bonjour, je crois que j ai ete infecter par le virus bagle, comme j ai pu voir dans d'autre discussion, j ai la fenetre select file to crack, aucun antivirus qui marche, utilisé elibagla, et HijackThis qui ne se lance pas non plus, probleme "win32". Quelqu'un peut m'aider avec le rapport elibagla ou à elenver ce virus de mon pc?

PS:grace a norton installer sur mon pc de base et que je n'arrive pas a enlever, mes ports internet sont bloqué, je crois ke c'est parce que internet security ne se lance pas et bloque ces ports.

Merci merci merci

Bonjour kinke

-> Arrête de télécharger des cracks.

- Télécharge ELIBAGLA en bas de cette page
http://www.zonavirus.com/datos/descargas/95/elibagla.asp
- Clique sur le bouton Descargar Elibagla cela va télécharger le fichier, place le sur le bureau
- Double-clique dessus pour l'ouvrir
- Assure toi que dans le menu déroulant Unidad, tu as bien C:\
- Vérifies aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée
- Clique sur le bouton Explorar pour lancer l'analyse
- Enregistre le rapport et poste le ici.

pardon pour le crack en plus c'etait pour une connerie;

voici mon rapport, il doit y en avoir plusieurs parce que j'y ai passé la nuit.

Sun Mar 09 06:07:36 2008
EliBagle v11.11 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v11.11
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.11
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Sun Mar 09 06:08:09 2008
EliBagle v11.11 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v11.11
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.11
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Sun Mar 09 06:08:21 2008
EliBagle v11.11 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 7289
Nº Total de Ficheros: 51690
Nº de Ficheros Analizados: 7619
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Mar 09 06:21:28 2008
EliBagle v11.11 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v11.11
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.11
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Sun Mar 09 06:22:06 2008
EliBagle v11.11 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\

Nº Total de Directorios: 0
Nº Total de Ficheros: 0
Nº de Ficheros Analizados: 0
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Mar 09 06:22:13 2008
EliBagle v11.11 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\

Nº Total de Directorios: 0
Nº Total de Ficheros: 0
Nº de Ficheros Analizados: 0
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Mar 09 06:22:18 2008
EliBagle v11.11 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 7289
Nº Total de Ficheros: 51690
Nº de Ficheros Analizados: 7619
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Mar 09 06:24:49 2008
EliBagle v11.11 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 7289
Nº Total de Ficheros: 51690
Nº de Ficheros Analizados: 7619
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Mar 09 06:32:16 2008
EliBagle v11.11 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v11.11
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.11
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Sun Mar 09 06:32:20 2008
EliBagle v11.11 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 7289
Nº Total de Ficheros: 51693
Nº de Ficheros Analizados: 7620
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Mar 09 06:39:49 2008
EliBagle v11.11 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 7289
Nº Total de Ficheros: 51693
Nº de Ficheros Analizados: 7620
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Mar 09 06:50:00 2008
EliBagle v11.11 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v11.11
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.11
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Sun Mar 09 06:50:05 2008
EliBagle v11.11 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 7289
Nº Total de Ficheros: 51697
Nº de Ficheros Analizados: 7620
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Mar 09 07:06:36 2008
EliBagle v11.11 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v11.11
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.11
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Sun Mar 09 07:10:47 2008
EliBagle v11.11 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v11.11
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.11
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Sun Mar 09 07:29:52 2008
EliBagle v11.11 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v11.11
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.11
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Sun Mar 09 07:29:55 2008
EliBagle v11.11 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Sun Mar 09 15:10:57 2008
EliBagle v11.11 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v11.11
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.11
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Sun Mar 09 16:01:20 2008
EliBagle v11.11 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v11.11
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.11
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Sun Mar 09 16:01:41 2008
EliBagle v11.11 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 7266
Nº Total de Ficheros: 51643
Nº de Ficheros Analizados: 7605
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Re

Imprime les instructions suivantes car il va y avoir un redémarrage de l'ordinateur ;)

**********************************************************************************

1) Relance ELIBAGLA, cela va restaurer le mode sans échec !

2) Redémarre en mode sans échec ! aide ici : http://forum.telecharger.01net.com/telecharger/virus_et_assimiles/failles_de_securite/redemarrer_en_mode_sans_echec_pourquoi_et_comment-387297/messages-1.html

Ne JAMAIS redémarrer via msconfig, toujours utiliser la méthode avec F8 !!

3) Ouvre l'invite de commande : démarrage > programme > accessoire > invite de commande ou dans outils système > invite de commande
Tape les commandes suivantes successivement :

N.B : si tu as des messages d'erreur lors de la suppression de certains fichiers, ne pas s'inquiéter, cela signifie qu'ils ne sont pas présents sur ta machine. Attention de ne pas faire de faute de frappe !

del c:\windows\system32\mdelk.exe > entrer : le fichier va s'effacer
puis
del c:\windows\system32\drivers\srosa.sys > entrer : le fichier va s'effacer
puis
del c:\windows\system32\drivers\hldrrr.exe > entrer : le fichier va s'effacer
puis
del c:\windows\system32\wintems.exe > entrer : le fichier va s'effacer

4) Dis moi quand c'est fait. Indique si tu as eu des problèmes.

Ah oui ? C'est étrange !

En suivant ce tuto :

http://forum.pcastuces.com/aide_pour_bagle-f25s37315.htm?page=1&

Télécharge Combofix (sUBs) sur le bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Puis,

Redémarre en mode sans échec :
http://forum.telecharger.01net.com/telecharger/virus_et_assimiles/failles_de_securite/redemarrer_en_mode_sans_echec_pourquoi_et_comment-387297/messages-1.html
- Double clique sur combofix.exe.
- Appuie sur Y (Yes) pour lancer le scan.
- Quand le scan sera terminé, enregistre le rapport et redémarre en mode normal.
- Copie/Colle le rapport sur le forum situé ici C:\Combofix.txt.

merci pour ton aide

voici le rapport

ComboFix 08-03-08.2 - Utilisateur 2008-03-09 17:04:34.2 - NTFSx86 MINIMAL

Endroit: C:\Documents and Settings\Utilisateur\Bureau\Combo-Fix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\kwqslbnaq.dat
C:\WINDOWS\system32\kwqslbnaq_nav.dat
C:\WINDOWS\system32\kwqslbnaq_navps.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_SROSA


((((((((((((((((((((((((((((( Fichiers créés 2008-02-09 to 2008-03-09 ))))))))))))))))))))))))))))))))))))
.

2008-03-09 15:12 . 2008-03-09 15:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-09 15:12 . 2008-03-09 15:12 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-09 07:22 . 2008-03-09 07:22 <REP> d-------- C:\Program Files\Trend Micro
2008-03-09 06:07 . 2008-03-09 06:07 <REP> d-------- C:\Muestras
2008-03-09 05:19 . 2007-08-14 17:02 82,248 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-09 05:19 . 2007-08-14 17:02 57,672 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-09 05:19 . 2007-08-14 17:02 40,264 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-09 05:19 . 2007-08-14 17:02 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-03-09 05:18 . 2008-03-09 05:23 <REP> d-------- C:\Program Files\Spyware Doctor
2008-03-09 05:18 . 2008-03-09 05:18 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\PC Tools
2008-03-09 05:18 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-03-09 04:09 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-09 04:09 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-09 04:09 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-09 04:09 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-09 04:09 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-09 04:09 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-09 04:09 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-09 04:09 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-09 02:59 . 2008-03-09 07:28 <REP> d-------- C:\Program Files\PMsn Paraiso
2008-03-09 00:49 . 2008-03-09 00:49 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Yahoo!
2008-02-21 03:05 . 2008-02-21 03:05 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-02-21 03:05 . 2008-02-21 03:05 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-02-18 15:04 . 2004-08-04 00:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-02-18 15:04 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-18 15:04 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-02-18 15:04 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-02-13 20:09 . 2008-03-09 04:06 <REP> d-------- C:\Program Files\Alwil Software
2008-02-13 20:06 . 2008-02-13 20:06 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\GlarySoft
2008-02-13 19:54 . 2008-02-13 19:55 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-13 19:48 . 2008-02-13 19:49 <REP> d-------- C:\Program Files\Glary Utilities
2008-02-13 18:13 . 2008-02-13 18:13 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-02-13 18:12 . 2008-02-13 18:12 <REP> d-------- C:\Program Files\Veoh Networks
2008-02-13 18:12 . 2008-02-13 18:12 <REP> d-------- C:\Program Files\Codemasters
2008-02-13 17:05 . 2008-02-13 18:10 <REP> d-------- C:\Program Files\Veoh Networks(2)

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 02:21 98,304 ----a-w C:\WINDOWS\DUMP67b2.tmp
2008-03-09 02:14 --------- d-----w C:\Program Files\eMule
2008-03-08 23:49 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-03-08 23:48 --------- d-----w C:\Program Files\DivX
2008-03-08 15:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-07 12:57 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\U3
2008-02-28 09:35 --------- d-----w C:\Program Files\Windows Live
2008-02-13 17:32 --------- d-----w C:\Program Files\RegCleaner
2008-02-13 15:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-12 21:45 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-02-01 10:11 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-23 07:37 --------- d-----w C:\Program Files\KONAMI
2008-01-20 01:29 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-19 07:57 --------- d-----w C:\Program Files\Aladdin
2008-01-19 07:43 --------- d-----w C:\Program Files\Earth Worm Jim
2008-01-17 12:38 --------- d-----w C:\Program Files\Alcohol Soft
2008-01-17 12:30 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-11 16:30 --------- d-----w C:\Program Files\SpeedFan
2008-01-11 16:30 --------- d-----w C:\Program Files\Google
2008-01-11 16:30 --------- d-----w C:\Program Files\FusionSoft DVD Player XP
2008-01-11 16:29 --------- d-----w C:\Program Files\Orange
2008-01-11 16:29 --------- d-----w C:\Program Files\Norton Security Scan
2008-01-11 16:28 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-11 16:28 --------- d-----w C:\Program Files\Symantec
2008-01-11 16:28 --------- d-----w C:\Program Files\Shockwave.com
2008-01-11 16:28 --------- d-----w C:\Program Files\PhonerLite
2008-01-11 16:28 --------- d-----w C:\Program Files\MSN Messenger
2008-01-11 16:28 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-11 16:28 --------- d-----w C:\Program Files\Apple Software Update
2008-01-11 16:26 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-01-11 16:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-26 12:47 45,936 ----a-w C:\Documents and Settings\Utilisateur\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2004-03-24 01:08 692224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CcApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-03-09 16:39 58488]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-01 23:40 7118848]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-01-25 13:43 26112]
"avast!"="C:\DOSSIE~1\Avast\ashDisp.exe" [2008-03-09 16:39 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 12:45 36040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\APPS\\skype\\phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
R3 CIR;Hid Device;C:\WINDOWS\system32\DRIVERS\CIR.sys [2005-05-20 09:01]
R3 kbd;Keyboard;C:\WINDOWS\system32\DRIVERS\kbd.sys [2005-05-20 09:31]
R3 LVHybrid;LVHybrid service;C:\WINDOWS\system32\DRIVERS\LVHybrid.sys [2005-06-14 18:50]
R3 PortDRv;PST Port I/O Driver;C:\WINDOWS\system32\Drivers\PortDRv.sys [2002-10-25 12:49]
R3 Slazldrv;SmartLink AMR_PCI Driver;C:\WINDOWS\system32\DRIVERS\SLDRV\slazldrv.sys [2005-01-05 02:48]
R3 SRBoxDRv;PST Serial Response Box Driver;C:\WINDOWS\system32\Drivers\SRBoxDRv.sys [2002-10-25 12:22]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9dc864e-7cb0-11dc-99ec-0040d0940dae}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-16 09:29:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-09 15:30:00 C:\WINDOWS\Tasks\HDReg.job"
- c:\Apps\HDReg\HDRegRem.exe
"2008-02-29 17:46:49 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-03-09 01:14:34 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-01-25 12:58:59 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-01-25 12:59:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-01-25 12:59:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 17:09:25
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-09 17:12:52 - machine was rebooted [Utilisateur]
ComboFix-quarantined-files.txt 2008-03-09 16:12:48
.
2008-03-05 11:02:15 --- E O F ---

Re

Télécharge HijackThis (Merjin) sur le bureau :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
- Installe-le.
- Renomme-le en Scanner.
- Ferme toutes les fenêtres.
- Cliques sur « Do a system Scan Only and Save a Logfile »
- Un rapport apparaît à l’écran.
- Copie/Colle l’ensemble du rapport ici.

bon, je crois que c'est fini, le pc ne veut plus demarrer, ecran noir direct au demarrage...merci a toi, si jamais il se decide a demarrer, je poste le rapport ici.

Encore merci, et bonne fin de journée

ca y est, il a redemarrer, il "suffisait" d'enlever la batterie.

voila le rapport hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:43:24, on 09/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [CcApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [avast!] C:\DOSSIE~1\Avast\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-983007700-914999074-1299440946-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-ES/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 7739 bytes

voila

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:00:47, on 09/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ecoogle.net/#
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://configuration.adsl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [CcApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [avast!] C:\DOSSIE~1\Avast\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-ES/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 9003 bytes

Re

Avast est bien trop lent à intégrer les nouvelles infections, pour plus d'informations :
Avast! VS antivir : Le test de Malekal_Morte :
http://forum.malekal.com/ftopic3528.php

En conséquence, je te conseille très vivement de le désinstaller pour Antivir, qui lui est très performant. Désinstalle-le avec ceci :
http://www.avast.com/fre/avast-uninstall-utility.html

Il en va de même pour Norton. Désinstalle le avec ceci (au passage, jamais 2 antivirus sur le même PC) : http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

Puis télécharge et installe Antivir :
http://www.clubic.com/telecharger-fiche10821-antivir-personal-edition-7.html
Son tuto :
http://www.libellules.ch/tuto_antivir.php
- Ensuite mets-le à jour et vérifie la date d'update.
- Redémarre en mode sans échec :
http://forum.telecharger.01net.com/telecharger/virus_et_assimiles/failles_de_securite/redemarrer_en_mode_sans_echec_pourquoi_et_comment-387297/messages-1.html
- Lance Antivir.
- Cliques sur l'onglet Scanner.
- Sélectionne Manual Selection
- Sélectionne le disque C
- Lance le scan et mets en quarantaine tout ce qu‘il trouve.
- Une fois le scan terminé Enregistre le rapport sur le bureau.
- Redémarre en mode normal et poste le rapport ici.

je crois que mon ordi se sent mieux.

voici le rapport antivir, bon j ai pas pu l update parce que le virus avait changer le 3 en 4 dans Ndisuio, enfin j'ai pas tout compris mais ca marche. donc j'update et si je trouve autre chose je renvoie un rapport.

AntiVir PersonalEdition Classic
Report file date: dimanche 9 mars 2008 21:48

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira antivir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: TOOBAB

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan Memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 9 mars 2008 21:48

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'mmc.exe' - '1' Module(s) have been scanned
Scan process 'mmc.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'realplay.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'CLMLService.exe' - '1' Module(s) have been scanned
Scan process 'HidService.exe' - '1' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
37 processes with 37 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '14' files ).

Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Dossiers d'instalation\EmoticonesAnimaux.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '48435776.qua'!
C:\Muestras\SROSA.SYS.Muestra EliBagle v11.11
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '482357db.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0177685.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48055e27.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP403\A0177687.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48055e34.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0177708.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48055e38.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0177722.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48055e3b.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0177836.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48055e44.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0177856.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48055e4a.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0177975.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48055e4f.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0178973.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48055e52.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP405\A0182073.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48055e6c.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP405\A0183504.exe
[DETECTION] Contains detection pattern of the worm WORM/RJUMP.D
[INFO] The file was moved to '48055e7e.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP406\A0183759.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '48055e89.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!

End of the scan: dimanche 9 mars 2008 23:13
Used time: 1:24:20 min

The scan has been done completely.

7342 Scanning directories
194771 Files were scanned
11 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
0 files were deleted
0 files were repaired
13 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
194760 Files not concerned
6963 Archives were scanned
3 Warnings
0 Notes

Bonjour

Je n'ai pas tout compris, tu as mis à jour antivir avant l'analyse ou pas ?

voici le resultat du premier scan sans mise a jour et en mode normal

AntiVir PersonalEdition Classic
Report file date: dimanche 9 mars 2008 21:48

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira antivir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: TOOBAB

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan Memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 9 mars 2008 21:48

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'mmc.exe' - '1' Module(s) have been scanned
Scan process 'mmc.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'realplay.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'CLMLService.exe' - '1' Module(s) have been scanned
Scan process 'HidService.exe' - '1' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
37 processes with 37 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '14' files ).

Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Dossiers d'instalation\EmoticonesAnimaux.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '48435776.qua'!
C:\Muestras\SROSA.SYS.Muestra EliBagle v11.11
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '482357db.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0177685.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48055e27.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP403\A0177687.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48055e34.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0177708.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48055e38.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0177722.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48055e3b.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0177836.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48055e44.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0177856.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48055e4a.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0177975.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48055e4f.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0178973.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48055e52.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP405\A0182073.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48055e6c.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP405\A0183504.exe
[DETECTION] Contains detection pattern of the worm WORM/RJUMP.D
[INFO] The file was moved to '48055e7e.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP406\A0183759.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '48055e89.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!

End of the scan: dimanche 9 mars 2008 23:13
Used time: 1:24:20 min

The scan has been done completely.

7342 Scanning directories
194771 Files were scanned
11 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
0 files were deleted
0 files were repaired
13 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
194760 Files not concerned
6963 Archives were scanned
3 Warnings
0 Notes

et ca c'est le resultat du deuxieme scan avec mise a jour et en mode sans echec. je crois qu'un probleme persiste

AntiVir PersonalEdition Classic
Report file date: lundi 10 mars 2008 01:56

Scanning for 1139141 virus strains and unwanted programs.

Licensed to: Avira antivir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: TOOBAB

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 22:21:49
ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 22:21:49
ANTIVIR3.VDF : 7.0.3.6 29184 Bytes 09/03/2008 22:21:49
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 09/03/2008 22:21:52
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 09/03/2008 22:21:52
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan Memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: lundi 10 mars 2008 01:56

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'realplay.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'CLMLService.exe' - '1' Module(s) have been scanned
Scan process 'HidService.exe' - '1' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
36 processes with 36 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '14' files ).

Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.11
[DETECTION] Is the Trojan horse TR/Agent.692224.3
[INFO] The file was moved to '48188ed6.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0178990.exe
[DETECTION] Is the Trojan horse TR/Agent.692224.3
[INFO] The file was moved to '480599f1.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0179988.exe
[DETECTION] Is the Trojan horse TR/Agent.692224.3
[INFO] The file was moved to '480599f9.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0179992.exe
[DETECTION] Is the Trojan horse TR/Agent.692224.3
[INFO] The file was moved to '480599ff.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0179995.exe
[DETECTION] Is the Trojan horse TR/Agent.692224.3
[INFO] The file was moved to '48059a00.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0180988.exe
[DETECTION] Is the Trojan horse TR/Agent.692224.3
[INFO] The file was moved to '48059a03.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0181000.exe
[DETECTION] Is the Trojan horse TR/Agent.692224.3
[INFO] The file was moved to '48059a06.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0181054.exe
[DETECTION] Is the Trojan horse TR/Agent.692224.3
[INFO] The file was moved to '48059a0d.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP405\A0182056.exe
[DETECTION] Is the Trojan horse TR/Agent.692224.3
[INFO] The file was moved to '48059a1d.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP405\A0182074.exe
[DETECTION] Is the Trojan horse TR/Agent.692224.3
[INFO]