL.+.Outpost.Pro.Install.3.51.759.6511.(462).PL.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48874094.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\NOD32.Antivirus.v.2.12.3.PT.-.by.Max[PT]SkylineGTR.zip.vir [0] Archive type: ZIP --> NOD32.Antivirus.v.2.12.3.PT.-.by.Max[PT]SkylineGTR.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48874096.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\OfficeIRC Messenger 1.2 (Patch).zip.vir [0] Archive type: ZIP --> OfficeIRC Messenger 1.2 (Patch).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a940af.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Oracle 1Z0-101 Exam.zip.vir [0] Archive type: ZIP --> Oracle 1Z0-101 Exam.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a440be.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Ordix Mpack Professional 5.0.1.zip.vir [0] Archive type: ZIP --> Ordix Mpack Professional 5.0.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a740bf.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Outlook Express Attachment Extractor 1.43.zip.vir [0] Archive type: ZIP --> Outlook Express Attachment Extractor 1.43.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b740c4.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Pacestar UML Diagrammer 5.08.1834.zip.vir [0] Archive type: ZIP --> Pacestar UML Diagrammer 5.08.1834.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a640b2.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Pando 0.9.2 beta.zip.vir [0] Archive type: ZIP --> Pando 0.9.2 beta.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b140b4.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Paradox to MySQL Conversion Software 7.0.zip.vir [0] Archive type: ZIP --> Paradox to MySQL Conversion Software 7.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b540b6.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Photo Organizer Deluxe 2.8.zip.vir [0] Archive type: ZIP --> Photo Organizer Deluxe 2.8.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b240be.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Pictoscope 4.0.02.zip.vir [0] Archive type: ZIP --> Pictoscope 4.0.02.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a640c0.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Polskie Radio 1.0.zip.vir [0] Archive type: ZIP --> Polskie Radio 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48af40c8.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Popup Chomper 1.zip.vir [0] Archive type: ZIP --> Popup Chomper 1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b340ca.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\PopupKiller 1.0 (Patch).zip.vir [0] Archive type: ZIP --> PopupKiller 1.0 (Patch).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b340cb.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\PortController ActiveX 2.0.zip.vir [0] Archive type: ZIP --> PortController ActiveX 2.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b540cd.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Portraits My Heart 3.zip.vir [0] Archive type: ZIP --> Portraits My Heart 3.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b540ce.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Presto Outlook Transfer 1.7 (Key).zip.vir [0] Archive type: ZIP --> Presto Outlook Transfer 1.7 (Key).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a840d3.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\PrettyCase 2005 Personal Edition 4.1.zip.vir [0] Archive type: ZIP --> PrettyCase 2005 Personal Edition 4.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a840d4.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Prevent Fake Emails 1.0.zip.vir [0] Archive type: ZIP --> Prevent Fake Emails 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a840d6.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\prevx1.crack.zip.vir [0] Archive type: ZIP --> prevx1.crack.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a840d8.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\ProcessWatcher.NET 1.3.zip.vir [0] Archive type: ZIP --> ProcessWatcher.NET 1.3.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b240d9.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Projetex 2005 Serial.zip.vir [0] Archive type: ZIP --> Projetex 2005 Serial.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b240db.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Public Access Desktop 2.8.zip.vir [0] Archive type: ZIP --> Public Access Desktop 2.8.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a540e0.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Quark ALAP ShadowCaster 3.2.3 [Key].zip.vir [0] Archive type: ZIP --> Quark ALAP ShadowCaster 3.2.3 [Key].exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a440e1.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Radix 3.51 Crack.zip.vir [0] Archive type: ZIP --> Radix 3.51 Crack.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a740ce.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Random Password Generator 1.0.zip.vir [0] Archive type: ZIP --> Random Password Generator 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b140d1.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Redianet Class 1.6.zip.vir [0] Archive type: ZIP --> Redianet Class 1.6.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a740d8.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Relative Rev Backup for Server 6.0 Build 1340.zip.vir [0] Archive type: ZIP --> Relative Rev Backup for Server 6.0 Build 1340.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48af40d9.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\RemShutdown 1.9.zip.vir [0] Archive type: ZIP --> RemShutdown 1.9.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b040da.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\River Past Animated GIF Booster Pack 2.5.zip.vir [0] Archive type: ZIP --> River Past Animated GIF Booster Pack 2.5.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b940e0.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\RS232 Hex Com Tool 6.0.zip.vir [0] Archive type: ZIP --> RS232 Hex Com Tool 6.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '487540cc.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Screen saver Cetacea 4.0.zip.vir [0] Archive type: ZIP --> Screen saver Cetacea 4.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b540dd.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\ScreenCap 1.0.zip.vir [0] Archive type: ZIP --> ScreenCap 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b540df.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\ScreenShield 1.2.zip.vir [0] Archive type: ZIP --> ScreenShield 1.2.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b540e2.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Security Explorer 5.10.zip.vir [0] Archive type: ZIP --> Security Explorer 5.10.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a640e5.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\SEOContest Tracker 1.0.zip.vir [0] Archive type: ZIP --> SEOContest Tracker 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '489240c7.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\ServiceUtility 1.0 (Patch).zip.vir [0] Archive type: ZIP --> ServiceUtility 1.0 (Patch).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b540e8.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\SHADeR 1.20 [Crack].zip.vir [0] Archive type: ZIP --> SHADeR 1.20 [Crack].exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '488440cd.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\SimpleSpa 3.1.2b.zip.vir [0] Archive type: ZIP --> SimpleSpa 3.1.2b.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b040ef.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\SizeExplorer Report Generator 3.7.zip.vir [0] Archive type: ZIP --> SizeExplorer Report Generator 3.7.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48bd40f0.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Skado 1.0.6.103.zip.vir [0] Archive type: ZIP --> Skado 1.0.6.103.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a440f4.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Smiling Redhead Woman Jigsaw Puzzle 54pc.zip.vir [0] Archive type: ZIP --> Smiling Redhead Woman Jigsaw Puzzle 54pc.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48ac40f8.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Sothink DVD EZWorkshop 1.3.zip.vir [0] Archive type: ZIP --> Sothink DVD EZWorkshop 1.3.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b740fc.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Spheresoft Ethiopian Telephone Number Update Tool 1.0 [Cracked].zip.vir [0] Archive type: ZIP --> Spheresoft Ethiopian Telephone Number Update Tool 1.0 [Cracked].exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48ab40fe.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Spring Flowers Screensaver 1.0.zip.vir [0] Archive type: ZIP --> Spring Flowers Screensaver 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b540ff.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\St Louis Toolbar 1.0.zip.vir [0] Archive type: ZIP --> St Louis Toolbar 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48634105.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Stinky's MPEG-2 Codec 1.2.0.79.zip.vir [0] Archive type: ZIP --> Stinky's MPEG-2 Codec 1.2.0.79.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48ac4106.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\String Search 1.0.zip.vir [0] Archive type: ZIP --> String Search 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b54108.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Swing GUI Designer 1.0.zip.vir [0] Archive type: ZIP --> Swing GUI Designer 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48ac410c.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\SwitchIt! 0.7.5.B.zip.vir [0] Archive type: ZIP --> SwitchIt! 0.7.5.B.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48ac410e.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Symantec.Ghost.8.3.0.1331.zip.vir [0] Archive type: ZIP --> Symantec.Ghost.8.3.0.1331.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b04112.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\TCanvasText 1.0 [Cracked].zip.vir [0] Archive type: ZIP --> TCanvasText 1.0 [Cracked].exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a440dd.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Text Adjuster 1.10.zip.vir [0] Archive type: ZIP --> Text Adjuster 1.10.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48bb4101.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\The Music Library 1.2.30 [Crack].zip.vir [0] Archive type: ZIP --> The Music Library 1.2.30 [Crack].exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a84107.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\The Sims - Captain Jean Luc Picard skin.zip.vir [0] Archive type: ZIP --> The Sims - Captain Jean Luc Picard skin.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a84108.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\TheKBase for .NET 2 2.1.2.zip.vir [0] Archive type: ZIP --> TheKBase for .NET 2 2.1.2.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a84109.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\TimeGen Timing Diagram Tool 1.6.6.01.05.zip.vir [0] Archive type: ZIP --> TimeGen Timing Diagram Tool 1.6.6.01.05.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b0410b.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Titan Backup 1.2.0.4.zip.vir [0] Archive type: ZIP --> Titan Backup 1.2.0.4.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b7410d.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\tOGGer 0.0.17.zip.vir [0] Archive type: ZIP --> tOGGer 0.0.17.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '488a40f5.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Tonalpohualli 2.4.zip.vir [0] Archive type: ZIP --> Tonalpohualli 2.4.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b14116.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Trade-Ideas Pro 2.0.8 Key.zip.vir [0] Archive type: ZIP --> Trade-Ideas Pro 2.0.8 Key.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a4411b.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Translator Internet 1.01.zip.vir [0] Archive type: ZIP --> Translator Internet 1.01.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a4411c.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\TrojanWizard 0.1.1.zip.vir [0] Archive type: ZIP --> TrojanWizard 0.1.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b2411f.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\TRT Radio 1.0.3.zip.vir [0] Archive type: ZIP --> TRT Radio 1.0.3.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48974100.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Ultimate Slides 1.0.zip.vir [0] Archive type: ZIP --> Ultimate Slides 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b7411b.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Unit Converter 1.0.zip.vir [0] Archive type: ZIP --> Unit Converter 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48ac411f.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\vDHCP Server 0.11.zip.vir [0] Archive type: ZIP --> vDHCP Server 0.11.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '488b40f7.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\VNC Password Set 2.zip.vir [0] Archive type: ZIP --> VNC Password Set 2.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48864103.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\VocProf Vocabulary Trainer 2.01.zip.vir [0] Archive type: ZIP --> VocProf Vocabulary Trainer 2.01.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a64127.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Wake Up! Pro 2.1.1.zip.vir [0] Archive type: ZIP --> Wake Up! Pro 2.1.1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48ae411a.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Warcraft III - 2 Rivers Meet map.zip.vir [0] Archive type: ZIP --> Warcraft III - 2 Rivers Meet map.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b5411b.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Warcraft III - AR Natural PicNic map.zip.vir [0] Archive type: ZIP --> Warcraft III - AR Natural PicNic map.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b5411e.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Webolize TimeTracker 1.0.zip.vir [0] Archive type: ZIP --> Webolize TimeTracker 1.0.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48a54123.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\WebTVProducer 1.zip.vir [0] Archive type: ZIP --> WebTVProducer 1.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '49264334.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\WinaXe Plus 8.4 (KeyGen).zip.vir [0] Archive type: ZIP --> WinaXe Plus 8.4 (KeyGen).exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b1412b.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\WinFonie Mobile 1.9.59.zip.vir [0] Archive type: ZIP --> WinFonie Mobile 1.9.59.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48b1412c.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\WMV To AVI Converter 1.0 KeyGen.zip.vir [0] Archive type: ZIP --> WMV To AVI Converter 1.0 KeyGen.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48994112.qua'! C:\QooBox\Quarantine\C\Documents and Settings\Mara & Sam\Application Data\m\shared\Yahoo Funny 1.2.zip.vir [0] Archive type: ZIP --> Yahoo Funny 1.2.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QU [NOTE] The file was moved to '48ab4127.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\mdelk.exe.vir [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QT [NOTE] The file was moved to '48a8412c.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\1120581.exe.vir [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [NOTE] The file was moved to '487540fa.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\980640.exe.vir [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [NOTE] The file was moved to '48734102.qua'! C:\QooBox\Quarantine\F\autorun.inf.vir [DETECTION] Is the Trojan horse TR/PSW.Nilage.bvl.1 [NOTE] The file was moved to '48b7413f.qua'! C:\QooBox\Quarantine\F\nideiect.com.vir [DETECTION] Is the Trojan horse TR/Dldr.Bagle.QT [NOTE] The file was moved to '48a74135.qua'! C:\WINDOWS\$NtUninstallQ828026$\wmp.dll [WARNING] The file could not be opened! End of the scan: dimanche 1 juin 2008 15:27 Used time: 2:53:19 min The scan has been done completely. 14946 Scanning directories 328095 Files were scanned 211 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 209 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 327884 Files not concerned 11271 Archives were scanned 2 Warnings 209 Notes Voilà l'analyse du fichier, que tu m'a demandé, par VirusTotal: Fichier 5BD8AEAEC1.sys reçu le 2008.06.02 05:52:53 (CET) Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE Résultat: 0/32 (0%) en train de charger les informations du serveur... Votre fichier est dans la file d'attente, en position: ___. L'heure estimée de démarrage est entre ___ et ___ . Ne fermez pas la fenêtre avant la fin de l'analyse. L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats. Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier. Votre fichier est, en ce moment, en cours d'analyse par VirusTotal, les résultats seront affichés au fur et à mesure de leur génération. Formaté Impression des résultats Votre fichier a expiré ou n'existe pas. Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie. Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée. Email: Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.5.30.1 2008.05.30 - AntiVir 7.8.0.26 2008.06.01 - Authentium 5.1.0.4 2008.06.01 - Avast 4.8.1195.0 2008.06.01 - AVG 7.5.0.516 2008.06.01 - BitDefender 7.2 2008.06.02 - CAT-QuickHeal 9.50 2008.05.31 - ClamAV 0.92.1 2008.06.02 - DrWeb 4.44.0.09170 2008.06.01 - eSafe 7.0.15.0 2008.06.01 - eTrust-Vet 31.4.5837 2008.05.30 - Ewido 4.0 2008.06.01 - F-Prot 4.4.4.56 2008.06.01 - F-Secure 6.70.13260.0 2008.06.02 - Fortinet 3.14.0.0 2008.06.02 - GData 2.0.7306.1023 2008.06.02 - Ikarus T3.1.1.26.0 2008.06.02 - Kaspersky 7.0.0.125 2008.06.02 - McAfee 5307 2008.05.30 - Microsoft 1.3520 2008.06.02 - NOD32v2 3150 2008.06.01 - Norman 5.80.02 2008.05.30 - Panda 9.0.0.4 2008.06.01 - Prevx1 V2 2008.06.02 - Rising 20.46.62.00 2008.06.01 - Sophos 4.29.0 2008.06.02 - Sunbelt 3.0.1139.1 2008.05.29 - Symantec 10 2008.06.02 - TheHacker 6.2.92.331 2008.06.02 - VBA32 3.12.6.6 2008.06.01 - VirusBuster 4.3.26:9 2008.06.01 - Webwasher-Gateway 6.6.2 2008.06.01 - Information additionnelle File size: 88 bytes MD5...: 79e2cdad31cca2ba7c4d99d942562d16 SHA1..: c6b768369ffb4120231afc2a80dd8e3d8139f46f SHA256: 4122e314424641fb17d9a7dc1a766fb854ecda03a14a24018cbcd5656b737f42 SHA512: deac6759e3b8bdf19f9d26273fcb02e7133ac7c771b2c3f199357cecb5de108f 0e7dacd1c3a8e910777e204e05b77f3847d0d111ac31d6ac6fd649bf08dca336 PEiD..: - PEInfo: -

Ok merci, je ferais tout ça une fois que Antivir sera chargé et mis à jour. On m'a aussi conseillé Moon Secure, tu en penses quoi ? Mieux vaut antivir ? @+

Voilà, j'ai fait ce que tu m'a demandé, et je te post le rapport, merci encore de ton aide: J'ai également désinstallé supercopier ComboFix 08-05-29.1 - Mara & Sam 2008-05-31 15:43:01.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.492 [GMT -10:00] Endroit: C:\Documents and Settings\Mara & Sam\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Mara & Sam\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\AUTORUN.INF C:\Program Files\SuperCopier2\SuperCopier2.exe C:\WINDOWS\system32\drivers\mdelk.exe F:\AUTORUN.INF F:\nideiect.com . Error: Cfiles.dat Error: Cfolders.dat (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\French\setup.exe C:\WINDOWS\system32\drivers\downld C:\WINDOWS\system32\drivers\downld\1120581.exe C:\WINDOWS\system32\drivers\downld\1176461.exe C:\WINDOWS\system32\drivers\downld\5179637.exe C:\WINDOWS\system32\drivers\downld\5307411.exe C:\WINDOWS\system32\drivers\downld\5379865.exe C:\WINDOWS\system32\drivers\downld\980640.exe C:\WINDOWS\system32\drivers\mdelk.exe F:\AUTORUN.INF F:\nideiect.com . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-01 to 2008-06-01 )))))))))))))))))))))))))))))))))))) . 2008-05-30 16:10 . 2008-05-30 16:10 <REP> d-------- C:\Deckard 2008-05-30 14:00 . 2008-05-30 14:00 <REP> d-------- C:\Documents and Settings\Mara & Sam\Application Data\Malwarebytes 2008-05-30 13:59 . 2008-05-30 13:59 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-30 13:59 . 2008-05-30 13:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-30 13:59 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-30 13:59 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-05-30 12:07 . 2008-05-30 12:07 <REP> d-------- C:\Program Files\Sophos 2008-05-30 10:48 . 2008-05-30 11:49 81,465 --a------ C:\WINDOWS\system32\drivers\klif.cab 2008-05-14 08:09 . 2008-05-14 09:27 1,917 --a------ C:\WINDOWS\imsins.BAK 2008-05-06 17:36 . 2004-08-03 20:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys 2008-05-06 17:36 . 2004-08-03 20:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys 2008-05-06 17:35 . 2008-05-06 17:35 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-05-06 16:51 . 2008-05-06 16:51 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite 2008-05-06 16:51 . 2008-05-06 16:51 <REP> d-------- C:\Program Files\Fichiers communs\Nokia 2008-05-06 16:50 . 2008-05-06 16:50 <REP> d-------- C:\Program Files\PC Connectivity Solution 2008-05-06 16:50 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-05-06 16:35 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2008-05-06 16:35 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys 2008-05-06 16:35 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys 2008-05-06 16:35 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys 2008-05-06 16:35 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-30 23:55 --------- d-----w C:\Program Files\Common Files 2008-05-30 21:16 --------- d-----w C:\Program Files\SuperCopier2 2008-05-30 18:23 --------- d-----w C:\Program Files\eMule 2008-05-29 22:07 --------- d-----w C:\Documents and Settings\Mara & Sam\Application Data\Symantec 2008-05-19 21:04 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-05-14 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-05-07 03:26 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-05-07 02:35 --------- d-----w C:\Program Files\Nokia 2008-05-07 02:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations 2008-04-21 18:39 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-21 18:39 --------- d-----w C:\Program Files\InterActual 2008-04-18 02:49 --------- d-----w C:\Program Files\Fichiers communs\Sony Shared 2008-04-17 05:08 --------- d-----w C:\Program Files\Apple Software Update 2008-04-15 00:39 --------- d-----w C:\Program Files\TuneUp Utilities 2008 2008-04-14 02:01 --------- d-----w C:\Documents and Settings\Mara & Sam\Application Data\dvdcss 2008-04-10 19:52 --------- d-----w C:\Program Files\Windows Live 2008-04-10 03:21 307,968 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe 2008-04-10 03:21 --------- d-----w C:\Documents and Settings\Mara & Sam\Application Data\TuneUp Software 2008-04-10 03:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-04-10 03:20 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-04-10 03:02 --------- d-----w C:\Program Files\Uniblue 2008-04-10 03:01 --------- d-----w C:\Documents and Settings\Mara & Sam\Application Data\Uniblue 2008-04-10 03:00 --------- d-----w C:\Documents and Settings\Mara & Sam\Application Data\Smart PC Solutions 2008-04-10 00:18 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition 2008-04-09 23:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-04-09 21:34 --------- d-----w C:\Program Files\CCleaner 2008-04-04 23:33 --------- d-----w C:\Program Files\QuickTime 2008-04-04 23:27 --------- d-----w C:\Documents and Settings\Mara & Sam\Application Data\Apple Computer 2008-04-04 23:25 --------- d-----w C:\Program Files\iTunes 2008-04-04 23:25 --------- d-----w C:\Program Files\iPod 2008-04-04 23:22 --------- d-----w C:\Program Files\Safari 2008-04-04 23:21 --------- d-----w C:\Program Files\Bonjour 2008-04-02 02:19 --------- d-----w C:\Documents and Settings\Mara & Sam\Application Data\Nokia Multimedia Player 2008-04-02 00:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Uniblue 2008-03-25 19:33 2,516 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys 2008-03-25 19:31 88 --sh--r C:\Documents and Settings\All Users\Application Data\5BD8AEAEC1.sys 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-06 21:14 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll 2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((( snapshot@2008-05-31_ 9.16.34.44 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-31 19:09:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-01 01:45:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:09 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 06:21 114688] "Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2003-09-19 06:42 61440] "ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-19 23:29 40960] "Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 05:46 45056 C:\WINDOWS\system32\ico.exe] "BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-19 13:10 380928 C:\WINDOWS\system32\irprops.cpl] "HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2004-02-12 23:01 98304] "SonyPowerCfg"="C:\Program Files\sony\vaio power management\SPMgr.exe" [2003-12-11 23:03 167936] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 03:12 32768] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 05:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-25 09:00 335872] "VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-01-25 20:41 546936] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 13:09 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.dvsd"= C:\PROGRA~1\FICHIE~1\SONYSH~1\videolib\sonydv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\eMule\\emule.exe"= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-06-01 01:45:08 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-31 15:45:29 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\sony\HotKey Utility\HKWnd.exe C:\Program Files\Apoint\ApntEx.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\cscript.exe C:\WINDOWS\system32\dwwin.exe . ************************************************************************** . Temps d'accomplissement: 2008-05-31 15:53:32 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-01 01:53:28 ComboFix2.txt 2008-05-31 19:19:10 Pre-Run: 36,764,655,616 octets libres Post-Run: 36,749,930,496 octets libres 194 --- E O F --- 2008-05-27 18:21:52

Re-bonsoir! Voilà le rapport combofix: Par contre, j'ai du l'envoyer de l'ordi infecté, pas d'autre choix, j'ai 5 ordis à porter, mais je crois qu'ils sont tous infectés... ComboFix 08-05-29.1 - Mara & Sam 2008-05-31 9:06:17.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.352 [GMT -10:00] Endroit: C:\Documents and Settings\Mara & Sam\Bureau\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . Error: Cfiles.dat Error: Cfolders.dat (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Mara & Sam\Application Data\m C:\Documents and Settings\Mara & Sam\Application Data\m\data.oct C:\Documents and Settings\Mara & Sam\Application Data\m\list.oct C:\Documents and Settings\Mara & Sam\Application Data\m\shared C:\Documents and Settings\Mara & Sam\Application Data\m\shared\0Pop 2.05.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\70-221 Microsoft MCSE Windows 2000 Design 8.01.05.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\ABC Amber DBX Converter 4.01 [Patch].zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\ABC Amber HLP Converter 4.01.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Acala DVD to Pocket PC Movie 2.7.7 (Key+Serial).zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Adriana Lima 15 Screensaver 1.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Advanced eLearning Builder 3.6.3.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Advanced Excel Repair 1.4 (Patch).zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Advanced Web-Page Efficiency Analysis (AWPEA) 1.5.2 (KeyGen).zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\All-Purpose Legal Documents 1.02.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\All-Secure Computer Locking Software 1.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Amadeus II 3.7.2.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Amadis FLV to DVD Creator 1.0.4 Cracked.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\American Civil War Gettysburg 1.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\AppStarter 0.5.3.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Art Agent 2.1.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Audubon Close Up - Nesting Birds 1.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Automatos Server Agent 3.4.6.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\BargainChecker Toolbar 3.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\BBComposer 0.8.1.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Bed`s Printer Switcher 1.0.2.1.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Bible Lesson Record Book 1.02 Serial.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Binary Boy 1.96.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Boka Darts (OS X) 2.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Books Program 2.2.3.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Browser Form Filler 1.13.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\BufferZone Security for MSN Messenger 1.70-1.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Calendar Tool 2.4.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Canadian Postal Code Database (Premium Edition) June 2007 Key.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\CCViewer 5.1 [Key].zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\CDSHiELD SE 1.05.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Check All 0.2.2.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\CheckBalance 1.3.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Chessmaster Challenge 1.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Cinematheca 1.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Claves.de.Panda.Internet.Security.2007.hasta.Octubre.2007.Garantizadas.por. Jose.Mendez.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\CMDocSafe 1.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Complete Program Deleter 4.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Convert PowerPoint to HTML 1.20.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Cool Paint 2.6.0.1 (KeyGen).zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Copy Attachment To Clipboard 0.3.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\CopyText 2.2.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Creative PC-CAM 750 Driver 1.02.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Currency Converter 1.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\DataBase VB Net Builder 1.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\DataBatcher 1.2 Serial.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Debt Repayment Calculator 1.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Desktop Clock Christmas Edition 3.6.1.85 [Key].zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Desktop Fay 2.8 KeyGen.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Device Info 1.07 Beta.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\DigiGenius Sound Recorder 3.6.6.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\DigitalWeb NetPatrol 2.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\DmailerSync Plus 6.0.033.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Doctors Calls and Tasks Scheduler 1.5.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\DocuSync Desktop Manager 1.2.5.884.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Dragon UnPACKer 5.2.0.169.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\E-mail Templates 5.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Easter Fun 1.0 [With Crack].zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\EasyHex Hex Editor 1.13 (Serial).zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\EasySites 1.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\EasyStat 4.0 KeyGen.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Einstein 1.54.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\EMS SQL Manager 2007 Lite for PostgreSQL 4.1.0.7 [KeyGen].zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\eNewsViews 2.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\ePodcast Creator 2.0.65 [KeyGen].zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\eRocket with Random House Dictionary 1.1.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Esoteria demo.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Fast BugTrack 3.1.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\FGDL Update 1.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Float Planes 1 1.1.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Forge of Destiny II (Medieval Total War).zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Ghoster 1.1.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Guiding Star Tarot 1.2.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Guitar Guru 2.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\HeavyMath Cam 3D Webmaster Edition 3.5 (Crack).zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\HelDecPack 12OCT2004.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\HTMLSpeed 2.0.1.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\HTMLtoRTF Converter Pro 2.07.03 Key.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\iceCDInfo 1.5.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Icon Lock-iT XP 3.3 Patch.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Idokorro Mobile Admin 3.2.2.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\IECookiesView 1.7.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\IIS Mod-Rewrite Standard 2.1.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\iLibs 1.13.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Infimail 1.02.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\IntelliTimer Pro 2.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\InterGate 8.5.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\IP2Country mapping Database 1.0.2 Serial.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\iPod Photo Slideshow 1.11.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\JavaScript Dissolving PopMenu 1.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\jvider 1.7 [Cracked].zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\KanjiBrowze 2006.1.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\La Nacion RSS Feed 1.1.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Lacy Clock Screensaver 2.3.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\LeaseTrak 1.0 (Cracked).zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\LingvoSoft Talking Dictionary 2006 Russian Estonian 3.1.41.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\LingvoSoft Talking Dictionary 2007 English - Swedish 4.0.22 (Patch).zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Linux Kernel 2.6.10.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Little Setup Builder 2.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Lockix Pro 1.0.2.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Magic Squares Widget 1.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Mailing List Express 6.20 (Crack).zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Mcafee.Internet.Security.2.007.(Incluye.serial).zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Mean Snoring Mouse 1.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Media Protector 2.5.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\MediaJoin 2.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Metriclock 1.0.4.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\MiniPortal EP 3.3.99.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\MMD DupFinder 1.8.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Molecular Workbench 1.3.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\MorphMan 4.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\MP3 Album Manager 2.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Multi-Replace 2.2.5.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\My Voice Email 1.5.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\MyAssist 1.2.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\NetSender 1.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\NetServe FTP Client 1.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Networker IM 3.6.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Neverwinter Nights Community Expansion Pack v1.5 patch (zip).zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\NFL Pooltracker 2006 2.0.2.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\NOD32.2.51.30.PL.+.Outpost.Pro.Install.3.51.759.6511.(462).PL.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\NOD32.Antivirus.v.2.12.3.PT.-.by.Max[PT]SkylineGTR.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\OfficeIRC Messenger 1.2 (Patch).zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Oracle 1Z0-101 Exam.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Ordix Mpack Professional 5.0.1.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Outlook Express Attachment Extractor 1.43.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Pacestar UML Diagrammer 5.08.1834.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Pando 0.9.2 beta.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Paradox to MySQL Conversion Software 7.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Photo Organizer Deluxe 2.8.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Pictoscope 4.0.02.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Polskie Radio 1.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Popup Chomper 1.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\PopupKiller 1.0 (Patch).zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\PortController ActiveX 2.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Portraits My Heart 3.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Presto Outlook Transfer 1.7 (Key).zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\PrettyCase 2005 Personal Edition 4.1.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Prevent Fake Emails 1.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\prevx1.crack.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\ProcessWatcher.NET 1.3.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Projetex 2005 Serial.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Public Access Desktop 2.8.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Quark ALAP ShadowCaster 3.2.3 [Key].zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Radix 3.51 Crack.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Random Password Generator 1.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Redianet Class 1.6.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Relative Rev Backup for Server 6.0 Build 1340.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\RemShutdown 1.9.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\River Past Animated GIF Booster Pack 2.5.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\RS232 Hex Com Tool 6.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Screen saver Cetacea 4.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\ScreenCap 1.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\ScreenShield 1.2.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Security Explorer 5.10.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\SEOContest Tracker 1.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\ServiceUtility 1.0 (Patch).zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\SHADeR 1.20 [Crack].zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\SimpleSpa 3.1.2b.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\SizeExplorer Report Generator 3.7.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Skado 1.0.6.103.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Smiling Redhead Woman Jigsaw Puzzle 54pc.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Sothink DVD EZWorkshop 1.3.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Spheresoft Ethiopian Telephone Number Update Tool 1.0 [Cracked].zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Spring Flowers Screensaver 1.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\St Louis Toolbar 1.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Stinky's MPEG-2 Codec 1.2.0.79.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\String Search 1.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Swing GUI Designer 1.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\SwitchIt! 0.7.5.B.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Symantec.Ghost.8.3.0.1331.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\TCanvasText 1.0 [Cracked].zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Text Adjuster 1.10.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\The Music Library 1.2.30 [Crack].zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\The Sims - Captain Jean Luc Picard skin.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\TheKBase for .NET 2 2.1.2.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\TimeGen Timing Diagram Tool 1.6.6.01.05.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Titan Backup 1.2.0.4.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\tOGGer 0.0.17.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Tonalpohualli 2.4.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Trade-Ideas Pro 2.0.8 Key.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Translator Internet 1.01.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\TrojanWizard 0.1.1.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\TRT Radio 1.0.3.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Ultimate Slides 1.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Unit Converter 1.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\vDHCP Server 0.11.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\VNC Password Set 2.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\VocProf Vocabulary Trainer 2.01.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Wake Up! Pro 2.1.1.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Warcraft III - 2 Rivers Meet map.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Warcraft III - AR Natural PicNic map.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Webolize TimeTracker 1.0.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\WebTVProducer 1.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\WinaXe Plus 8.4 (KeyGen).zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\WinFonie Mobile 1.9.59.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\WMV To AVI Converter 1.0 KeyGen.zip C:\Documents and Settings\Mara & Sam\Application Data\m\shared\Yahoo Funny 1.2.zip C:\Documents and Settings\Mara & Sam\Application Data\m\srvlist.oct . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SROSA -------\Service_srosa ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-28 to 2008-05-31 )))))))))))))))))))))))))))))))))))) . 2008-05-30 16:10 . 2008-05-30 16:10 <REP> d-------- C:\Deckard 2008-05-30 14:00 . 2008-05-30 14:00 <REP> d-------- C:\Documents and Settings\Mara & Sam\Application Data\Malwarebytes 2008-05-30 13:59 . 2008-05-30 13:59 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-30 13:59 . 2008-05-30 13:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-30 13:59 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-30 13:59 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-05-30 12:07 . 2008-05-30 12:07 <REP> d-------- C:\Program Files\Sophos 2008-05-30 10:48 . 2008-05-30 11:49 81,465 --a------ C:\WINDOWS\system32\drivers\klif.cab 2008-05-30 10:46 . 2008-05-30 10:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-05-29 10:14 . 2005-10-17 05:01 692,224 --a------ C:\WINDOWS\system32\drivers\mdelk.exe 2008-05-29 10:10 . 2008-05-30 16:06 <REP> d-------- C:\WINDOWS\system32\drivers\downld 2008-05-14 08:09 . 2008-05-14 09:27 1,917 --a------ C:\WINDOWS\imsins.BAK 2008-05-06 17:36 . 2004-08-03 20:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys 2008-05-06 17:36 . 2004-08-03 20:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys 2008-05-06 17:35 . 2008-05-06 17:35 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-05-06 16:51 . 2008-05-06 16:51 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite 2008-05-06 16:51 . 2008-05-06 16:51 <REP> d-------- C:\Program Files\Fichiers communs\Nokia 2008-05-06 16:50 . 2008-05-06 16:50 <REP> d-------- C:\Program Files\PC Connectivity Solution 2008-05-06 16:50 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-05-06 16:35 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2008-05-06 16:35 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys 2008-05-06 16:35 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys 2008-05-06 16:35 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys 2008-05-06 16:35 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys 2008-04-22 13:55 . 2008-05-30 11:16 <REP> d-------- C:\Program Files\SuperCopier2 2008-04-16 19:08 . 2008-04-16 19:08 <REP> d-------- C:\Program Files\Apple Software Update 2008-04-13 16:01 . 2008-04-13 16:01 <REP> d-------- C:\Documents and Settings\Mara & Sam\Application Data\dvdcss 2008-04-13 15:59 . 2008-04-13 15:59 0 --a------ C:\WINDOWS\iPlayer.INI 2008-04-13 15:57 . 2008-04-21 08:39 <REP> d-------- C:\Program Files\InterActual 2008-04-09 17:21 . 2008-04-09 17:21 <REP> d-------- C:\Documents and Settings\Mara & Sam\Application Data\TuneUp Software 2008-04-09 17:21 . 2008-04-09 17:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-04-09 17:21 . 2008-04-09 17:21 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-04-09 17:21 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-04-09 17:20 . 2008-04-14 14:39 <REP> d-------- C:\Program Files\TuneUp Utilities 2008 2008-04-09 17:20 . 2008-04-09 17:20 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-04-09 14:19 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-04-09 14:18 . 2008-04-09 14:18 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-04-09 11:34 . 2008-04-09 11:34 <REP> d-------- C:\Program Files\CCleaner 2008-04-04 13:26 . 2008-05-31 09:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-04 13:26 . 2008-04-04 13:26 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-04 13:25 . 2008-04-04 13:25 <REP> d-------- C:\Program Files\iPod 2008-04-04 13:22 . 2008-04-04 13:22 <REP> d-------- C:\Program Files\Safari 2008-04-04 13:21 . 2008-04-04 13:21 <REP> d-------- C:\Program Files\Bonjour 2008-04-01 14:56 . 2008-04-01 14:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue 2008-04-01 11:22 . 2008-04-09 17:02 <REP> d-------- C:\Program Files\Uniblue 2008-04-01 11:22 . 2008-04-09 17:01 <REP> d-------- C:\Documents and Settings\Mara & Sam\Application Data\Uniblue . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-30 23:55 --------- d-----w C:\Program Files\Common Files 2008-05-30 18:23 --------- d-----w C:\Program Files\eMule 2008-05-29 22:07 --------- d-----w C:\Documents and Settings\Mara & Sam\Application Data\Symantec 2008-05-19 21:04 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-05-14 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-05-07 03:26 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-05-07 02:35 --------- d-----w C:\Program Files\Nokia 2008-05-07 02:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations 2008-04-21 18:39 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-18 02:49 --------- d-----w C:\Program Files\Fichiers communs\Sony Shared 2008-04-10 19:52 --------- d-----w C:\Program Files\Windows Live 2008-04-10 03:00 --------- d-----w C:\Documents and Settings\Mara & Sam\Application Data\Smart PC Solutions 2008-04-09 23:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-04-04 23:33 --------- d-----w C:\Program Files\QuickTime 2008-04-04 23:27 --------- d-----w C:\Documents and Settings\Mara & Sam\Application Data\Apple Computer 2008-04-04 23:25 --------- d-----w C:\Program Files\iTunes 2008-04-02 02:19 --------- d-----w C:\Documents and Settings\Mara & Sam\Application Data\Nokia Multimedia Player 2008-03-25 19:33 2,516 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys 2008-03-25 19:31 88 --sh--r C:\Documents and Settings\All Users\Application Data\5BD8AEAEC1.sys 2008-02-01 21:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:09 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 06:21 114688] "Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2003-09-19 06:42 61440] "ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-19 23:29 40960] "Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 05:46 45056 C:\WINDOWS\system32\ico.exe] "BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-19 13:10 380928 C:\WINDOWS\system32\irprops.cpl] "HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2004-02-12 23:01 98304] "SonyPowerCfg"="C:\Program Files\sony\vaio power management\SPMgr.exe" [2003-12-11 23:03 167936] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 03:12 32768] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 05:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-25 09:00 335872] "VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-01-25 20:41 546936] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 13:09 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.dvsd"= C:\PROGRA~1\FICHIE~1\SONYSH~1\videolib\sonydv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\eMule\\emule.exe"= R2 PSI_SVC_2;Protexis Licensing V2;"c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe" [2007-07-24 11:15] R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 13:10] R3 SPI;Périphérique de contrôle d'E/S programmable Sony;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2001-08-17 09:51] S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-09 17:21] S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39] S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{114bf5b8-2799-11dd-a188-000e3535e2db}] \Shell\AutoRun\command - F:\nideiect.com \Shell\explore\Command - F:\nideiect.com \Shell\open\Command - F:\nideiect.com . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-05-31 19:09:55 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-31 09:10:18 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\sony\HotKey Utility\HKWnd.exe C:\Program Files\Apoint\ApntEx.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Temps d'accomplissement: 2008-05-31 9:19:09 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-31 19:19:05 Pre-Run: 36,692,054,016 octets libres Post-Run: 36,595,064,832 octets libres 388 --- E O F --- 2008-05-27 18:21:52

Voilà le rapport DSS, contenu dans main.txt, par contre impossible de télécharge Hijackthis, "erreur": J'espère que ça peut t'aider à m'aider...lol Merci encore! Deckard's System Scanner v20071014.68 Run by Mara & Sam on 2008-05-30 16:11:07 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-05-30 16:14:39 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\explorer.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\ATK0100\Hcontrol.exe C:\WINDOWS\system32\ezSP_Px.exe C:\WINDOWS\system32\ico.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\sony\HotKey Utility\HKServ.exe C:\Program Files\sony\vaio power management\SPMgr.exe C:\Program Files\sony\ISB Utility\ISBMgr.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\sony\VAIO Update 3\VAIOUpdt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\sony\HotKey Utility\HKWnd.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Apoint\ApntEx.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\Mara & Sam\Bureau\dss.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user') O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.sony-europe.com (HKCU) O15 - Trusted Zone: *.sonystyle-europe.com (HKCU) O15 - Trusted Zone: *.vaio-link.com (HKCU) O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\system32\TuneUpDefragService.exe O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe -- End of file - 10271 bytes -- File Associations ----------------------------------------------------------- .reg - regfile - shell\open\command - regedit.exe "%1" %* .scr - scrfile - shell\open\command - "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0> R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver> S1 srosa (Megadrv3) - c:\windows\system32\drivers\srosa.sys (file missing) S3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\fichiers communs\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 Bonjour Service (Service Bonjour) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour> R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service> S2 Planificateur LiveUpdate automatique - "c:\program files\symantec\liveupdate\aluschedulersvc.exe" (file missing) S3 PACSPTISVR - "c:\program files\fichiers communs\sony shared\avlib\pacsptisvr.exe" <Not Verified; ; PACSPTISVR Module> S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Intel® PRO/Wireless 2200BG Network Connection Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27538086&REV_05\4&22270378&0&10F0 Manufacturer: Intel Corporation Name: Intel® PRO/Wireless 2200BG Network Connection PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27538086&REV_05\4&22270378&0&10F0 Service: w29n51 -- Scheduled Tasks ------------------------------------------------------------- 2008-05-30 16:09:32 514 --a------ C:\WINDOWS\Tasks\Maintenance en 1 clic.job -- Files created between 2008-04-30 and 2008-05-30 ----------------------------- 2008-05-30 14:02:12 0 d--h----- C:\Documents and Settings\Mara & Sam\Application Data\m 2008-05-30 14:00:00 0 d-------- C:\Documents and Settings\Mara & Sam\Application Data\Malwarebytes 2008-05-30 13:59:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-30 13:59:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-30 12:07:27 0 d-------- C:\Program Files\Sophos 2008-05-30 10:46:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-05-29 10:14:52 692224 --a------ C:\WINDOWS\system32\drivers\mdelk.exe 2008-05-29 10:10:09 0 d-------- C:\WINDOWS\system32\drivers\downld 2008-05-06 16:51:41 0 d-------- C:\Program Files\Fichiers communs\PCSuite 2008-05-06 16:51:40 0 d-------- C:\Program Files\Fichiers communs\Nokia 2008-05-06 16:50:13 0 d-------- C:\Program Files\PC Connectivity Solution -- Find3M Report --------------------------------------------------------------- 2008-05-30 13:55:14 0 d-------- C:\Program Files\Common Files 2008-05-30 11:16:15 0 d-------- C:\Program Files\SuperCopier2 2008-05-30 08:23:59 0 d-------- C:\Program Files\eMule 2008-05-29 12:17:44 0 d-------- C:\Program Files\Fichiers communs 2008-05-29 12:07:08 0 d-------- C:\Documents and Settings\Mara & Sam\Application Data\Symantec 2008-05-19 11:04:00 0 d-------- C:\Program Files\Microsoft Silverlight 2008-05-14 11:45:39 0 d-------- C:\Documents and Settings\Mara & Sam\Application Data\Adobe 2008-05-06 17:26:40 0 d-------- C:\Program Files\Fichiers communs\Adobe 2008-05-06 16:35:08 0 d-------- C:\Program Files\Nokia 2008-04-21 08:39:37 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-04-21 08:39:00 0 d-------- C:\Program Files\InterActual 2008-04-17 16:49:50 0 d-------- C:\Program Files\Fichiers communs\Sony Shared 2008-04-16 19:08:46 0 d-------- C:\Program Files\Apple Software Update 2008-04-14 14:39:49 0 d-------- C:\Program Files\TuneUp Utilities 2008 2008-04-13 16:01:20 0 d-------- C:\Documents and Settings\Mara & Sam\Application Data\dvdcss 2008-04-10 09:52:23 0 d-------- C:\Program Files\Windows Live 2008-04-09 17:21:15 0 d-------- C:\Documents and Settings\Mara & Sam\Application Data\TuneUp Software 2008-04-09 17:20:16 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-04-09 17:02:31 0 d-------- C:\Program Files\Uniblue 2008-04-09 17:01:13 0 d-------- C:\Documents and Settings\Mara & Sam\Application Data\Uniblue 2008-04-09 17:00:29 0 d-------- C:\Documents and Settings\Mara & Sam\Application Data\Smart PC Solutions 2008-04-09 14:18:48 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-04-09 11:34:27 0 d-------- C:\Program Files\CCleaner 2008-04-04 13:33:02 0 d-------- C:\Program Files\QuickTime 2008-04-04 13:27:28 0 d-------- C:\Documents and Settings\Mara & Sam\Application Data\Apple Computer 2008-04-04 13:25:27 0 d-------- C:\Program Files\iTunes 2008-04-04 13:25:15 0 d-------- C:\Program Files\iPod 2008-04-04 13:22:32 0 d-------- C:\Program Files\Safari 2008-04-04 13:21:55 0 d-------- C:\Program Files\Bonjour 2008-04-01 16:19:32 0 d-------- C:\Documents and Settings\Mara & Sam\Application Data\Nokia Multimedia Player 2008-03-15 09:38:33 511392 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-03-15 09:38:33 85256 --a------ C:\WINDOWS\system32\perfc00C.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [07/11/2003 06:21] "Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [19/09/2003 06:42] "ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [19/08/2002 23:29] "Mouse Suite 98 Daemon"="ICO.EXE" [14/03/2002 05:46 C:\WINDOWS\system32\ico.exe] "BluetoothAuthenticationAgent"="irprops.cpl" [19/08/2004 13:10 C:\WINDOWS\system32\irprops.cpl] "HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [12/02/2004 23:01] "SonyPowerCfg"="C:\Program Files\sony\vaio power management\SPMgr.exe" [11/12/2003 23:03] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [20/02/2004 03:12] "ATIModeChange"="Ati2mdxx.exe" [04/09/2001 05:24 C:\WINDOWS\system32\Ati2mdxx.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [25/03/2004 09:00] "VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [25/01/2007 20:41] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/03/2008 23:37] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 13:09] "drvsyskit"="C:\WINDOWS\system32\drivers\hldrrr.exe" [] "german.exe"="C:\WINDOWS\system32\wintems.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [29/07/2003 15:52:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"=0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a721421-39b1-11dc-a106-080046da7f1c}] Auto\command- F:\AdobeR.exe e AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{114bf5b8-2799-11dd-a188-000e3535e2db}] AutoRun\command- F:\nideiect.com explore\Command- F:\nideiect.com open\Command- F:\nideiect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a606e970-4b84-11dc-a10a-080046da7f1c}] Auto\command- infrom.exe AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe -- End of Deckard's System Scanner: finished at 2008-05-30 16:15:24 ------------

Voilà le rapport MBAM: Malwarebytes' Anti-Malware 1.14 Version de la base de données: 807 16:01:39 30/05/2008 mbam-log-5-30-2008 (16-01-38).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 150429 Temps écoulé: 1 hour(s), 36 minute(s), 46 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 5 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Delete on reboot. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\drivers\srosa.sys (Rootkit.Bagle) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mdelk.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wintems.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\drivers\hldrrr.exe (Rootkit.Agent) -> Delete on reboot. C:\Documents and Settings\Mara & Sam\Application Data\m\flec006.exe (Trojan.Agent) -> Delete on reboot.

Ok Merci, je vais essayer Par contre, j'ai plus de connexion wifi depuis l'infection de mon portable, donc pour les mises à jours... Je vais essayer de passe-passe le cable ethernet entre mes deux ordi, à moins que tu saches comment rétablir le wifi? Car là, je suis obligé de télécharger sur mon ordi de bureau (celui d'où j'écris), puis de copier-coller avec une clé USB pour faire les analyses dans le portable... Les 2 doivent être infecté mais, essayons d'en réparer un à la fois. Et ensuite, si possible s'assurer que toutes mes clés USB et disques durs externes soient clean eux aussi...

Merci de ta réponse et de ton intérêt à mon problème. J'ai bien essayé de copier et d'ouvrir combofix, mais une grosse croix rouge s'est mis en icône dessus, j'ai essayé de l'ouvrir qd même mais, mon ordi à planter, je suis en train de le redémarrer. (pour info, j'écris d'un autre ordi, c'est mon portable qui merde, mais j'ai peur que l'ordi d'où j'écris ne soit infecté aussi, sachant que je fais plein de transfert via plusieurs clé USB)

Bonjour à tous, Je suis nouveau sur le forum. Je suis de Tahiti, en Polynésie Française. Depuis hier, j'ai un problème sur mon portable (Windows XP) J'étais en train de surfer sur internet et tout d'un coup -il s'est éteint et s'est rallumé tout seul. -puis est apparu le message "Windows a récupéré d'une erreur sérieuse -ensuite plus de son, plus de connection internet (wifi) -plus de norton antivirus, impossible de l'ouvrir (message "n'est pas un fichier Win32 valide"...) J'ai parcouru quelques posts, et voilà ce que j'ai fait par la suite: -j'ai désinstaller norton complètement, avec le tool -j'ai supprimer de mon disque dur tout ce qui avait un rapport avec norton et symantec -ensuite, j'ai essayé d'installer antivir, il me dis de redémarrer et de fermer tous les programmes ouvert, alors qu'il n'y en avait pas -j'ai essayé de faire une analyse avec elibagla, et peu après le début de l'analyse, elibagla se coupe tout seul.. -j'ai aussi essayer d'installer la version d'éval de Kaspersky, rien, "erreur 1304" Voilà où, j'en suis, si vous pouvez m'aider au plus vite, merci d'avance... J'ai besoin de mon ordi, car je travail dessus Mara Je vous mets quand même l'analyse Kaspersky on-line, si ça peut aider à trouver mon problème : Voilà le compte-rendu de Kaspersky : KASPERSKY ON-LINE SCANNER REPORT Friday, May 30, 2008 8:04:00 AM Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 30/05/2008 Enregistrements dans la base antivirus Kaspersky : 724417 Paramètres d'analyse Analyser avec la base antivirus suivante standard Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail C:\ D:\ E:\ Statistiques de l'analyse Total d'objets analysés 107843 Nombre de virus trouvés 3 Nombre d'objets infectés 29 / 0 Nombre d'objets suspects 0 Durée de l'analyse 02:58:57 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Mara & Sam\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Mara & Sam\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db L'objet est verrouillé ignoré C:\Documents and Settings\Mara & Sam\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow L'objet est verrouillé ignoré C:\Documents and Settings\Mara & Sam\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Mara & Sam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\Mara & Sam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Mara & Sam\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Mara & Sam\Local Settings\Historique\History.IE5\MSHist012008052920080530\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Mara & Sam\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré C:\Documents and Settings\Mara & Sam\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Mara & Sam\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\Mara & Sam\NTUSER.DAT.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Program Files\SuperCopier2\SuperCopier2.exe Infecté : Trojan-Downloader.Win32.Bagle.qt ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP249\A0056882.exe Infecté : Trojan-Downloader.Win32.Bagle.qt ignoré C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP249\A0056885.exe Infecté : Trojan-Downloader.Win32.Bagle.qt ignoré C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP249\A0056887.exe Infecté : Trojan-Downloader.Win32.Bagle.qt ignoré C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP249\A0056900.exe Infecté : Trojan-Downloader.Win32.Bagle.qt ignoré C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP249\A0056901.sys Infecté : Trojan-Downloader.Win32.Bagle.mm ignoré C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP249\A0056920.exe Infecté : Trojan-Downloader.Win32.Bagle.qt ignoré C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP249\A0056921.sys Infecté : Trojan-Downloader.Win32.Bagle.mm ignoré C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP249\A0056936.exe Infecté : Trojan-Downloader.Win32.Bagle.qt ignoré C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP250\A0056970.sys Infecté : Trojan-Downloader.Win32.Bagle.mm ignoré C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP250\A0056971.exe Infecté : Trojan-Downloader.Win32.Bagle.qt ignoré C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP250\A0056992.sys Infecté : Trojan-Downloader.Win32.Bagle.mm ignoré C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP250\A0056993.exe Infecté : Trojan-Downloader.Win32.Bagle.qt ignoré C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP250\A0056994.exe Infecté : Trojan-Downloader.Win32.Bagle.qt ignoré C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP250\A0057016.exe Infecté : Trojan-Downloader.Win32.Bagle.qt ignoré C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP250\A0057017.sys Infecté : Trojan-Downloader.Win32.Bagle.mm ignoré C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP250\A0057018.exe Infecté : Trojan-Downloader.Win32.Bagle.qt ignoré C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP250\A0057145.exe Infecté : Worm.Win32.RJump.a ignoré C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP250\A0057146.exe Infecté : Worm.Win32.RJump.a ignoré C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP250\A0057694.exe Infecté : Trojan-Downloader.Win32.Bagle.qt ignoré C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP250\A0057695.sys Infecté : Trojan-Downloader.Win32.Bagle.mm ignoré C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP250\A0057703.exe Infecté : Trojan-Downloader.Win32.Bagle.qt ignoré C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP250\A0057704.sys Infecté : Trojan-Downloader.Win32.Bagle.mm ignoré C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP250\A0057705.exe Infecté : Trojan-Downloader.Win32.Bagle.qt ignoré C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP250\A0057706.exe Infecté : Trojan-Downloader.Win32.Bagle.qt ignoré C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP250\A0057739.sys Infecté : Trojan-Downloader.Win32.Bagle.mm ignoré C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP250\A0058748.exe Infecté : Trojan-Downloader.Win32.Bagle.qt ignoré C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP250\A0059748.exe Infecté : Trojan-Downloader.Win32.Bagle.qt ignoré C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP250\A0059749.sys Infecté : Trojan-Downloader.Win32.Bagle.mm ignoré C:\System Volume Information\_restore{3033B55A-DBBB-44B7-AF0F-205B4B42BDB3}\RP250\change.log L'objet est verrouillé ignoré C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe L'objet est verrouillé ignoré C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe L'objet est verrouillé ignoré C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe L'objet est verrouillé ignoré C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx L'objet est verrouillé ignoré C:\WINDOWS\$NtUninstallQ828026$\wmp.dll L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS\system32\config\DEFAULT.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SOFTWARE.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SYSTEM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré Analyse terminée.